A novel architecture for secure database processing in cloud computing

Security, particularly data privacy, is one of the biggest barriers to the adoption of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator....

Full description

Bibliographic Details
Main Author: Chen, Hung-Kwan
Other Authors: Cheung, Paul ; Cheung, Peter
Published: Imperial College London 2016
Subjects:
Online Access:http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.702807
id ndltd-bl.uk-oai-ethos.bl.uk-702807
record_format oai_dc
spelling ndltd-bl.uk-oai-ethos.bl.uk-7028072018-06-12T03:38:37ZA novel architecture for secure database processing in cloud computingChen, Hung-KwanCheung, Paul ; Cheung, Peter2016Security, particularly data privacy, is one of the biggest barriers to the adoption of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator. Typical prior effort on addressing this security problem is either prohibitively slow or highly restrictive in operation. In this thesis, a novel cloud system architecture CypherDB, which makes use of a secure processor, is proposed to protect the confidentiality of outsourced database processing. To achieve this, a framework is developed to use these secure processors in the cloud for secure database processing. This framework allows distributed and parallel processing of the encrypted data and exhibits virtualization features in Cloud Computing. The CypherDB architecture also relies on two major components to protect the privacy of an outsourced database against any honest-but-curious administrator of high performance. Firstly, a novel database encryption scheme is developed to protect the outsourced database which can be executed under a CypherDB secure processor with high performance. Our proposed scheme makes use of custom instructions to hide the encryption latency from the program execution. This scheme is extensively validated through an integration with SQLite, a practical database application program. Secondly, a novel secure processor architecture is also developed to provide architectural support to our proposed database encryption scheme and efficient protection mechanism to secure all intermediate data generated on-the-fly during query execution. The efficiency, robustness and the cost of our novel processor architecture are validated and evaluated through extensive simulations and implementation on a FPGA platform. A fully-functional Field-Programmable Gate Array (FPGA) implementation of our CypherDB secure processor and simulation studies demonstrate that our proposed architecture is cost-effective and of high performance. Our experiment of running the TPC-H database benchmark on SQLite demonstrates 10 to 14 percent performance overhead on average. The security components in CypherDB consume about 21K Logic Elements and 54 Block RAMs on the FPGA. The modification of SQLite only consists of 208 lines of code (LOC).004.67Imperial College Londonhttp://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.702807http://hdl.handle.net/10044/1/43797Electronic Thesis or Dissertation
collection NDLTD
sources NDLTD
topic 004.67
spellingShingle 004.67
Chen, Hung-Kwan
A novel architecture for secure database processing in cloud computing
description Security, particularly data privacy, is one of the biggest barriers to the adoption of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator. Typical prior effort on addressing this security problem is either prohibitively slow or highly restrictive in operation. In this thesis, a novel cloud system architecture CypherDB, which makes use of a secure processor, is proposed to protect the confidentiality of outsourced database processing. To achieve this, a framework is developed to use these secure processors in the cloud for secure database processing. This framework allows distributed and parallel processing of the encrypted data and exhibits virtualization features in Cloud Computing. The CypherDB architecture also relies on two major components to protect the privacy of an outsourced database against any honest-but-curious administrator of high performance. Firstly, a novel database encryption scheme is developed to protect the outsourced database which can be executed under a CypherDB secure processor with high performance. Our proposed scheme makes use of custom instructions to hide the encryption latency from the program execution. This scheme is extensively validated through an integration with SQLite, a practical database application program. Secondly, a novel secure processor architecture is also developed to provide architectural support to our proposed database encryption scheme and efficient protection mechanism to secure all intermediate data generated on-the-fly during query execution. The efficiency, robustness and the cost of our novel processor architecture are validated and evaluated through extensive simulations and implementation on a FPGA platform. A fully-functional Field-Programmable Gate Array (FPGA) implementation of our CypherDB secure processor and simulation studies demonstrate that our proposed architecture is cost-effective and of high performance. Our experiment of running the TPC-H database benchmark on SQLite demonstrates 10 to 14 percent performance overhead on average. The security components in CypherDB consume about 21K Logic Elements and 54 Block RAMs on the FPGA. The modification of SQLite only consists of 208 lines of code (LOC).
author2 Cheung, Paul ; Cheung, Peter
author_facet Cheung, Paul ; Cheung, Peter
Chen, Hung-Kwan
author Chen, Hung-Kwan
author_sort Chen, Hung-Kwan
title A novel architecture for secure database processing in cloud computing
title_short A novel architecture for secure database processing in cloud computing
title_full A novel architecture for secure database processing in cloud computing
title_fullStr A novel architecture for secure database processing in cloud computing
title_full_unstemmed A novel architecture for secure database processing in cloud computing
title_sort novel architecture for secure database processing in cloud computing
publisher Imperial College London
publishDate 2016
url http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.702807
work_keys_str_mv AT chenhungkwan anovelarchitectureforsecuredatabaseprocessingincloudcomputing
AT chenhungkwan novelarchitectureforsecuredatabaseprocessingincloudcomputing
_version_ 1718694252434685952