PRAMOD: A Privacy-Preserving Framework for Supporting Efficient and Secure Database-as-a-Service

Cloud providers are realizing the outsourced database model in the form of database-as-a-service offerings. However, security in terms of data privacy remains an obstacle because data storage and processing are performed on an untrusted cloud. Achieving strong security under additional constraints of functionality and performance is even more challenging, for which advanced encryption and recent trusted computing primitives alone prove insufficient. In this paper, we propose PRAMOD – a novel framework for enabling efficient and secure database-as-a-service. We consider a setting in which data is stored encrypted on the untrusted cloud and data-dependent computations are performed inside a trusted environment. The proposed framework protects against leakage caused by observable data movement between different components (due to limited secure memory) by using a special component called scrambler running inO(n) time. It supports popular algorithms underlying many data management applications, including sort, compaction, join and group aggregation. The algorithms implemented in PRAMOD are not only privacy-preserving but also asymptotically optimal. They can be used as building blocks to construct efficient and secure query processing algorithms. The experimental study shows reasonable overheads over a baseline system assuring a weaker level of security. More remarkably, PRAMOD shows superior performance in comparison with the state-of-the-art solutions offering similar privacy protection: up to 4.4× speedup over the alternative data-oblivious algorithms.