Title :
Transparent Data Encryption for Data-in-Use and Data-at-Rest in a Cloud-Based Database-as-a-Service Solution
Author :
Sidorov, Vasily ; Wee Keong Ng
Author_Institution :
Sch. of Comput. Eng., Nanyang Technol. Univ., Singapore, Singapore
Abstract :
With high and growing supply of Database-as-a-Service solutions from cloud platform vendors, many enterprises still show moderate to low demand for them. Even though migration to a DaaS solution might result in a significantly reduced bill for IT maintenance, data security and privacy issues are among the reasons of low popularity of these services. Such a migration is also often only justified if it could be done seamlessly, with as few changes to the system as possible. Transparent Data Encryption could help, but solutions for TDE shipped with major database systems are limited to securing only data-at-rest, and appear to be useless if the machine could be physically accessed by the adversary, which is a probable risk when hosting in the cloud. This paper proposes a different approach to TDE, which takes into account cloud-specific risks, extends encryption to cover data-in-use and partly data-in-motion, and is capable of executing large subsets of SQL including heavy relational operations, complex operations over attributes, and transactions.
Keywords :
SQL; cloud computing; cryptography; data privacy; database management systems; DaaS solution; IT maintenance; SQL; TDE; attributes; cloud platform vendors; cloud-specific risks; complex operations; data security; data-at-rest; data-in-motion; data-in-use; database-as-a-service solution; privacy issues; relational operations; transactions; transparent data encryption; Data models; Databases; Encryption; Protocols; Transforms; data privacy; data security; query processing; relational databases;
Conference_Titel :
Services (SERVICES), 2015 IEEE World Congress on
Conference_Location :
New York City, NY
Print_ISBN :
978-1-4673-7274-9
DOI :
10.1109/SERVICES.2015.40
