Summary: | Security, particularly data privacy, is one of the biggest barriers to the adoption of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator. Typical prior effort on addressing this security problem is either prohibitively slow or highly restrictive in operation. In this thesis, a novel cloud system architecture CypherDB, which makes use of a secure processor, is proposed to protect the confidentiality of outsourced database processing. To achieve this, a framework is developed to use these secure processors in the cloud for secure database processing. This framework allows distributed and parallel processing of the encrypted data and exhibits virtualization features in Cloud Computing. The CypherDB architecture also relies on two major components to protect the privacy of an outsourced database against any honest-but-curious administrator of high performance. Firstly, a novel database encryption scheme is developed to protect the outsourced database which can be executed under a CypherDB secure processor with high performance. Our proposed scheme makes use of custom instructions to hide the encryption latency from the program execution. This scheme is extensively validated through an integration with SQLite, a practical database application program. Secondly, a novel secure processor architecture is also developed to provide architectural support to our proposed database encryption scheme and efficient protection mechanism to secure all intermediate data generated on-the-fly during query execution. The efficiency, robustness and the cost of our novel processor architecture are validated and evaluated through extensive simulations and implementation on a FPGA platform. A fully-functional Field-Programmable Gate Array (FPGA) implementation of our CypherDB secure processor and simulation studies demonstrate that our proposed architecture is cost-effective and of high performance. Our experiment of running the TPC-H database benchmark on SQLite demonstrates 10 to 14 percent performance overhead on average. The security components in CypherDB consume about 21K Logic Elements and 54 Block RAMs on the FPGA. The modification of SQLite only consists of 208 lines of code (LOC).
|