Processing analytical queries over encrypted data
Stephen Tu,M. Frans Kaashoek,Samuel Madden,Nickolai Zeldovich +3 more
- Vol. 6, Iss: 5, pp 289-300
Reads0
Chats0
TLDR
MONOMI introduces split client/server query execution, which can execute arbitrarily complex queries over encrypted data, as well as several techniques that improve performance for such workloads, including per-row precomputation, space-efficient encryption, grouped homomorphic addition, and pre-filtering.Abstract:
MONOMI is a system for securely executing analytical workloads over sensitive data on an untrusted database server. MONOMI works by encrypting the entire database and running queries over the encrypted data. MONOMI introduces split client/server query execution, which can execute arbitrarily complex queries over encrypted data, as well as several techniques that improve performance for such workloads, including per-row precomputation, space-efficient encryption, grouped homomorphic addition, and pre-filtering. Since these optimizations are good for some queries but not others, MONOMI introduces a designer for choosing an efficient physical design at the server for a given workload, and a planner to choose an efficient execution plan for a given query at runtime. A prototype of MONOMI running on top of Postgres can execute most of the queries from the TPC-H benchmark with a median overhead of only 1.24× (ranging from 1.03×to 2.33×) compared to an un-encrypted Postgres database where a compromised server would reveal all data.read more
Citations
More filters
Proceedings ArticleDOI
VC3: Trustworthy Data Analytics in the Cloud Using SGX
Felix Schuster,Manuel Costa,Cédric Fournet,Christos Gkantsidis,Marcus Peinado,Gloria Mainar-Ruiz,Mark Russinovich +6 more
TL;DR: VC3 is the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results.
Proceedings Article
Oblivious multi-party machine learning on trusted processors
Olga Ohrimenko,Felix Schuster,Cédric Fournet,Aastha Mehta,Sebastian Nowozin,Kapil Vaswani,Manuel Costa +6 more
TL;DR: This work proposes data-oblivious machine learning algorithms for support vector machines, matrix factorization, neural networks, decision trees, and k-means clustering and shows that their efficient implementation based on Intel Skylake processors scales up to large, realistic datasets, with overheads several orders of magnitude lower than with previous approaches.
Proceedings Article
Opaque: an oblivious and encrypted distributed analytics platform
TL;DR: The proposed Opaque introduces new distributed oblivious relational operators that hide access patterns, and new query planning techniques to optimize these new operators to improve performance.
Proceedings ArticleDOI
EnclaveDB: A Secure Database Using SGX
TL;DR: EnclaveDB is a database engine that guarantees confidentiality, integrity, and freshness for data and queries even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, and when thedatabase runs in an untrusted host in the cloud.
Proceedings Article
Glamdring: automatic application partitioning for intel SGX
Joshua Lind,Christian Priebe,Divya Muthukumaran,Dan O'Keeffe,Pierre-Louis Aublin,Florian Kelbert,Tobias Reiher,David Goltzsche,David Eyers,Rüdiger Kapitza,Christof Fetzer,Peter Pietzuch +11 more
TL;DR: Glamdring is described, the first source-level partitioning framework that secures applications written in C using Intel SGX, and achieves small TCB sizes and has acceptable performance overheads.
References
More filters
Book ChapterDOI
Public-key cryptosystems based on composite degree residuosity classes
TL;DR: A new trapdoor mechanism is proposed and three encryption schemes are derived : a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA, which are provably secure under appropriate assumptions in the standard model.
Proceedings ArticleDOI
Fully homomorphic encryption using ideal lattices
TL;DR: This work proposes a fully homomorphic encryption scheme that allows one to evaluate circuits over encrypted data without being able to decrypt, and describes a public key encryption scheme using ideal lattices that is almost bootstrappable.
Proceedings ArticleDOI
Practical techniques for searches on encrypted data
TL;DR: This work describes the cryptographic schemes for the problem of searching on encrypted data and provides proofs of security for the resulting crypto systems, and presents simple, fast, and practical algorithms that are practical to use today.
Proceedings ArticleDOI
Executing SQL over encrypted data in the database-service-provider model
TL;DR: The paper explores an algebraic framework to split the query to minimize the computation at the client site, and explores techniques to execute SQL queries over encrypted data.
Proceedings ArticleDOI
CryptDB: protecting confidentiality with encrypted query processing
TL;DR: The evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL.