| dc.contributor.advisor | Nickolai Zeldovich. | en_US |
| dc.contributor.author | Redfield, Catherine M. S | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2013-02-13T21:24:24Z | |
| dc.date.available | 2013-02-13T21:24:24Z | |
| dc.date.copyright | 2012 | en_US |
| dc.date.issued | 2012 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/76820 | |
| dc.description | Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012. | en_US |
| dc.description | This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. | en_US |
| dc.description | Cataloged from student-submitted PDF version of thesis. | en_US |
| dc.description | Includes bibliographical references (p. 67-68). | en_US |
| dc.description.abstract | Online web applications are continuously vulnerable to attacks on their users' data. Outside adversaries can gain unauthorized access by exploiting unknown vulnerabilities; curious or malicious database administrators can examine or alter the data in situ. Multiple Principal CryptDB protects against attacks on web application servers. By chaining encryption keys to user passwords, an attacker gaining access to decrypted data through issuing arbitrary queries to the database through CryptDB cannot access data belonging to offline users. A logging system and distributed key storage for CryptDB constrain the pool of possibly compromised data after an attack. Multiple Principal CryptDB can be used to secure the data of six web applications examined, with 2-8 lines of altered source code and 15-111 annotations added to the schema. On the phpBB web forum application, Multiple Principal CryptDB reduces throughput by only 14.5%, with 24 sensitive fields encrypted, and adds less than 26ms of latency to each individual query. | en_US |
| dc.description.statementofresponsibility | by Catherine M.S. Redfield. | en_US |
| dc.format.extent | 68 p. | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by
copyright. They may be viewed from this source for any purpose, but
reproduction or distribution in any format is prohibited without written
permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | Practical security for multi-user web application databases | en_US |
| dc.title.alternative | CryptDB : practical security for multi-user web application databases | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | M.Eng. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.identifier.oclc | 825780405 | en_US |
