Query Optimization For Encrypted Data In SGX-Aware Database Systems

With the rapid development of the era of big data,the scale,type,and complexity of data are changing and growing rapidly,making cloud computing an essential infrastructure to solve the efficient computing management of data.However,while data computing and storage in the cloud brings us great convenience,it is also bound to be accompanied by privacy risks and security hazards that cannot be ignored.When enterprises and institutions outsource their data to the public cloud for storage and computing,their data security may be violated by the cloud service provider,such as an internal person with server control,or malicious program running on the same cloud,which brings great data security risks to users.In order to solve this problem,many researchers have tried to build a cryptographic database system that can prevent attackers from obtaining users’ private data.Although pure cryptography(software)solutions such as homomorphic encryption or garbled circuits achieve good security,they introduce huge computational overhead and support limited operations.Another research idea uses the trusted execution environment to put sensitive data in an isolated secure memory for calculation,but a trusted execution environment such as SGX generally has a limit on the size of the memory,and exceeding their limit leads to high computing overhead.Although these studies have solved partial privacy and security issues of cloud computing to a certain extent,they are still far from meeting the needs of practical applications requirements.This thesis focuses on the problems of secure query optimization in ciphertext databases based on trusted execution environment.Based on the existing pure software cryptographic database system,SGX is introduced to accelerate the overall efficiency of the cryptographic database system.The cryptographic database system under the background of trusted hardware will face many challenges,such as key management,query execution efficiency and trusted function call.To address the problem of insufficient performance of UDF computation in purely trusted hardware or purely software implemented versions of cryptographic database,this thesis proposes a soft-hard cooperative adaptive UDF computation framework,which can effectively combine software implementation and hardware implementation of cryptographic database system to complement each other’s strengths and ultimately achieve a high-performance cryptographic database system.In the design of the collaborative algorithm,the function of approximately dynamically detecting the SGX memory space is realized to support the dynamic scheduling decision in UDF calculation,and the cost estimation model of soft and hard execution path is analyzed and established,which makes the decision effect more accurate and improves the overall calculation and query efficiency of cryptographic database system.For the requirement of key management in cryptographic database,this thesis designs a key transfer protocol and management tool based on SGX remote authentication.Through the key transfer protocol,users can transfer their own master key and other information security for key derivation into SGX secure memory.In secure memory,HKDF is used to derive encryption keys for each encrypted column based on the master key and additional information for subsequent UDF calculations.This thesis further optimizes the implementation of cryptographic database system.For example,the cache module is deployed in SGX memory to accelerate the execution efficiency of UDF calculation.In the high concurrency scenario,ECall task pool is designed to accelerate the performance of cryptographic database system.Its performance is better than the native SGX switchless call technology,and the size of task pool and the number of working threads can be adjusted in real time according to the amount of concurrency.According to the experimental results,compared with the implementation of pure software,the softwarehardware codesign cryptographic database system improves the QPS by about 110 % in the TPC-C test,and the throughput reduction is controlled within 5 times compared with the traditional database system.