Show simple item record

dc.contributor.authorPopa, Raluca Ada
dc.contributor.authorRedfield, Catherine M.
dc.contributor.authorZeldovich, Nickolai
dc.contributor.authorBalakrishnan, Hari
dc.date.accessioned2012-10-18T19:27:54Z
dc.date.available2012-10-18T19:27:54Z
dc.date.issued2011-10
dc.identifier.isbn978-1-4503-0977-6
dc.identifier.urihttp://hdl.handle.net/1721.1/74107
dc.description.abstractOnline applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications backed by SQL databases. It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL. Chaining encryption keys to user passwords requires 11--13 unique schema annotations to secure more than 20 sensitive fields and 2--7 lines of source code changes for three multi-user web applications.en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (CNS-0716273)en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (IIS-1065219)en_US
dc.language.isoen_US
dc.publisherAssociation for Computing Machinery (ACM)en_US
dc.relation.isversionofhttp://dx.doi.org/10.1145/2043556.2043566en_US
dc.rightsCreative Commons Attribution-Noncommercial-Share Alike 3.0en_US
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/3.0/en_US
dc.sourceMIT web domainen_US
dc.titleCryptDB: Protecting confidentiality with encrypted query processingen_US
dc.typeArticleen_US
dc.identifier.citationPopa, Raluca Ada et al. “CryptDB: Protecting confidentiality with encrypted query processing.” ACM Press, 2011. 85.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratoryen_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Scienceen_US
dc.contributor.mitauthorPopa, Raluca Ada
dc.contributor.mitauthorRedfield, Catherine M.
dc.contributor.mitauthorZeldovich, Nickolai
dc.contributor.mitauthorBalakrishnan, Hari
dc.relation.journalProceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP '11)en_US
dc.eprint.versionAuthor's final manuscripten_US
dc.type.urihttp://purl.org/eprint/type/ConferencePaperen_US
dspace.orderedauthorsPopa, Raluca Ada; Redfield, Catherine M. S.; Zeldovich, Nickolai; Balakrishnan, Harien
dc.identifier.orcidhttps://orcid.org/0000-0003-0238-2703
dc.identifier.orcidhttps://orcid.org/0000-0002-1455-9652
mit.licenseOPEN_ACCESS_POLICYen_US
mit.metadata.statusComplete


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record