Vectorized query processing over encrypted data with DuckDB and Intel SGX

Sam Ansmink (CWI, UvA, and VU)

Data confidentiality is an increasingly important requirement for customers outsourcing databases to the cloud. The common approach to achieve data confidentiality in this context is by using encryption. However, processing queries over encrypted data securely and efficiently remains an open issue. To this day, many different approaches to designing encrypted database management systems (EDBMS) have been suggested, for example by using homomorphic encryption or trusted execution environments such as Intel SGX. An underexposed class of database systems in the current EDBMS literature is that of modern, OLAP-optimized query engines. In my research I focused on combining vectorized query execution with Intel SGX to design an EDBMS with minimal performance overhead in analytical workloads. To evaluate different design options, I built a prototype using DuckDB, a vectorized OLAP DBMS developed at CWI. In this talk, I will present an overview of the prototype I created for my research, discuss the most important design considerations when implementing such a system, and present benchmark results.

Sam Ansmink is a student of MSc Computer Science, a joint degree at the University of Amsterdam (UvA) and Vrije Universiteit (VU). While following the Computer Systems and Security track of the curriculum, he found great interest in database systems through a course at the VU by Peter Boncz. An internship with Peter at the CWI Database Architectures Group for his master’s project was the obvious next step. Currently Sam is working on finalizing his thesis.