Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Confidential Databases Without Cryptographic Mappings

Wenxuan Huang, Zhanbo Wang, Mingyu Li

Abstract

Confidential databases (CDBs) are essential for enabling secure queries over sensitive data in untrusted cloud environments using confidential computing hardware. While adoption is growing, widespread deployment is hindered by high performance overhead from frequent synchronous cryptographic operations, which causes significant computational and memory bottlenecks. We present FEDB, a novel CDB design that removes cryptographic operations from the critical path. FEDB leverages crypto-free mappings, which maintain data-independent identifiers within the database while securely mapping them to plaintext secrets in a trusted domain. This paradigm shift reduces the runtime overhead by up to 78.0 times on industry-standard benchmarks including TPC-C and TPC-H.

Confidential Databases Without Cryptographic Mappings

Abstract

Confidential databases (CDBs) are essential for enabling secure queries over sensitive data in untrusted cloud environments using confidential computing hardware. While adoption is growing, widespread deployment is hindered by high performance overhead from frequent synchronous cryptographic operations, which causes significant computational and memory bottlenecks. We present FEDB, a novel CDB design that removes cryptographic operations from the critical path. FEDB leverages crypto-free mappings, which maintain data-independent identifiers within the database while securely mapping them to plaintext secrets in a trusted domain. This paradigm shift reduces the runtime overhead by up to 78.0 times on industry-standard benchmarks including TPC-C and TPC-H.
Paper Structure (18 sections, 7 figures, 4 tables)

This paper contains 18 sections, 7 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and Motivation
  3. Confidential Computing
  4. Confidential Databases
  5. What Makes Modern CDB Systems Slow?
  6. Fedb Overview
  7. Achieving Efficiency via Mapping Store
  8. Mapping Management
  9. Exploiting Data Locality
  10. Ensuring Cross-domain Consistency
  11. Implementation
  12. Performance Evaluation
  13. End-to-end Benchmarks (RQ1)
  14. Sensitivity Analysis (RQ2)
  15. Miscellaneous (RQ3)
  16. ...and 3 more sections

Figures (7)

  • Figure 1: In modern CDBs, a cross-domain invocation involves two decryptions and one encryption, incurring high CPU overhead.
  • Figure 2: Latency and storage overhead analysis across three typical workloads. Left: Profiling end-to-end SQL execution time; Rest denotes the normal DBMS execution and RPC invocations. Right: Storage overhead normalized to plaintext databases.
  • Figure 3: High-level architecture of Fedb.
  • Figure 4: Timeline of a transaction execution in Fedb, illustrating the handling of (a) abort and (b) commit paths.
  • Figure 5: TPC-C throughput under different client connections with 128 warehouses. Fedb achieves up to 1.8$\times$ speedup over HEDB.
  • ...and 2 more figures