Abstract of thesis entitled “A Novel Architecture for Secure Database Processing in Cloud Computing” submitted by Hung-Kwan Chen for the degree of Joint Doctor of Philosophy at The University of Hong Kong and Imperial College London in October 2016 Security, particularly data privacy, is one of the biggest barriers to the adop- tion of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator. Typi- cal prior effort on addressing this security problem is either prohibitively slow or highly restrictive in operation. In this thesis, a novel cloud system architecture CypherDB, which makes use of a secure processor, is proposed to protect the confidentiality of out- sourced database processing. To achieve this, a framework is developed to use these secure processors in the cloud for secure database processing. This framework allows distributed and parallel processing of the encrypted data and exhibits virtualization features in Cloud Computing. The CypherDB ar- chitecture also relies on two major components to protect the privacy of an outsourced database against any honest-but-curious administrator of high per- formance. Firstly, a novel database encryption scheme is developed to protect the out- sourced database which can be executed under a CypherDB secure processor with high performance. Our proposed scheme makes use of custom instructions to hide the encryption latency from the program execution. This scheme is extensively validated through an integration with SQLite, a practical database application program. Secondly, a novel secure processor architecture is also developed to pro- vide architectural support to our proposed database encryption scheme and efficient protection mechanism to secure all intermediate data generated on- the-fly during query execution. The efficiency, robustness and the cost of our novel processor architecture are validated and evaluated through extensive simulations and implementation on a FPGA platform. A fully-functional Field-Programmable Gate Array (FPGA) implementa- tion of our CypherDB secure processor and simulation studies demonstrate that our proposed architecture is cost-effective and of high performance. Our experiment of running the TPC-H database benchmark on SQLite demon- strates 10 to 14 percent performance overhead on average. The security com- ponents in CypherDB consume about 21K Logic Elements and 54 Block RAMs on the FPGA. The modification of SQLite only consists of 208 lines of code (LOC). An abstract of exactly 331 words A Novel Architecture for Secure Database Processing in Cloud Computing by Hung-Kwan Chen B.Eng., The University of Hong Kong, 2011 A thesis submitted in partial fulfilment of the requirements for the Degree of Joint Doctor of Philosophy at The University of Hong Kong and Imperial College London. October 2016 Declarations Declaration of Originality I hereby declare that this thesis represents my own work, except where due acknowledgement is made, and that it has not been previously included in a thesis, dissertation or report submitted to these universities or to any other institution for a degree diploma or other qualifications. Declaration of Copyright The copyright of this thesis rests with the author and is made available un- der a Creative Commons Attribution Non-Commercial No Derivatives licence. Researchers are free to copy, distribute or transmit the thesis on the condition that they attribute it, that they do not use it for commercial purposes and that they do not alter, transform or build upon it. For any reuse or redistribution, researchers must make clear to others the licence terms of this work I Dedication To my dearest parents, brothers and my love. II Acknowledgements I would like to express my sincerest gratitude to my supervisors, Prof. Paul Cheung, Prof. Peter Cheung and Prof. Ricky Kwok, without whom the work described in this thesis would not have been possible. I still remember the first day I met Prof. Paul Cheung for my final year project during my undergradu- ate study and to now the completion of my PhD. He has given me substantial support and guidance throughout my university study. I also have to thank him for the introduction of this joint PhD degree with Imperial College Lon- don that provided me a chance to meet Prof. Peter Cheung, his twin brother, who is also my primary supervisor at ICL. Prof. Peter Cheung is as supportive and encouraging as Prof. Paul Cheung. I will never forget how Prof. Peter Cheung helped me to write the academic paper by reading it word-by-word and taught me how to write it in a better way. It is my greatest honour to be a student (probably the only student) co-supervised by Prof. Paul Cheung and Prof. Peter Cheung. I would also like to thank Prof. Ricky Kwok who is my secondary supervisor at HKU. I deeply appreciate his attitude, insightful thought and guidance, his sharing and also caring in relation to my study. This thesis could not be completed without his continuous stimulation of my research. I would like to thank my examiners Prof. Simon Moore, Dr. David Thomas and Prof. Cho-Li Wang for their useful comments and suggestions that helped to improve my thesis. I also have to thank CAS group at ICL and my student colleagues at HKU. It was definitely a great pleasure to have met a group of talents who worked intelligently, discussed critically and played hard with me throughout my PhD life. Special thanks to Justin Wong, Jungyi Liu, Hilda Xue, Shuanglong Liu, Guangwei Chen, Aryan Tavakkoli, James Davis, Edward Stott, Joshua Levine and James Mardell at ICL for their time spent with me in the laboratory III and at Holland Club/H-bar for pints of beer; and Ho-Cheung Ng, Junqi Deng and Sam Ho for the discussion of various academic or non-academic aspects at HKU. I would like to thank the landlady Gillie Gratham who provided enormous support to my living in London and also Raul, Hassan, Aizar, Ben for chatting, partying and cooking during my life in the UK. To my friends Gary Chan, Tony Cheng, Leslie Pang, June-Limb Wong, Henry Yip and Jeffrey Wong, I am grateful to have had their support, encour- agement, and blessing over all these years. Last but not least, I would like to thank my beloved parents and broth- ers for their unconditional love and support during these years which let me pursue my own career path and chase my dream. Most importantly, I am most grateful to my girlfriend, Yoki, for her love and support for my studies and her encouragement to keep me moving forward whenever I was tired and frustrated. IV Contents Declarations I Dedication II Acknowledgements III List of Figures XI List of Tables XVIII List of Acronyms XX 1 Introduction 1 1.1 Database-as-a-Service . 4 1.2 ThreatModel ............................ 5 1.3 ResearchObjectives. 6 1.4 Contributions . 7 1.5 List of Publications . 9 1.6 Organization of the Thesis . 9 2 Background 11 2.1 Database-as-a-Service . 11 2.1.1 Deployment Model . 12 2.1.2 Relational Data Model . 12 2.1.3 Database Three Schema Concept . 13 2.1.4 Database Query . 14 V 2.1.5 Distributed Database . 15 2.2 Processor Architecture . 19 2.2.1 Memory Addressing Model . 19 2.2.2 ISA architecture . 21 2.2.3 Architectural Model . 22 2.3 Cryptography: Encryption . 24 2.3.1 Symmetric-key Cryptography . 24 2.3.2 Public-key Cryptography . 25 2.3.3 Digital Signature . 26 3 Literature Review 29 3.1 Homomorphic Encryption . 30 3.1.1 Fully homomorphic encryption . 30 3.1.2 Partially homomorphic encryption . 31 3.2 Commercially Available Architecture . 32 3.2.1 Secure Co-Processor . 33 3.2.2 Trusted Platforms . 35 3.3 Academically Proposed Architecture . 36 3.3.1 Secure Processor . 37 3.3.2 Secure Hypervisor . 40 3.3.3 Data-Centric Security . 41 3.4 Chapter Summary . 42 4 CypherDB System Overview 45 4.1 GeneralOverview.......................... 45 4.1.1 Application Scenario . 46 4.2 Architectural Model of a Secure Server/Node . 49 4.2.1 On-Chip Encryption Key Exchange . 49 4.2.2 On-Chip Computations on the Encrypted Data . 50 4.3 Attestation ............................. 51 VI 4.3.1 Secure Processor Attestation . 51 4.3.2 Query Key Attestation . 52 4.4 Execution Flow . 53 4.5 Database Virtualization . 55 5 Proposed Encryption Mechanism 57 5.1 Block-Cipher Encryption . 57 5.2 Look-Ahead Encryption Scheme . 60 5.2.1 Performance Impact . 62 5.2.2 Discussion . 63 5.3 Database Encryption . 64 5.3.1 Attribute Encryption . 64 5.3.2 Attribute Encryption Seed . 64 5.3.3 Query Output Protection . 66 5.3.4 Index Protection . 66 5.3.5 An Illustrative Example . 67 5.3.6 Remote Database Modification . 68 5.4 Security Analysis . 70 6 Processor Architecture 72 6.1 Database Profiling . 72 6.2 Architectural Overview . 75 6.2.1 Private Key Registers . 77 6.2.2 New Security Instructions . 78 6.3 Virtual to Physical Memory Mapping . 80 6.4 DataProtection........................... 82 6.4.1 DBPage Seed Buffer .................... 82 6.5 Execution Protection . 86 6.5.1 Cache Line Encryption . 86 6.5.2 SMC Execution Setup . 89 VII 6.5.3 SMC Seed Buffer...................... 91 6.6 Query Execution Example . 94 6.7 Discussion . 96 6.7.1 SMC Allocation . 96 6.7.2 Comparison with Alternative Approaches . 97 6.7.3 Extension on Speculative OoO multicore processor . 99 6.8 Security Analysis . 101 7 Implementation 103 7.1 Overview............................... 103 7.1.1 Impact on the Processor Pipeline .