Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either special-purpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms (e.g., public-key encryptions, garbled circuits) usually result in high performance overheads, while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around the architectural limitations of the specific devices used.
In this work we build StealthDB – an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large transactional workloads, requires minor DBMS changes, and provides a relatively strong security guarantees at steady state and during query execution. Our prototype on top of Postgres supports the full TPC-C benchmark with a 30% decrease in the average throughput over an unmodified version of Postgres operating on a 2GB unencrypted dataset.
 A. Arasu, S. Blanas, K. Eguro, R. Kaushik, D. Kossmann, R. Ramamurthy, and R. Venkatesan. Orthogonal security with cipherbase. In CIDR, 2013.
 S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O’Keeffe, M. Stillwell, D. Goltzsche, D. M. Eyers, R. Kapitza, P. R. Pietzuch, and C. Fetzer. SCONE: secure linux containers with intel SGX. In OSDI, pages 689–703, 2016.
 S. Bajaj and R. Sion. Trusteddb: A trusted hardware based database with privacy and data confidentiality. In SIGMOD, pages 205–216, 2011.
 M. Balduzzi, J. Zaddach, D. Balzarotti, E. Kirda, and S. Loureiro. A security analysis of amazon’s elastic compute cloud service. In SAC, pages 1427–1434, 2012.
 A. Baumann, M. Peinado, and G. C. Hunt. Shielding applications from an untrusted cloud with haven. In OSDI, pages 267–283, 2014.
 F. Brasser, U. Müller, A. Dmitrienko, K. Kostiainen, S. Capkun, and A. Sadeghi. Software grand exposure: SGX cache attacks are practical. In WOOT, 2017.
 S. Bugiel, S. Nürnberger, T. Pöppelmann, A. Sadeghi, and T. Schneider. Amazonia: when elasticity snaps back. In CCS, pages 389–400, 2011.
 J. V. Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In USENIX Security, pages 991–1008, 2018.
 D. Cash, J. Jaeger, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS, 2014.
 D. Cash, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO I, pages 353–373, 2013.
 D. Cash and S. Tessaro. The locality of searchable symmetric encryption. In EUROCRYPT, pages 351–368, 2014.
 C. che Tsai, D. E. Porter, and M. Vij. Graphene-sgx: A practical library OS for unmodified applications on SGX. In USENIX ATC, pages 645–658, 2017.
 V. Costan and S. Devadas. Intel SGX explained. IACR Cryptology ePrint Archive, 2016:86, 2016.
 F. Dall, G. D. Micheli, T. Eisenbarth, D. Genkin, N. Heninger, A. Moghimi, and Y. Yarom. Cachequote: Efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(2):171–191, 2018.
 M. Dzulfakar. Advanced mysql exploitation. Black Hat Las Vegas, 2009.
 S. Eskandarian and M. Zaharia. An oblivious general-purpose SQL database for the cloud. CoRR, abs/1710.00458, 2017.
 S. Faber, S. Jarecki, H. Krawczyk, Q. Nguyen, M. Rosu, and M. Steiner. Rich queries on encrypted data: Beyond exact matches. In ESORICS II, pages 123–145, 2015.
 B. Fisch, D. Vinayagamurthy, D. Boneh, and S. Gorbunov. IRON: functional encryption using intel SGX. In CCS, pages 765–782, 2017.
 B. Fuhry, R. Bahmani, F. Brasser, F. Hahn, F. Kerschbaum, and A. Sadeghi. Hardidx: Practical and secure index with SGX. In DBSec, pages 386–408, 2017.
 B. Fuller, M. Varia, A. Yerukhimovich, E. Shen, A. Hamlin, V. Gadepally, R. Shay, J. D. Mitchell, and R. K. Cunningham. Sok: Cryptographically protected database search. In IEEE SP, pages 172–191, 2017.
 T. Garfinkel and M. Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In HotOS, 2005.
 C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC, pages 169–178, 2009.
 O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. J. ACM, 43(3):431–473, 1996.
 P. Grofig, I. Hang, M. Härterich, F. Kerschbaum, M. Kohler, A. Schaad, A. Schröpfer, and W. Tighzert. Privacy by encrypted databases. In Annual Privacy Forum, pages 56–69. Springer, 2014.
 P. Grubbs, M. Lacharité, B. Minaud, and K. G. Paterson. Pump up the volume: Practical database reconstruction from volume leakage on range queries. In CCS, pages 315–331, 2018.
 P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart, and V. Shmatikov. Breaking web applications built on top of encrypted data. In ACM CCS, pages 1353–1364, 2016.
 P. Grubbs, T. Ristenpart, and V. Shmatikov. Why your encrypted database is not secure. In HotOS, pages 162–168, 2017.
 B. D. A. Guimaraes. Advanced sql injection to operating system full control. Black Hat Europe, 2009.
 S. Halevi and V. Shoup. Algorithms in helib. In CRYPTO I, pages 554–571, 2014.
 T. Hunt, Z. Zhu, Y. Xu, S. Peter, and E. Witchel. Ryoan: A distributed sandbox for untrusted computation on secret data. In OSDI, pages 533–549, 2016.
 Y. Ishai, E. Kushilevitz, S. Lu, and R. Ostrovsky. Private large-scale databases with distributed searchable symmetric encryption. In CT-RSA, pages 90–107, 2016.
 G. Kellaris, G. Kollios, K. Nissim, and A. O’Neill. Generic attacks on secure outsourced databases. In CCS, pages 1329–1340, 2016.
 J. Lee, J. S. Jang, Y. Jang, N. Kwak, Y. Choi, C. Choi, T. Kim, M. Peinado, and B. B. Kang. Hacking in darkness: Return-oriented programming against secure enclaves. In USENIX Security, pages 523–539, 2017.
 S. Lee, M. Shih, P. Gera, T. Kim, H. Kim, and M. Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In USENIX Security, pages 557–574, 2017.
 K. Lewi and D. J. Wu. Order-revealing encryption: New constructions, applications, and lower bounds. In CCS, pages 1167–1178, 2016.
 F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In HASP, page 10, 2013.
 C. Priebe, K. Vaswani, and M. Costa. Enclavedb: A secure database using SGX. In IEEE SP, pages 264–278, 2018.
 T. Ristenpart and S. Yilek. When good randomness goes bad: Virtual machine reset vulnerabilities and hedging deployed cryptography. In NDSS, 2010.
 F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: trustworthy data analytics in the cloud using SGX. In IEEE SP, pages 38–54, 2015.
 M. Schwarz, S. Weiser, D. Gruss, C. Maurice, and S. Mangard. Malware guard extension: Using SGX to conceal cache attacks. In DIMVA, pages 3–24, 2017.
 C. Tsai, K. S. Arora, N. Bandi, B. Jain, W. Jannen, J. John, H. A. Kalodner, V. Kulkarni, D. Oliveira, and D. E. Porter. Cooperation and security isolation of library oses for multiprocess applications. In EuroSys 2014, pages 9:1–9:14, 2014.
 N. Weichbrodt, A. Kurmus, P. R. Pietzuch, and R. Kapitza. Asyncshock: Exploiting synchronisation bugs in intel SGX enclaves. In ESORICS I, pages 440–457, 2016.
 Y. Xu, W. Cui, and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE SP, pages 640–656, 2015.
 W. Zheng, A. Dave, J. G. Beekman, R. A. Popa, J. E. Gonzalez, and I. Stoica. Opaque: An oblivious and encrypted distributed analytics platform. In NSDI, pages 283–298, 2017.