oblidb oblivious query processing for secure databases
play

ObliDB: Oblivious Query Processing for Secure Databases Saba - PowerPoint PPT Presentation

Apr 04, 2023 •114 likes •438 views

ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford University Stanford University Private Data in the Cloud Compromised cloud can: Read data Read queries Alter data Hardware Enclaves A trusted

  1. ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford University Stanford University

  2. Private Data in the Cloud Compromised cloud can: Read data Read queries Alter data

  3. Hardware Enclaves A trusted component in untrusted hardware ● Isolation through protected memory ● Authenticity through attestation Currently available through Azure and IBM cloud, among others Untrusted System Secure Channel Enclave -Data Malicious OS with Attestation/Communication -Secrets Client physical access to device still can’t see inside enclave

  4. Enclaves in the Cloud Enclave memory is limited, but data is big! Enclave

  5. Enclaves in the Cloud Enclave

  6. Enclaves in the Cloud Malicious attacker can observe access patterns to encrypted data! Enclave

  7. Enclaves in the Cloud Malicious attacker can observe access patterns to encrypted data! Enclave

  8. Enclaves in the Cloud Malicious attacker can observe access patterns to encrypted data! Enclave

  9. Enclaves in the Cloud Malicious attacker can observe access patterns to encrypted data! “A persistent passive attacker can Enclave extract even more information by observing an application’s access patterns … In our case study applications, this reveals users’ medical conditions, genomes, and contents of shopping carts”

  10. Naive SELECT is not oblivious! Input Table Output Table * * * * *

  11. Naive SELECT is not oblivious! Input Table Output Table * * * * *

  12. Naive SELECT is not oblivious! Input Table Output Table * * * * * *

  13. Naive SELECT is not oblivious! Input Table Output Table * * * * * *

  14. Naive SELECT is not oblivious! Input Table Output Table * * * * * *

  15. Naive SELECT is not oblivious! Input Table Output Table * * * * * * *

  16. Naive SELECT is not oblivious! Input Table Output Table * * * * * * * * * *

  17. Naive SELECT is not oblivious! Input Table Output Table * * * * * * * * * * Watching when we write to the output table reveals exactly which rows of the input table we select!

  18. Toward Obliviousness Prior work solves pieces of the obliviousness problem very well

  19. Toward Obliviousness Prior work solves pieces of the obliviousness problem very well Opaque provides obliviousness for analytic queries that scan entire tables, but no support for indexes

  20. Toward Obliviousness Prior work solves pieces of the obliviousness problem very well Opaque provides obliviousness for analytic queries that scan entire tables, but no support for indexes Oblix provides an oblivious index, but using an oblivious index to process a query obliviously is still non-trivial

  21. Toward Obliviousness Prior work solves pieces of the obliviousness problem very well Opaque provides obliviousness for analytic queries that scan entire tables, but no support for indexes Oblix provides an oblivious index, but using an oblivious index to process a query obliviously is still non-trivial This work: ObliDB, first system to provide obliviousness for general database read workloads over multiple access methods

  22. ObliDB Overview ● Tables stored encrypted in unprotected memory, enclave only holds metadata ● Two oblivious storage methods: flat tables and oblivious indexes ● Supports most SQL operations ● Various algorithms for each operation - can pick best option at runtime Server Enclave Metadata Oblivious Operators Untrusted RAM or Disk Optimizer Table 1 Table 2 Table 3 Indexed Flat Both Integrity Secure Channel ... Checks Client Protected Memory

  23. Security Guarantees ObliDB protects data and query parameters against an attacker with full control of the OS and VMM ● Detects any malicious attempt to tamper with data ● Leaks only query selectivity, table sizes (including intermediate tables), and query plan ● Optional padding mode available to hide table sizes and query selectivity ● Assumption: limited oblivious memory pool

  24. Oblivious Operators ● Selection ○ Small ○ Large ○ Continuous ○ Hash ● Grouping and Aggregation ● Joins ○ Oblivious hash join ○ Oblivious sort-merge join (from Opaque) ○ Zero oblivious memory sort-merge join

  25. Oblivious Operators ● Selection ○ Small ○ Large Oblivious optimizer ○ Continuous chooses best algorithm for ○ Hash each query at runtime ● Grouping and Aggregation ● Joins ○ Oblivious hash join ○ Oblivious sort-merge join (from Opaque) ○ Zero oblivious memory sort-merge join

  26. Oblivious Operators ● Selection ○ Small ○ Large Oblivious optimizer ○ Continuous chooses best algorithm for ○ Hash each query at runtime ● Grouping and Aggregation ● Joins ○ Oblivious hash join ○ Oblivious sort-merge join (from Opaque) ○ Zero oblivious memory sort-merge join

  27. Oblivious SELECT “Large” SELECT Algorithm: use when almost the whole table is selected Input Table Output Table * * Extra * * * * * * * * * * Extra Copy * * * *

  28. Oblivious SELECT “Large” SELECT Algorithm: use when almost the whole table is selected Input Table Output Table * Delete * X * * * * * Dummy write * * * * * X Copy * * * *

  29. Oblivious SELECT “Continuous” SELECT algorithm: use when a continuous range of rows is selected Dummy Input Table write Output Table * Real * write * * * * * *

  30. Oblivious SELECT “Continuous” SELECT algorithm: use when a continuous range of rows is selected Dummy Input Table write Output Table Real write * * * * * * * * * *

  31. ObliDB Performance highlights: - 1.1-19x faster than Opaque (on Big Data Benchmark queries) - Within 2.6x of Spark SQL (on Big Data Benchmark queries) See paper for system details, more oblivious operators, and full evaluation Paper: http://www.vldb.org/pvldb/vol13/p169-eskandarian.pdf Source Code: https://github.com/SabaEskandarian/ObliDB Questions/Contact: saba@cs.stanford.edu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H. Hubert Chan, Jonathan Katz, Ka Kartik Nay ayak, Antigoni Polychroniadou, Elaine Shi Defini De ning ng an n Obl Oblivious us RAM Example request

812 views • 33 slides
SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric

SecureDB A Secure Query Processing System in the Cloud Group Member: Haibin LIN, Eric Supervisor: Prof Benjamin Kao Department of Computer Science, University of Hong Kong Overview 1. The Problem 2. Related Work 3. Theoretical Background 4.

763 views • 47 slides
Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query Processing 3.3 Index Access Scheduling 3.4 Index Organization and Advanced Query Types 3-1 IRDM WS 2005 3.1 Top-k Query Processing with Scoring

592 views • 36 slides
Searching Sequence databases 1: Searching Sequence databases 1: Blast Blast Query: Query:

Searching Sequence databases 1: Searching Sequence databases 1: Blast Blast Query: Query:

Searching Sequence databases 1: Searching Sequence databases 1: Blast Blast Query: Query: >gi|26339572|dbj|BAC33457.1| unnamed protein product [Mus musculus] MSSTKLEDSLSRRNWSSASELNETQEPFLNPTDYDDEEFLRYLWREYLHPKEYEWVLIAGYIIVFVV

278 views • 8 slides
Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query Indexi xing Ranki king Applica cation Results Documents User Information Query y Query analys ysis proce cess ssing Multimedia

740 views • 32 slides
Query Processing over Incomplete Autonomous Databases

Query Processing over Incomplete Autonomous Databases

Query Processing over Incomplete Autonomous Databases

918 views • 52 slides
Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning alternatiivid) Sven Laur swen@math.ut.ee Helsinki University of Technology Basic motivation Secure storage problem Client Alice does not have skills for

428 views • 16 slides
1 Recap: Taking Differences Distribution of Integer Values 0.1 idea: use efficient coding

1 Recap: Taking Differences Distribution of Integer Values 0.1 idea: use efficient coding

Recap: Search Engine Query Processing Recap: Search Engine Query Processing Parallel query processing: divide docs between Basically, to process a query we need to traverse the many machines, broadcast results to all inverted lists of the

434 views • 6 slides
Online Query Processing Exposure to online query processing algorithms and fundamentals A

Online Query Processing Exposure to online query processing algorithms and fundamentals A

Goals for Today Online Query Processing Exposure to online query processing algorithms and fundamentals A Tutorial Usage examples Basic sampling techniques and estimators Preferential data delivery Peter J. Haas Online

353 views • 10 slides
CS4224/CS5424 Lecture 9 Distributed Query Processing Query Processing Translates query into a

CS4224/CS5424 Lecture 9 Distributed Query Processing Query Processing Translates query into a

CS4224/CS5424 Lecture 9 Distributed Query Processing Query Processing Translates query into a query plan that minimizes some cost function Minimize total cost CPU cost, I/O cost, & communication cost Minimize response time

841 views • 52 slides
On optimal threshold defender structures of resharing-based oblivious shuffle protocols for

On optimal threshold defender structures of resharing-based oblivious shuffle protocols for

On optimal threshold defender structures of resharing-based oblivious shuffle protocols for secret-shared secure multi-party computations Jan Willemson Cybernetica Trve Theory Days October 7th-9th, 2011 Secret Shared Databases If we

710 views • 16 slides
SECURE QUERY PROCESSING in CLOUD NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu University of

SECURE QUERY PROCESSING in CLOUD NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu University of

SECURE QUERY PROCESSING in CLOUD NoSQL Mohammad Ahmadian ahmadian@knights.ucf.edu University of Central Florida April 9, 2017 Mohammad Ahmadian (UCF) Secure NoSQL April 9, 2017 1 / 42 Goal Research goal is to find an answer to: Is it

725 views • 60 slides
1 Language processing Query Graph Model Two stages: compilation and Vertices execution

1 Language processing Query Graph Model Two stages: compilation and Vertices execution

Outline Extensible Query Processing in Motivation Starburst Solution: Extensible DBMS Language Processing Query Graph Model Presentation: Kati Query rewrite Discussion: Andrew Summary Motivation Starburst Project

281 views • 3 slides
Databases and SQL Databases for data storage and access The Structured Query Language Aaron

Databases and SQL Databases for data storage and access The Structured Query Language Aaron

3/4/13 CS108 Lecture 18: Databases and SQL Databases for data storage and access The Structured Query Language Aaron Stevens 4 March 2013 Computer Science What Youll Learn Today Computer Science How does Facebook generate unique pages

421 views • 17 slides
Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim) Generic OT 1 / 20 Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim)

852 views • 45 slides
SQL Structured Query Language (SQL) CS 235: The language of databases Based on

SQL Structured Query Language (SQL) CS 235: The language of databases Based on

SQL Structured Query Language (SQL) CS 235: The language of databases Based on relational algebra Introduction to Databases extended algebra operations other extensions. Svetlozar Nestorov Lecture Notes #9 SQL Queries

316 views • 4 slides
Inference A)acks on Property- Preserving Encrypted Databases Charles

Inference A)acks on Property- Preserving Encrypted Databases Charles

Inference A)acks on Property- Preserving Encrypted Databases Charles V. Wright Portland State University @hackermath Joint work with Muhammad Naveed

1.24k views • 47 slides
Hardware Description Languages (HDLs) Introduction Two main hardware description languages

Hardware Description Languages (HDLs) Introduction Two main hardware description languages

Robert Betz: 97 Department of Electrical and Computer Engineering Hardware Description Languages (HDLs) Introduction Two main hardware description languages will be treated in this course: Altera Hardware Description Language (AHDL), and

1.38k views • 112 slides
Natural Logic: Visions, Results, Plans Larry Moss A presentation to Thomas Icards NASSLLI

Natural Logic: Visions, Results, Plans Larry Moss A presentation to Thomas Icards NASSLLI

Natural Logic: Visions, Results, Plans Larry Moss A presentation to Thomas Icards NASSLLI Course June 20, 2012 1/44 Doing logic in 2012 means living in two worlds My talk today will be an exploration of this tension. At times I will be

994 views • 58 slides
Overview Topics Sequential and binary search Recursion CSE 143 Java Searching and

Overview Topics Sequential and binary search Recursion CSE 143 Java Searching and

Overview Topics Sequential and binary search Recursion CSE 143 Java Searching and Recursion Reading: Ch. 14 & Secs. 19.1-19.2 11/18/2004 (c) 2001-4, University of Washington 18-1 11/18/2004 (c) 2001-4, University of

333 views • 4 slides
Chan Carusone, Cobb, Cooper, Guta, Kandel, Stewart, Strike Experience of PHAs who use

Chan Carusone, Cobb, Cooper, Guta, Kandel, Stewart, Strike Experience of PHAs who use

Chan Carusone, Cobb, Cooper, Guta, Kandel, Stewart, Strike Experience of PHAs who use substances in hospital (Carol, Soo, Adrian) o Background problem issue and basic stats o Present data from two studies o Overview of AIMED

356 views • 21 slides
I n d u s t r y e x p e r i e n c e a n d p o s i t i o n t o T i O 2 c l a s s i f i c a t i o

I n d u s t r y e x p e r i e n c e a n d p o s i t i o n t o T i O 2 c l a s s i f i c a t i o

Titanium Dioxide Manufacturers Association I n d u s t r y e x p e r i e n c e a n d p o s i t i o n t o T i O 2 c l a s s i f i c a t i o n e f f o r t s TDMA is a sector group of C o n t e n t s Introductions - TDMA members and European

345 views • 20 slides
Statistically Based Model Comparison Techniques H. T. Banks Center for Research in Scientific

Statistically Based Model Comparison Techniques H. T. Banks Center for Research in Scientific

Statistically Based Model Comparison Techniques H. T. Banks Center for Research in Scientific Computation (CRSC) Center for Quantitative Sciences in Biomedicine (CQSB) North Carolina State University Raleigh, NC 27695 C enter for Q uantitative

685 views • 30 slides
Lecture 7: Sequence Labeling Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Recap:

Lecture 7: Sequence Labeling Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Recap:

CS447: Natural Language Processing http://courses.engr.illinois.edu/cs447 Lecture 7: Sequence Labeling Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Recap: Statistical POS tagging with HMMs CS447: Natural Language Processing

426 views • 40 slides

More recommend