|EdgelessDB - Taking Database Security To The Next Level|
|Monday, 01 November 2021|
EdgelessDB is 100% compatible with MySQL enhanced with confidential computing capabilities based on secure enclaves on Intel SGX chips. These properties make it one of the safest database management systems on the market.
There's a lot to assimilate here - Confidential computing, Intel SGX, Enclaves. So first of all let's tackle SGX:
Intel Software Guard Extensions (SGX), is a set of security architecture extensions introduced in the Skylake microarchitecture that enables a Trusted Execution Environment (TEE). It provides an 'inverse sandbox', for sensitive programs, and guarantees the integrity and confidentiality of secure computations even from the most privileged malicious software (e. g. OS, Hypervisor).
Next, an enclave in simple terms, is a hardware sandbox that provides runtime protection of the data it encloses. EdgelessDB uses it in order to execute trusted and secure code on untrusted environments such as cloud platforms and already there's an integration of EdgelessDB on the Azure platform. An enclave itself is, in fact, just an instruction in the CPU architecture provided by modern CPUs.
Finally, confidential computing is a concept that takes this one step further. It's an umbrella term that encapsulates protecting data at rest, data in use and data in transit, including preventing unauthorized access and tampering at runtime. Also it offers verifiability, in that the user can be certain that he talks to the appropriate back end and is not being misled as well as ensuring that the backend is running the code it is supposed to run.
EdgelessDB guarantees these properties even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, when there's privileged attackers able to access a database’s memory and when the database runs in an untrusted host, such as in the cloud. It does so by placing sensitive data (tables, indexes and other metadata) in enclaves protected by trusted hardware, in this case Intel SGX. As such the whole database runs entirely inside an enclave and the data that's stored in EdgelessDB never touches the outside memory or disk in plain text.
In comparison to the "normal" DBMS which can only protect data at rest and, when they use hardware security modules (HSMs), can also protect the runtime encryption keys, what a confidential database like EdgelessDB gives you is both data encryption on disk and runtime protection for your keys but also runtime protection for your data as well as verifiability. Furthermore, it can be cheaper since you don't need to buy new hardware like HSM's when you already have an Intel SGX-compatible CPU.
Database-wise EdgelessDB is a fully relational DBMS 100% compatible with MySQL and is available through a Docker image of two flavors - with 1 GB of enclave heap memory and with 4 GB of enclave heap memory, although a future version will have a dynamic heap size.
Architecturally the system is composed of Mysql which acts as the entry point or front-end, there's also a custom-made RocksDB component that acts as the backend and the underlying a storage engine. Of course. a very important component is the manifest.
Before an instance of EdgelessDB becomes operational, it needs to be initialized with a manifest. The manifest is a simple JSON file that defines how the data stored in EdgelessDB can be accessed by different parties. Clients can verify that a given instance of EdgelessDB adheres to a certain manifest before they connect via TLS. Clients can verify that an EdgelessDB instance was initialized with a specific manifest.
Inside the enclave there's also a REST API through which you can query its properties as well as the manifest's by calling its endpoint. This is like setting a recovery key needed in order to recover after a system crashes or when the host machine changes. When EdgelessDB is moved to another physical host, it enters recovery mode and waits for the master key to be passed over the HTTP REST API.
To wrap it up, EdgelessDB provides a gateway to the world of confidential computing which seams to be the future trend that will especially concern the cloud and the data centers. Of course, the way to adoption passes through performance as well and while the TCP-C benchmarks are a bit behind (29% overhead to a standard TPC-C test or 600 transaction per second instead of 780), which should be expected due to the primary role of utilizing encryption everywhere, the optimization attempts are not over yet as there's still a lot of space for improvement.
|Last Updated ( Monday, 01 November 2021 )|