Abstract: Methods for database recovery for encrypted indexes are performed by systems and devices. A query with a decryption key is received from a client device, where the query modifies an encrypted index of a database using a secure enclave. When events requiring remedial actions for the database occur during the querying, some transactions of the query and later queries are deferred, and a remedial action is initiated that includes restarting the database. A determination of the remedial action being unsuccessful in recovering the encrypted index causes the action to be re-performed until another query having the decryption key is received whereupon the action is performed again to recover the encrypted index utilizing the decryption key. Deferred transactions are then performed with the decryption key. When a database restarts for access without secure enclaves, the encrypted index for the database is invalidated, and the remedial actions are otherwise completed or discarded.

Abstract: Database recovery can be performed in substantially constant time. From a database transaction log, the state of one or more transactions is identified including those that were active at a time of a crash but not committed. Transactions can be reapplied sequentially starting from the beginning of a last successful checkpoint to the end of the transaction log. Uncommitted user transactions are not undone synchronously, but simply marked as aborted. Subsequently, versions of affected data elements can be reverted back to a prior saved version asynchronously.

Abstract: A method may include receiving a database command to sort an unsorted dataset; dividing a sort operation, for sorting the unsorted dataset, into a plurality of portions; performing a first portion of the sort operation; persisting intermediate results from the first portion of the sort operation; and persisting a state of the sort operation identifying the portions of the sort operation have been performed.

Abstract: A database command is received from a user for modifying an existing data structure or creating a new data structure. The database command is used to construct a query that is provided to a query optimizer component where the query is transformed into a first query execution plan including operations that persist operation state. Some data specified in the query is received, and some of the new data structure is constructed by executing some of the first query plan. While receiving some of data specified in the query and constructing some of the new data structure, operation state of execution is persisted. When an interruption of execution of the first query plan occurs, an updated query plan is generated using persisted operation state. External updates occur, before or after the interruption, but before executing the updated query plan. The external updates are transactionally validated.

Abstract: Methods, systems, apparatuses, and computer program products are provided for secure handling of queries by a data server and a database application. A parameterized query is received from a client. Table column metadata is loaded for one or more table columns referenced by the parameterized query. Datatypes of expressions in the parameterized query are derived with any parameters and variables of the parameterized query indicated as having unknown datatypes. Unsupported datatype conversions in the parameterized query are determined. An encryption scheme is inferred for any parameters and variables to generate an inferred encryption scheme set. The datatypes of expressions in the parameterized query are re-derived with any parameters and variables having their inferred encryption schemes. Encryption key metadata corresponding to the inferred encryption scheme set is loaded. An encryption configuration is transmitted to the client that includes the inferred encryption scheme for any parameters and variables.

Abstract: A “Database Confidentiality System” provides various techniques for using server-side trusted computing in combination with configurable type metadata and user- or system-definable rules associated with individual database fields to implement database confidentiality. In various implementations, type metadata and one or more rules are added to each database field. Metadata includes a domain, method of encryption, and a pointer to an encryption key used to encrypt the data in the corresponding field. The rules define one or more operations allowed on the corresponding data types. The type metadata and rules are optionally integrity protected and/or encrypted to avoid unauthorized changes or access. Various encryption techniques (e.g., probabilistic, Paillier, etc.) allow some computations to be performed in an untrusted environment without access to the encryption key.

Abstract: Computer systems, devices, and associated methods of evaluating an expression comprising restricted data are disclosed herein. In one embodiment, a method includes receiving a database statement from a client application and verifying the authenticity of the database statement. If the database statement is authentic, an approved expression is identified in the database statement for creating an evaluation rule. The method further includes restricting evaluation of expressions in a protected computing environment according to the created evaluation rule.

Abstract: Consistent read queries are enabled from a secondary compute node. In response to a read query, a page of data can be requested from a storage node with a first log sequence number indicating an update state of a local store of a compute node. The page of data can be received from the storage node with a second log sequence number indicating an update state of the page. Processing can be deferred until the first log sequence number is greater than or equal to the second log sequence number, wherein the first log sequence number is updated in response to automatic updates of the local store. A row of data can be retrieved from the page in accordance with the request. Further, a version of the row of data can be retrieved that has a timestamp equal to or before a timestamp associated with initiation of the read request.

Abstract: Database recovery can be performed in substantially constant time. From a database transaction log, the state of one or more transactions is identified including those that were active at a time of a crash but not committed. Transactions can be reapplied sequentially starting from the beginning of a last successful checkpoint to the end of the transaction log. Uncommitted user transactions are not undone synchronously, but simply marked as aborted. Subsequently, versions of affected data elements can be reverted back to a prior saved version asynchronously.

Abstract: Computer systems, devices, and associated methods of optimizing the execution of instructions of a database statement by a database server are disclosed herein. In one embodiment, a method includes identifying a potential execution plan for executing instructions of the database statement and estimating a cost for executing the execution plan. The cost can comprise an encrypted data processing cost associated with a operation in the execution plan of executing an operation on encrypted data in a protected computing environment. The method can include estimating the encrypted data processing cost in the protected computing environment based on statistics generated in the protected computing environment about a database table. In response to estimating the cost for executing the execution plan, comparing the cost to estimated costs of alternative execution plans, selecting the lowest-cost plan for execution, and executing the lowest-cost execution plan.

Abstract: A relational database system that implements persistent version storage may include an in-row module that is executable by one or more processors to implement an in-row scheme by storing in-row previous version information within a payload of a row within a database page. The relational database system may additionally include an off-row module that is executable by the one or more processors to implement an off-row scheme by storing off-row previous version information in an off-row page that is separate from the database page. The relational database system may additionally include a storage policy that defines when previous version information is stored in accordance with the in-row scheme and when the previous version information is stored in accordance with the off-row scheme. The relational database system may additionally include a cleanup module that cleans up older versions when they are deemed unnecessary by the system.

Abstract: Methods, systems, apparatuses, and computer program products are provided for processing queries. A data server includes a query processor configured to receive a query from a database application, which was received by the database application from a requestor. The query is directed to data stored at the data server. The query processor includes a deferred evaluation determiner and deferred expression determiner. The deferred evaluation determiner is configured to analyze the query, and to designate the query for deferred evaluation by the database application if a predetermined factor is met, such as the query including an operation on encrypted data that is not supported at the data server. The deferred expression determiner is configured to determine expression evaluation information for evaluating at least a portion of the query at the database application. The query processor provides the encrypted data and the expression evaluation information to the database application for evaluation.

Abstract: A method may include receiving a database command to sort an unsorted dataset; dividing a sort operation, for sorting the unsorted dataset, into a plurality of portions; performing a first portion of the sort operation; persisting intermediate results from the first portion of the sort operation; and persisting a state of the sort operation identifying the portions of the sort operation have been performed.

Abstract: A system and method of enabling row level security through security policies is disclosed herein. In this system and method, a computing device may be communicatively coupled to a storage device. The computing device may further be activated and maintain data that comprises a plurality of rows. When executed by the computing device, the system and method may process a data definition language statement comprising a security policy definition. Further, the system and method may receive a query language statement comprising a request to access a first column of a row from the plurality of rows. The system and method may process the request and determine if access may be granted to a user based on the security policy definition in the system.

Abstract: Methods, systems, apparatuses, and computer program products are provided for secure handling of queries by a data server and a database application. A parameterized query is received from a client. Table column metadata is loaded for one or more table columns referenced by the parameterized query. Datatypes of expressions in the parameterized query are derived with any parameters and variables of the parameterized query indicated as having unknown datatypes. Unsupported datatype conversions in the parameterized query are determined. An encryption scheme is inferred for any parameters and variables to generate an inferred encryption scheme set. The datatypes of expressions in the parameterized query are re-derived with any parameters and variables having their inferred encryption schemes. Encryption key metadata corresponding to the inferred encryption scheme set is loaded. An encryption configuration is transmitted to the client that includes the inferred encryption scheme for any parameters and variables.

Abstract: Methods, systems, apparatuses, and computer program products are provided for secure handling of queries by a data server and a database application. A parameterized query is received from a client. Table column metadata is loaded for one or more table columns referenced by the parameterized query. Datatypes of expressions in the parameterized query are derived with any parameters and variables of the parameterized query indicated as having unknown datatypes. Unsupported datatype conversions in the parameterized query are determined. An encryption scheme is inferred for any parameters and variables to generate an inferred encryption scheme set. The datatypes of expressions in the parameterized query are re-derived with any parameters and variables having their inferred encryption schemes. Encryption key metadata corresponding to the inferred encryption scheme set is loaded. An encryption configuration is transmitted to the client that includes the inferred encryption scheme for any parameters and variables.

Abstract: Computer systems, devices, and associated methods of optimizing the execution of instructions of a database statement by a database server are disclosed herein. In one embodiment, a method includes identifying a potential execution plan for executing instructions of the database statement and estimating a cost for executing the execution plan. The cost can comprise an encrypted data processing cost associated with a operation in the execution plan of executing an operation on encrypted data in a protected computing environment. The method can include estimating the encrypted data processing cost in the protected computing environment based on statistics generated in the protected computing environment about a database table. In response to estimating the cost for executing the execution plan, comparing the cost to estimated costs of alternative execution plans, selecting the lowest-cost plan for execution, and executing the lowest-cost execution plan.

Abstract: Computer systems, devices, and associated methods of evaluating an expression comprising restricted data are disclosed herein. In one embodiment, a method includes receiving a database statement from a client application and verifying the authenticity of the database statement. If the database statement is authentic, an approved expression is identified in the database statement for creating an evaluation rule. The method further includes restricting evaluation of expressions in a protected computing environment according to the created evaluation rule.

Abstract: A database command is received from a user for modifying an existing data structure or creating a new data structure. The database command is used to construct a query that is provided to a query optimizer component where the query is transformed into a first query execution plan including operations that persist operation state. Some data specified in the query is received, and some of the new data structure is constructed by executing some of the first query plan. While receiving some of data specified in the query and constructing some of the new data structure, operation state of execution is persisted. When an interruption of execution of the first query plan occurs, an updated query plan is generated using persisted operation state. External updates occur, before or after the interruption, but before executing the updated query plan. The external updates are transactionally validated.

Abstract: A “Database Confidentiality System” provides various techniques for using server-side trusted computing in combination with configurable type metadata and user- or system-definable rules associated with individual database fields to implement database confidentiality. In various implementations, type metadata and one or more rules are added to each database field. Metadata includes a domain, method of encryption, and a pointer to an encryption key used to encrypt the data in the corresponding field. The rules define one or more operations allowed on the corresponding data types. The type metadata and rules are optionally integrity protected and/or encrypted to avoid unauthorized changes or access. Various encryption techniques (e.g., probabilistic, Paillier, etc.) allow some computations to be performed in an untrusted environment without access to the encryption key.