Brussels / 3 & 4 February 2024


Shielding Data, Embracing Openness, Optimizing Performance: A Journey Through Trustworthy Environments for Database Systems

In the era of cloud systems, it is common practice to outsource most of our data. Consequently, vendors should incorporate several layers of security to ensure users' individual privacy. A typical solution is to protect data at rest by using encryption. To protect data in use, however, encryption is often considered impractical: encrypting and decrypting data at runtime incurs a significant computational overhead.

As a remedy, there exist Trusted Execution Environments (TEEs) that enable database developers to wrap computations in a protected area of the disk. However, the adoption of Open Source software employing TEE to protect data in use is not sufficiently widespread, and such technologies are mostly limited to prototypes. In addition, existing database implementations incorporating TEEs face significant performance issues due to the pitfalls and limitations of Intel SGX, the most commonly used architecture.

In this talk, we present the current state of Open Source secure database implementations using TEEs. We will highlight the strengths and weaknesses of widely-known systems (SGX_SQLite, StealthDB, DuckDB) and discuss design choices developers face when using TEEs to secure data. We provide the results of the most recent benchmarks, which expose bottlenecks and tradeoffs. Lastly, we aim to bridge the gap between security and performance by porting our in-house embedded analytical system, DuckDB, to Intel SGX 2. We show preliminary results and open challenges to spread awareness of secure database technologies and encourage their discussion.


Ilaria Battiston
Lotte Felius