TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality
Traditionally, as soon as confidentiality becomes a concern, data are encrypted before outsourcing to a service provider. Any software-based cryptographic constructs then deployed, for server-side query processing on the encrypted data, inherently limit query expressiveness. Here, we introduce Trust...
Uložené v:
| Vydané v: | IEEE transactions on knowledge and data engineering Ročník 26; číslo 3; s. 752 - 765 |
|---|---|
| Hlavní autori: | , |
| Médium: | Journal Article |
| Jazyk: | English |
| Vydavateľské údaje: |
New York
IEEE
01.03.2014
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Predmet: | |
| ISSN: | 1041-4347, 1558-2191 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Traditionally, as soon as confidentiality becomes a concern, data are encrypted before outsourcing to a service provider. Any software-based cryptographic constructs then deployed, for server-side query processing on the encrypted data, inherently limit query expressiveness. Here, we introduce TrustedDB, an outsourced database prototype that allows clients to execute SQL queries with privacy and under regulatory compliance constraints by leveraging server-hosted, tamper-proof trusted hardware in critical query processing stages, thereby removing any limitations on the type of supported queries. Despite the cost overhead and performance limitations of trusted hardware, we show that the costs per query are orders of magnitude lower than any (existing or) potential future software-only mechanisms. TrustedDB is built and runs on actual hardware, and its performance and costs are evaluated here. |
|---|---|
| AbstractList | Traditionally, as soon as confidentiality becomes a concern, data are encrypted before outsourcing to a service provider. Any software-based cryptographic constructs then deployed, for server-side query processing on the encrypted data, inherently limit query expressiveness. Here, we introduce TrustedDB, an outsourced database prototype that allows clients to execute SQL queries with privacy and under regulatory compliance constraints by leveraging server-hosted, tamper-proof trusted hardware in critical query processing stages, thereby removing any limitations on the type of supported queries. Despite the cost overhead and performance limitations of trusted hardware, we show that the costs per query are orders of magnitude lower than any (existing or) potential future software-only mechanisms. TrustedDB is built and runs on actual hardware, and its performance and costs are evaluated here. Traditionally, as soon as confidentiality becomes a concern, data are encrypted before outsourcing to a service provider. Any software-based cryptographic constructs then deployed, for server-side query processing on the encrypted data, inherently limit query expressiveness. Here, we introduce TrustedDB, an outsourced database prototype that allows clients to execute SQL queries with privacy and under regulatory compliance constraints by leveraging server-hosted, tamper-proof trusted hardware in critical query processing stages, thereby removing any limitations on the type of supported queries. Despite the cost overhead and performance limitations of trusted hardware, we show that the costs per query are orders of magnitude lower than any (existing or) potential future software-only mechanisms. TrustedDB is built and runs on actual hardware, and its performance and costs are evaluated here. [PUBLICATION ABSTRACT] |
| Author | Bajaj, Sumeet Sion, Radu |
| Author_xml | – sequence: 1 givenname: Sumeet surname: Bajaj fullname: Bajaj, Sumeet email: sbajaj@cs.stonybrook.edu organization: Comput. Sci. Dept., Stony Brook Univ., Stony Brook, NY, USA – sequence: 2 givenname: Radu surname: Sion fullname: Sion, Radu email: sion@cs.stonybrook.edu organization: Comput. Sci. Dept., Stony Brook Univ., Stony Brook, NY, USA |
| BookMark | eNp1UM9LwzAYDTLBbXrz5qXg1c58SbMm3vZLJw4U6T0kTYoZs51J5th_b0eHB8HT9x7vxwdvgHp1U1uErgGPALC4L17mixHBQEeUn6E-MMZTAgJ6LcYZpBnN8gs0CGGNMeY5hz56L_wuRGvm04dkkpxIslTe7JW36VSFls5VVLpFyd7Fj-TNu29VHhJVd0oya-rKGVtHpzYuHi7ReaU2wV6d7hAVj4titkxXr0_Ps8kqLQmnMWUCK0uY1QKMEZBRIgzm41yDznSrMW14ZbAmTFHFwepxLhQvS1zlnJaYDtFtV7v1zdfOhijXzc7X7UcJDDMAkRFoXXedq_RNCN5Wcuvdp_IHCVgeR5PH0eRxNEl5ayd_7KWLKrqmjl65zX-hmy7krLW__eNszDEV9AdeZXlo |
| CODEN | ITKEEH |
| CitedBy_id | crossref_primary_10_1145_3360593 crossref_primary_10_1016_j_is_2020_101681 crossref_primary_10_1365_s40702_016_0227_8 crossref_primary_10_1038_s41746_025_01935_1 crossref_primary_10_1109_TC_2019_2963303 crossref_primary_10_15803_ijnc_14_2_206 crossref_primary_10_1016_j_asoc_2016_08_039 crossref_primary_10_1016_j_future_2018_05_062 crossref_primary_10_1109_TMC_2020_2992737 crossref_primary_10_1007_s13198_022_01741_y crossref_primary_10_1109_TPDS_2020_3024880 crossref_primary_10_1109_TDSC_2024_3424455 crossref_primary_10_1109_TKDE_2023_3310038 crossref_primary_10_1016_j_ijinfomgt_2016_11_005 crossref_primary_10_1016_j_is_2018_09_002 crossref_primary_10_3233_JCS_210145 crossref_primary_10_1007_s12652_020_02733_1 crossref_primary_10_1016_j_ins_2016_02_018 crossref_primary_10_1016_j_jpdc_2018_07_014 crossref_primary_10_1109_TKDE_2019_2929794 crossref_primary_10_1109_ACCESS_2020_2978297 crossref_primary_10_1109_TDSC_2023_3241164 crossref_primary_10_1109_TIFS_2025_3594582 crossref_primary_10_1109_MC_2016_59 crossref_primary_10_1109_TIFS_2015_2483486 crossref_primary_10_1109_TCC_2024_3408905 crossref_primary_10_1109_TIFS_2016_2622000 crossref_primary_10_1007_s12083_020_00981_8 crossref_primary_10_1109_TKDE_2021_3060757 crossref_primary_10_3233_JCS_171103 crossref_primary_10_1145_3597021 crossref_primary_10_3390_s16020215 crossref_primary_10_1016_j_jisa_2020_102579 crossref_primary_10_1109_TDSC_2020_3032961 crossref_primary_10_1371_journal_pone_0256367 crossref_primary_10_1145_3397521 crossref_primary_10_1145_3589774 crossref_primary_10_3389_fbioe_2019_00106 crossref_primary_10_1155_2019_1368905 crossref_primary_10_1007_s11280_017_0491_8 crossref_primary_10_1177_17483026211065379 crossref_primary_10_1007_s00145_018_9301_4 crossref_primary_10_1109_MCOM_2018_1700873 crossref_primary_10_1109_ACCESS_2020_2994598 |
| Cites_doi | 10.1145/1140402.1140404 10.1007/978-3-642-23556-6_4 10.14778/1920841.1920849 10.1145/948109.948124 10.1145/1951365.1951367 10.1007/978-3-642-13190-5_2 10.1145/1007568.1007609 10.1145/2038916.2038945 10.1007/3-540-49162-7_17 10.1007/3-540-48910-X_16 10.1145/1247480.1247555 10.1145/507338.507354 10.1145/1989323.1989346 10.1109/ICDE.2007.367913 10.1016/B978-012088469-8.50064-4 10.1145/2043556.2043566 10.1147/sj.403.0683 10.1145/1805974.1805978 10.14778/1920841.1920855 10.1007/978-3-642-14623-7_25 10.1007/11818175_36 10.1007/11535706_24 10.1109/ICDE.2006.144 10.1109/MSP.2005.49 10.1145/564716.564717 10.1017/CBO9780511546891 10.1007/11805588_7 10.1007/978-3-540-24571-1_10 10.1145/2038916.2038928 10.1109/IWIA.2005.28 10.1145/1971690.1971698 10.1016/B978-155860869-6/50020-2 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Mar 2014 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Mar 2014 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| DOI | 10.1109/TKDE.2013.38 |
| DatabaseName | IEEE Xplore (IEEE) IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Technology Research Database |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISSN | 1558-2191 |
| EndPage | 765 |
| ExternalDocumentID | 3240828791 10_1109_TKDE_2013_38 6468039 |
| Genre | orig-research |
| GroupedDBID | -~X .DC 0R~ 1OL 29I 4.4 5GY 5VS 6IK 97E 9M8 AAJGR AARMG AASAJ AAWTH ABAZT ABFSI ABQJQ ABVLG ACGFO ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AI. AIBXA AKJIK AKQYR ALLEH ALMA_UNASSIGNED_HOLDINGS ASUFR ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 E.L EBS EJD F5P HZ~ H~9 ICLAB IEDLZ IFIPE IFJZH IPLJI JAVBF LAI M43 MS~ O9- OCL P2P PQQKQ RIA RIE RNI RNS RXW RZB TAE TAF TN5 UHB VH1 AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c283t-590ae25eb91dd914329d0867b1b4b90a5bd8fd0b25a3a81eb679a8cc0f783c03 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 111 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000333532100018&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1041-4347 |
| IngestDate | Sun Nov 09 08:52:25 EST 2025 Tue Nov 18 22:28:51 EST 2025 Sat Nov 29 08:05:34 EST 2025 Wed Aug 27 02:52:17 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 3 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c283t-590ae25eb91dd914329d0867b1b4b90a5bd8fd0b25a3a81eb679a8cc0f783c03 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| PQID | 1505119421 |
| PQPubID | 85438 |
| PageCount | 14 |
| ParticipantIDs | ieee_primary_6468039 crossref_citationtrail_10_1109_TKDE_2013_38 crossref_primary_10_1109_TKDE_2013_38 proquest_journals_1505119421 |
| PublicationCentury | 2000 |
| PublicationDate | 2014-March 2014-3-00 20140301 |
| PublicationDateYYYYMMDD | 2014-03-01 |
| PublicationDate_xml | – month: 03 year: 2014 text: 2014-March |
| PublicationDecade | 2010 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on knowledge and data engineering |
| PublicationTitleAbbrev | TKDE |
| PublicationYear | 2014 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref35 ref12 ref34 ref15 ref14 ref36 ref30 ref10 ref32 ref17 ref39 ref16 ref19 ref18 Aggarwal (ref4) Rivest (ref33) 1978 (ref3) 2007 (ref22) 2008 Ghandeharizadeh (ref38) Denis (ref11) 2007 (ref1) 2013 Smith (ref37) 2001 Rabin (ref31) 1979 ref24 ref23 ref45 ref26 Wang (ref44) ref25 ref20 ref41 ref21 ref43 ref28 ref27 (ref2) 2013 ref29 ref8 ref7 ref9 ref6 ref5 ref40 Ge (ref42) |
| References_xml | – ident: ref7 doi: 10.1145/1140402.1140404 – year: 2001 ident: ref37 article-title: Outbound Authentication for Programmable Secure Coprocessors – ident: ref45 doi: 10.1007/978-3-642-23556-6_4 – ident: ref8 doi: 10.14778/1920841.1920849 – ident: ref12 doi: 10.1145/948109.948124 – volume-title: technical report year: 1979 ident: ref31 article-title: Digitalized Signatures and Public-Key Functions as Intractable as Factorization – ident: ref14 doi: 10.1145/1951365.1951367 – ident: ref43 doi: 10.1007/978-3-642-13190-5_2 – volume-title: FIPS PUB 140-2, Security Requirements for Cryptographic Modules year: 2013 ident: ref1 – ident: ref36 doi: 10.1145/1007568.1007609 – ident: ref9 doi: 10.1145/2038916.2038945 – ident: ref29 doi: 10.1007/3-540-49162-7_17 – ident: ref28 doi: 10.1007/3-540-48910-X_16 – ident: ref27 doi: 10.1145/1247480.1247555 – ident: ref24 doi: 10.1145/507338.507354 – start-page: 481 volume-title: Proc. 16th Int’l Conf. Very Large Data Bases (VLDB) ident: ref38 article-title: Hybrid-Range Partitioning Strategy: A New Declustering Strategy for Multiprocessor Database Machines – volume-title: IBM 4764 PCI-X Cryptographic Coprocessor year: 2007 ident: ref3 – volume-title: Intel 64 and IA-32 Architectures Optimization Reference Manual year: 2008 ident: ref22 – ident: ref39 doi: 10.1145/1989323.1989346 – start-page: 186 volume-title: Proc. Conf. Innovative Data Systems Research (CIDR) ident: ref4 article-title: Two Can Keep a Secret: A Distributed Architecture for Secure Database Services – ident: ref16 doi: 10.1109/ICDE.2007.367913 – volume-title: TPC-H Benchmark year: 2013 ident: ref2 – volume-title: Cryptography for Developers year: 2007 ident: ref11 – ident: ref21 doi: 10.1016/B978-012088469-8.50064-4 – ident: ref30 doi: 10.1145/2043556.2043566 – ident: ref34 doi: 10.1147/sj.403.0683 – ident: ref10 doi: 10.1145/1805974.1805978 – ident: ref41 doi: 10.14778/1920841.1920855 – ident: ref17 doi: 10.1007/978-3-642-14623-7_25 – ident: ref6 doi: 10.1007/11818175_36 – ident: ref23 doi: 10.1007/11535706_24 – ident: ref32 doi: 10.1109/ICDE.2006.144 – volume-title: Proc. 32nd Int’l Conf. Very Large Data Bases (VLDB) ident: ref44 article-title: Efficient Secure Query Evaluation over Encrypted XML Databases – ident: ref5 doi: 10.1109/MSP.2005.49 – ident: ref20 doi: 10.1145/564716.564717 – ident: ref18 doi: 10.1017/CBO9780511546891 – ident: ref13 doi: 10.1007/11805588_7 – volume-title: Foundations of Secure Computation year: 1978 ident: ref33 article-title: On Data Banks and Privacy Homomorphisms – ident: ref19 doi: 10.1007/978-3-540-24571-1_10 – ident: ref35 doi: 10.1145/2038916.2038928 – ident: ref40 doi: 10.1145/1989323.1989346 – ident: ref26 doi: 10.1109/IWIA.2005.28 – ident: ref15 doi: 10.1145/1971690.1971698 – ident: ref25 doi: 10.1016/B978-155860869-6/50020-2 – start-page: 519 volume-title: Proc. 33rd Int’l Conf. Very Large Data Bases (VLDB) ident: ref42 article-title: Answering Aggregation Queries in a Secure System Model |
| SSID | ssj0008781 |
| Score | 2.5015793 |
| Snippet | Traditionally, as soon as confidentiality becomes a concern, data are encrypted before outsourcing to a service provider. Any software-based cryptographic... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 752 |
| SubjectTerms | Data privacy Database architectures Encryption Hardware privacy Query processing security Servers special-purpose hardware |
| Title | TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality |
| URI | https://ieeexplore.ieee.org/document/6468039 https://www.proquest.com/docview/1505119421 |
| Volume | 26 |
| WOSCitedRecordID | wos000333532100018&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIEE databaseName: IEEE Electronic Library (IEL) customDbUrl: eissn: 1558-2191 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0008781 issn: 1041-4347 databaseCode: RIE dateStart: 19890101 isFulltext: true titleUrlDefault: https://ieeexplore.ieee.org/ providerName: IEEE |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3dS8MwED_c8EEfnE7F-UUe9Em7pUnbJL6pUwRliAzZW0mTGwxkypyK_71J2hVBffCtJddS7pr7yN3vDuBISzPmPLNRwVIbJTETkWa-Ay2lyCzqrMRxP96JwUCORup-CU5rLAwihuIz7PrLkMu3z-bNH5X1siSTlKsGNIQQJVar1rpShIGkLrpwMRFPRF3krnrD2_6VL-LiXY9C-WZ-wjyVH0o4WJbr1v--aR3WKg-SnJci34AlnLahtZjOQKrN2obVb60GN-Fh6MEVaPsXZ-ScVDfE5-0_9AyjC2fMLOnrufZmjfjTWXI_m7xr80n0tFwhHh04CcDe4LxvwfD6anh5E1XzFCLjnIh5lCqqkaVYqNha5RwlpqyLaEQRF0nh1tLCyrGlTmqaaxljkQnlZGnoWEhuKN-G5vR5ijtAGC1QapUZdPy2wsV8Y-MUVaJVyoTBtAMnCy7npuo17kdePOUh5qAq9zLJvUxyLjtwXFO_lD02_qDb9PyvaSrWd2B_IcC82oCvufNzfYY0YfHu70_twYp7bVKWk-1Dcz57wwNYNu_zyevsMPxbX-92zCU |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1RT9swED5BmcR4WDe6iQJjftieWMCxk9jeW7sWgSgVQtHUt8ixr1KlqaBSivj32E4aIW088JbIZyW6s313vvvuAL5raaacZzYqWWqjJGYi0sxXoKUUmUWdVTjuPyMxHsvJRF1vwM8GC4OIIfkMT_xjiOXbW_Pgr8pOsySTlKtN2EqThMUVWqs5d6UILUmdf-G8Ip6IJs1dneaXg6FP4-InHofyQgGFjir_HMNBt5y13_ZXH-FDbUOSXiX0T7CB811or_szkHq77sLOi2KDHbjJPbwC7aD_i_RI_UJ85P5RLzDqO3VmyUAvtVdsxN_PkuvFbKXNE9HzaoR4fOAsQHuD-f4Z8rNh_vs8qjsqRMaZEcsoVVQjS7FUsbXKmUpMWefTiDIuk9KNpaWVU0ud3DTXMsYyE8pJ09CpkNxQ_gVa89s57gFhtESpVWbQ8dsK5_VNjTuqEq1SJgymXThec7kwdbVx3_TibxG8DqoKL5PCy6Tgsgs_Guq7qsrGK3Qdz_-GpmZ9Fw7XAizqLXhfOEvXx0jdOtn__6xvsH2eX42K0cX48gDeu08kVXLZIbSWiwf8Cu_Majm7XxyFdfYMtyPPbA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=TrustedDB%3A+A+Trusted+Hardware-Based+Database+with+Privacy+and+Data+Confidentiality&rft.jtitle=IEEE+transactions+on+knowledge+and+data+engineering&rft.au=Bajaj%2C+Sumeet&rft.au=Sion%2C+Radu&rft.date=2014-03-01&rft.issn=1041-4347&rft.volume=26&rft.issue=3&rft.spage=752&rft.epage=765&rft_id=info:doi/10.1109%2FTKDE.2013.38&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TKDE_2013_38 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1041-4347&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1041-4347&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1041-4347&client=summon |