You are looking at a specific version 20170606:213925 of this paper. See the latest version.

Paper 2017/468

Why Your Encrypted Database Is Not Secure

Paul Grubbs and Thomas Ristenpart and Vitaly Shmatikov

Abstract

Encrypted databases, a popular approach to protecting data from compromised database management systems (DBMS’s), use abstract threat models that capture neither realistic databases, nor realistic attack scenarios. In particular, the “snapshot attacker” model used to support the security claims for many encrypted databases does not reflect the information about past queries available in any snapshot attack on an actual DBMS. We demonstrate how this gap between theory and reality causes encrypted databases to fail to achieve their “provable security” guarantees.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. The 16th Workshop on Hot Topics in Operating Systems (HotOS 2017)
Keywords
encrypted databasessecurity definitions
Contact author(s)
pag225 @ cornell edu
History
2017-06-06: revised
2017-05-28: received
See all versions
Short URL
https://ia.cr/2017/468
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.