Untrusted servers. SUNDR14 uses cryptography to provide
privacy and integrity in a file system on top of an untrusted
file server. Using a SUNDR-like model, SPORC5 shows how
to build low-latency applications, running mostly on the
clients, without having to trust a server. However, existing server-side applications that involve separate database and application servers cannot be used with SPORC
unless they are rewritten as distributed client-side applications. Many applications are not amenable to such a
Companies like Navajo Systems and Ciphercloud provide
a trusted application-level proxy that intercepts network
traffic between clients and cloud-hosted servers (e.g., IMAP),
and encrypts sensitive data stored on the server. In comparison, CryptDB supports a richer set of operations (most of
SQL) and provides better security.
Disk encryption. Various commercial database products,
such as Oracle’s Transparent Data Encryption, 16 encrypt
data on disk, but decrypt it to perform query processing. As
a result, the server must have access to decryption keys, and
an adversary compromising the DBMS software can gain
access to the entire data.
Software security. Many tools help programmers either
find or mitigate mistakes in their code that may lead to
vulnerabilities, including static analysis tools like UrFlow, 4
and runtime tools like Resin. 23 In contrast, CryptDB provides confidentiality guarantees for user data even if the
adversary gains complete control over the application and
database servers. These tools provide no guarantees in the
face of this threat, but in contrast, CryptDB cannot provide confidentiality in the face of vulnerabilities that trick
the user’s client machine into issuing unwanted requests
(such as cross-site scripting or cross-site request forgery
vulnerabilities in Web applications). As a result, using
CryptDB together with these tools should further improve
Query integrity. CryptDB does not ensure that the query results
from the server are correct, but most existing techniques for
SQL query integrity can be integrated into CryptDB because
CryptDB allows relational queries on encrypted data to be processed just like on plaintext.
We presented CryptDB, the first practical system that can
execute a wide range of SQL queries on encrypted data. Using
SQL-aware adjustable encryption with multiple onions,
CryptDB provides a strong level of confidentiality in the
face of two significant threats confronting database-backed
applications: compromises to the DBMS server by a passive
adversary, and arbitrary compromises to the application
server and the DBMS. CryptDB requires no changes to the
internals of the DBMS. Our evaluation shows that CryptDB
successfully handles a wide range of queries observed in
practice, with a modest performance overhead. CryptDB’s
Website (including papers and source code) is at http://css.
We thank everyone who helped with the original paper, 18
and Alon Halevy and the Communications staff for helping
improve this paper. This work was supported by the NSF (IIS-
1065219 and CNS-0716273) and by Google.
1. Boldyreva, a., Chenette, n., lee, y.,
o’neill, a. order-preserving
symmetric encryption. In
2. Boldyreva, a., Chenette, n., lee,
y., o'neill, a. order-preserving
encryption revisited: Improved
security analysis and alternative
solutions. In Advances in Cryptology
3. Chen, a. gCreep: google engineer
stalked teens, spied on chats.
Gawker (2010). http://gawker.
4. Chlipala, a. static checking of
policies in database-backed
applications. In Proceedings
of the 9th Symposium on
Operating Systems Design and
5. feldman, a.J., Zeller, W.p.,
freedman, M.J., felten, e. W.
sporC: group collaboration using
untrusted cloud resources. In
Proceedings of the 9th Symposium
on Operating Systems Design and
6. FIPS 197. advanced encryption
standard (aes). u.s. Department
of Commerce/n.I.s.t., national
technical Information service,
springfield, Va, 2011.
7. gentry, C. fully homomorphic
encryption using ideal lattices. In
Proceedings of the 41st Annual
ACM Symposium on Theory of
8. gentry, C., halevi, s., smart, n.p.
homomorphic evaluation of the aes
circuit. Cryptology eprint archive,
report 2012/099, 2012.
9. goldreich, o. foundations of
Cryptography: Volume I Basic tools,
Cambridge university press, 2001.
10. hac gümüş, h., Iyer, B., li, C.,
Mehrotra, s. executing sQl over
encrypted data in the database-service-provider model. In
Proceedings of ACM SIGMOD (2002).
11. halderman, J.a., schoen, s.D.,
heninger, n., Clarkson, W., paul, W.,
Calandrino, J.a., feldman, a.J.,
appelbaum, J., felten, e. W. lest
we remember: Cold boot attacks on
encryption keys. In Proceedings of
the 17th Usenix Security Symposium
12. halevi, s., rogaway, p. a tweakable
enciphering mode. In Advances
in Cryptology (CRYPTO)
13. homeland security news Wire. Data
breaches compromise nearly 8 million
medical records, 2011.
14. li, J., Krohn, M., Mazières, D.,
shasha, D. secure untrusted
data repository (sunDr). In
Proceedings of the 6th Symposium
on Operating Systems Design and
15. nIst. national Vulnerability
16. oracle Corporation. oracle advanced
17. paillier, p. public-key cryptosystems
based on composite degree
residuosity classes. In EUROCRYPT
18. popa, r.a., redfield, C.M.s.,
Zeldovich, n., Balakrishnan, h.
CryptDB: protecting confidentiality
with encrypted query processing.
In Proceedings of the 23rd ACM
Symposium on Operating Systems
19. popa, r.a., Zeldovich, n.
Cryptographic treatment of
CryptDB’s adjustable join.
technical report MIt-CsaIl-
tr-2012-006, MIt Computer
science and artificial Intelligence
20. Quinn, B., arthur, C. playstation
network hackers access data of
77 million users. the guardian, 2011.
21. shi, e., Bethencourt, J., Chan, h.,
song, D., perrig, a. Multi-dimensional
range query over encrypted
data. In Proceedings of the IEEE
Symposium on Security and Privacy
22. song, D. X., Wagner, D., perrig, a.
practical techniques for searches on
encrypted data. In Proceedings of the
21st IEEE Symposium on Security
and Privacy (2000).
23. yip, a., Wang, X., Zeldovich, n.,
Kaashoek, M.f. Improving
application security with data
flow assertions. In Proceedings
of the 22nd ACM Symposium
on Operating Systems
Raluca Ada Popa, Catherine M.S.
Redfield, nickolai Zeldovich, and
hari Balakrishnan, Computer science
and artificial Intelligence lab, M. I.t.,
© 2012 aCM 0001-0782/12/09 $15.00