TYPE-BASED DATABASE CONFIDENTIALITY USING TRUSTED COMPUTING

• Main Authors: Kaushik Raghav, Antonopoulos Panagiotis, Arasu Arvind, Szymaszek Jakub, Neerumalla Bala, Kossmann Donald Alan, Dubhashi Kedar, Eguro Kenneth Hiroshi, Hammer Joachim, Ramamurthy Ravi
• Format: Patent
• Language: English
• Published: 29.03.2018
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRIC DIGITAL DATA PROCESSING; ELECTRICITY; PHYSICS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

A "Database Confidentiality System" provides various techniques for using server-side trusted computing in combination with configurable type metadata and user- or system-definable rules associated with individual database fields to implement database confidentiality. In various implementations, type metadata and one or more rules are added to each database field. Metadata includes a domain, method of encryption, and a pointer to an encryption key used to encrypt the data in the corresponding field. The rules define one or more operations allowed on the corresponding data types. The type metadata and rules are optionally integrity protected and/or encrypted to avoid unauthorized changes or access. Various encryption techniques (e.g., probabilistic, Paillier, etc.) allow some computations to be performed in an untrusted environment without access to the encryption key. This enables the Database Confidentiality System maintain database confidentiality while performing distributed computation and communications between the untrusted machine and the trusted machine.