EnclaveDB: A Secure Database using SGX


EnclaveDB: A Secure Database using SGX
Christian Priebe , Imperial College London
Kapil Vaswani , Microsoft Research
Manuel Costa , Microsoft Research
We propose EnclaveDB, a database engine that guarantees confidentiality, integrity, and freshness for data and queries. EnclaveDB guarantees these properties even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, and when the database runs in an untrusted host in the cloud. EnclaveDB achieves this by placing sensitive data (tables, indexes and other metadata) in enclaves protected by trusted hardware (such as Intel SGX). EnclaveDB has a small trusted computing base, which includes an in-memory storage and query engine, a transaction manager and pre-compiled stored procedures. A key component of EnclaveDB is an efficient protocol for checking integrity and freshness of the database log. The protocol supports concurrent, asynchronous appends and truncation, and requires minimal synchronization between threads. Our experiments using standard database benchmarks and a performance model that simulates large enclaves show that EnclaveDB achieves strong security with low overhead (up to 40% for TPC-C) compared to an industry strength in-memory database engine.



Click to access enclavedb.pdf

AMD Updates Programmer’s Manual

AMD64 Architecture
Programmer’s Manual
Volume 2:
System Programming

Revision Date: December 2017

Click to access 24593.pdf

Here’s the complete changelog for this update:

Modified Sections 7.10.1 and 7.10.4.
Modified Sections 15.34.1, 15.34.7.
Added new Section 15.34.10.
Modified Section 15.35.10.
Modified Appendix A, Table A-7.

Not too useful, I wish I could diff PDFs better. I wish the writers would spend a few moments more on the changelog. Here’s the titles of the above sections:

7.10.1 Determining Support for Secure Memory Encryption
7.10.4 Page Table Support
15.34.1 Determining Support for SEV
15.34.7 Restrictions
15.35.10 Control Register Write Traps
Table A-7: Secure Virtual Machine MSRs