Outsourcing data-processing to external data centres such as cloud infrastructures has become ubiquitous due to its benefits to both, customers and providers. However, using external compute resources requires customers to fully trust the provided software and hardware stack as well as the administrative staff. This forms an inhibitor when sensitive data should be externally processed, and as a consequence, initial solutions for encrypted data processing have been proposed. However, all of them suffer from individual shortcomings such as limited security, restricted expressiveness or performance penalties.
Specifically software-based encryption in database management systems (DBMSs) has been investigated, however, high performance query processing and secure data management in the context of novel technologies for trusted execution opens new perspectives. Hence, our project targets the combination of scalable data management with recent hardware security technologies, in particular Intel Software Guard Extensions (SGX). SGX enhances the instruction set of the CPU and allows the creation of so called ‘enclaves’ that support computation on transparently encrypted main memory at native performance. However, existing DBMS architectures are unaware of such security concepts, and their designs miss the necessary flexibility to introduce trusted computing on a fine-grained level. Thus, we propose a tailorable architecture to address the contradicting demands of general-purpose high performance data management and secure data processing.
In order to implement a secure, flexible and scalable DBMS architecture, we