Practical security for multi-user web application databases
DownloadFull printable version (1.161Mb)
Alternative title
CryptDB : practical security for multi-user web application databases
Other Contributors
Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Advisor
Nickolai Zeldovich.
Terms of use
Metadata
Show full item recordAbstract
Online web applications are continuously vulnerable to attacks on their users' data. Outside adversaries can gain unauthorized access by exploiting unknown vulnerabilities; curious or malicious database administrators can examine or alter the data in situ. Multiple Principal CryptDB protects against attacks on web application servers. By chaining encryption keys to user passwords, an attacker gaining access to decrypted data through issuing arbitrary queries to the database through CryptDB cannot access data belonging to offline users. A logging system and distributed key storage for CryptDB constrain the pool of possibly compromised data after an attack. Multiple Principal CryptDB can be used to secure the data of six web applications examined, with 2-8 lines of altered source code and 15-111 annotations added to the schema. On the phpBB web forum application, Multiple Principal CryptDB reduces throughput by only 14.5%, with 24 sensitive fields encrypted, and adds less than 26ms of latency to each individual query.
Description
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (p. 67-68).
Date issued
2012Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.