Note: EnclaveDB: A Secure Database using SGX

EnclaveDB uses SGX security properties to secure database operations.

Why

• The cloud database is continuously attacked by malicious entities, resulting in frequent data leakage.
• Semantic security encryption provides protection for data in static and transit, but the program can still decrypt ciphertext in memory during database query.
• Attribute retention encryption allows query processing of encrypted data, but query capabilities are limited and information leakage is prone to occur.

How

• In-memory database with enclaves to provide strong security properties.
• combination of encryption -> confidentiality
• native compilation -> integrity
• scalable protocol -> checking integrity and freshness
• Small TCB (trusted computing base) - Over 100X smaller than a conventional database server.

What

SGX-based secure cloud database ensures security while dramatically reducing system overhead

Some Details

• Compare the key differences between EnclaveDB and traditional SQL database to propose four optimizations
• Experiment with CPU usage, memory and disk throughput under four conditions (the operating conditions are gradually approaching the actual use of EnclaveDB).
  • BASE: Hekaton running outside the enclave
  • CRYPT: EnclaveDB running in simulated enclave mode
  • CRYPT-CALL: adds context switching costs to CRYPT
  • CRYPT-CALL-MEM: increases the cost of memory encryption to CRYPT-CALL.