Secure Database Adapter with Distribution, Encryption and Query Synthesis

This work primarily introduces a secure middleware, called the database proxy. It resides between the application and the untrusted cloud to secure outgoing sensitive data before it is uploaded to the cloud.

It is designed to work transparently to the application and user and supports Postgres, a relational database with SQL support.

The Proxy handles

  • transparent and secure symmetric encryption of outbound sensitive data
  • decryption of inbound data for further processing
  • automatic data distribution to different server or clouds to limit the knowledge about metadata
  • handling of the reverse index for fast determination which data is relevant to the query and support of sublinear search time
  • automatic query rewriting to deal with encryption and data distribution