Abstract: A “Database Confidentiality System” provides various techniques for using server-side trusted computing in combination with configurable type metadata and user- or system-definable rules associated with individual database fields to implement database confidentiality. In various implementations, type metadata and one or more rules are added to each database field. Metadata includes a domain, method of encryption, and a pointer to an encryption key used to encrypt the data in the corresponding field. The rules define one or more operations allowed on the corresponding data types. The type metadata and rules are optionally integrity protected and/or encrypted to avoid unauthorized changes or access. Various encryption techniques (e.g., probabilistic, Paillier, etc.) allow some computations to be performed in an untrusted environment without access to the encryption key.

Abstract: The techniques discussed herein facilitate the transmission, storage, and manipulation of data in an encrypted database management system (EDBMS). An untrusted machine is connected to a data store having encrypted records, a client machine that sends encrypted queries, and a trusted machine that receives and decrypts the encrypted records and encrypted queries. The trusted machine processes the query using semantically secure query operators to produce a query result. The trusted machine ensures the size of the query result conforms to an upper bound on the number or records in the query result and returns the query result.

Abstract: A “Database Confidentiality System” provides various techniques for using server-side trusted computing in combination with configurable type metadata and user- or system-definable rules associated with individual database fields to implement database confidentiality. In various implementations, type metadata and one or more rules are added to each database field. Metadata includes a domain, method of encryption, and a pointer to an encryption key used to encrypt the data in the corresponding field. The rules define one or more operations allowed on the corresponding data types. The type metadata and rules are optionally integrity protected and/or encrypted to avoid unauthorized changes or access. Various encryption techniques (e.g., probabilistic, Paillier, etc.) allow some computations to be performed in an untrusted environment without access to the encryption key.

Abstract: The subject disclosure is directed towards loading parallel memories (e.g., in one or more FPGAs) with multidimensional data in an interleaved manner such that a multidimensional patch/window may be filled with corresponding data in a single parallel read of the memories. Depending on the position of the patch, the data may be rotated horizontally and/or vertically, for example, so that the data in each patch is consistently arranged in the patch regardless of from which memory each piece of data was read. Also described is leveraging dual ported memory for multiple line reads and/or loading one part of a buffer while reading from another.

Abstract: The subject disclosure is directed towards performing connected components in hardware, such as an FPGA, which is facilitated by a linked list structure that does not grow. During a connected components graph labeling process, when a merge is encountered, the data structure comprising labels and associated equivalency data swaps the equivalency data of the two vertices whose different labels produced the merge condition.

Abstract: The techniques discussed herein facilitate the transmission, storage, and manipulation of data in an encrypted database management system (EDBMS). An untrusted machine is connected to a data store having encrypted records, a client machine that sends encrypted queries, and a trusted machine that receives and decrypts the encrypted records and encrypted queries. The trusted machine processes the query using semantically secure query operators to produce a query result. The trusted machine ensures the size of the query result conforms to an upper bound on the number or records in the query result and returns the query result.

Abstract: The subject disclosure is directed towards performing connected components in hardware, such as an FPGA, which is facilitated by a linked list structure that does not grow. During a connected components graph labeling process, when a merge is encountered, the data structure comprising labels and associated equivalency data swaps the equivalency data of the two vertices whose different labels produced the merge condition.

Abstract: The subject disclosure is directed towards loading parallel memories (e.g., in one or more FPGAs) with multidimensional data in an interleaved manner such that a multidimensional patch/window may be filled with corresponding data in a single parallel read of the memories. Depending on the position of the patch, the data may be rotated horizontally and/or vertically, for example, so that the data in each patch is consistently arranged in the patch regardless of from which memory each piece of data was read. Also described is leveraging dual ported memory for multiple line reads and/or loading one part of a buffer while reading from another.