Towards a Cryptographically Verifiable Database Management System

Xia, Yu

Author(s)

Xia, Yu

DownloadThesis PDF (4.031Mb)

Advisor

Devadas, Srinivas

Terms of use

In Copyright - Educational Use Permitted Copyright MIT http://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

Database-as-a-Service (DBaaS), like Amazon Web Service Redshift and Microsoft Azure SQL DB, is becoming increasingly popular. These services provide high performance and on-demand elasticity without heavy maintenance costs. However, as with all online applications, DBaaS is prone to malicious attacks ranging from server compromises to cheating providers. We believe that database security is more than just data privacy. Existing secure DBMSs focus on the security and privacy of data but overlook semantic properties, such as the correctness and ACID properties of transactions. Enforcing these properties is crucial to the functionality of applications. If these guarantees do not hold, catastrophic losses could result. A hacker compromising the server gains complete control of the operating system. The hacker can tamper with the data, perform arbitrary computation, violate transaction properties, or return wrong results to the client to pursue external incentives like financial benefits. Protecting data privacy does not eliminate all the incentives to initiate attacks. For example, the hacker can short the stock price of the data owner while forcing the server to run wrong transactions and return incorrect results, potentially creating business chaos. Besides the correctness of the transactions and results, ACID properties are also critical. For example, two cryptocurrency exchanges went bankrupt due to hackers double-spending their coins through isolation-level attacks. To address this issue, this dissertation presents Litmus, a database management system that can provide verifiable proofs of transaction correctness and semantic properties, including atomicity and serializability. Litmus features a co-design of both the database and the cryptographic parts. We evaluate a proof-of-concept prototype of Litmus on the YCSB and TPC-C benchmarks. We show that under certain cryptographic assumptions, Litmus can process up to thousands of transactions per second (txn/s) verifiably. Our results show a promising practical direction considering that PayPal runs on average 115 txn/s and VISA 2000-4000 txn/s. The proof is about tens of kilobytes per verification batch and verifies with a constant time of a few hundred seconds. Moreover, Litmus can extend to verify consistency as well.

Date issued

2022-09

URI

https://hdl.handle.net/1721.1/147302

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Collections

Doctoral Theses