Abstract: Methods for centralized access control for cloud relational database management system resources are performed by systems and devices. The methods utilize a central policy storage, managed externally to database servers, which stores external policies for access to internal database resources at up to fine granularity. Database servers in the processing system each receive external access policies that correspond to users of the system by push or pull operations from the central policy storage, and store the external access policies in a cache of the database servers for databases. For resource access, access conditions are determined via policy engines of database servers based on an external access policy in the cache that corresponds to a user, responsive to a resource access request from a device of the user specifying the internal resource. Data associated with the resource is provided to the user based on the access condition being met.

Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).

Abstract: Methods for asynchronously determining relational data integrity using cryptographic data structures are performed by systems and devices. Changes in current tables of relational databases are reflected in associated history tables. Cryptographic hybrid blockchain ledgers are updated with transaction records, for entry changes in current and history tables, including transaction information and hash values of corresponding entry changes. Hybrid blockchain ledgers also include root hash values of Merkle trees of transaction records in current blocks, and hash values of prior blocks. A current block receipt is asynchronously generated and provided as a single hash value from which the validity states of the tables and ledger are able to be verified. Cryptographic receipts of specific transactions reflected in table entry changes are generated and provide immutable evidence of specific transaction existence for users.

Abstract: Methods for asynchronously determining relational data integrity using cryptographic data structures are performed by systems and devices. Changes in current tables of relational databases are reflected in associated history tables. Cryptographic hybrid blockchain ledgers are updated with transaction records, for entry changes in current and history tables, including transaction information and hash values of corresponding entry changes. Hybrid blockchain ledgers also include root hash values of Merkle trees of transaction records in current blocks, and hash values of prior blocks. A current block receipt is asynchronously generated and provided as a single hash value from which the validity states of the tables and ledger are able to be verified. Cryptographic receipts of specific transactions reflected in table entry changes are generated and provide immutable evidence of specific transaction existence for users.

Abstract: Methods for centralized access control for cloud relational database management system resources are performed by systems and devices. The methods utilize a central policy storage, managed externally to database servers, which stores external policies for access to internal database resources at up to fine granularity. Database servers in the processing system each receive external access policies that correspond to users of the system by push or pull operations from the central policy storage, and store the external access policies in a cache of the database servers for databases. For resource access, access conditions are determined via policy engines of database servers based on an external access policy in the cache that corresponds to a user, responsive to a resource access request from a device of the user specifying the internal resource. Data associated with the resource is provided to the user based on the access condition being met.

Abstract: Methods for asynchronously determining relational data integrity using cryptographic data structures are performed by systems and devices. Changes in current tables of relational databases are reflected in associated history tables. Cryptographic hybrid blockchain ledgers are updated with transaction records, for entry changes in current and history tables, including transaction information and hash values of corresponding entry changes. Hybrid blockchain ledgers also include root hash values of Merkle trees of transaction records in current blocks, and hash values of prior blocks. A current block receipt is asynchronously generated and provided as a single hash value from which the validity states of the tables and ledger are able to be verified. Cryptographic receipts of specific transactions reflected in table entry changes are generated and provide immutable evidence of specific transaction existence for users.

Abstract: Methods for database recovery for encrypted indexes are performed by systems and devices. A query with a decryption key is received from a client device, where the query modifies an encrypted index of a database using a secure enclave. When events requiring remedial actions for the database occur during the querying, some transactions of the query and later queries are deferred, and a remedial action is initiated that includes restarting the database. A determination of the remedial action being unsuccessful in recovering the encrypted index causes the action to be re-performed until another query having the decryption key is received whereupon the action is performed again to recover the encrypted index utilizing the decryption key. Deferred transactions are then performed with the decryption key. When a database restarts for access without secure enclaves, the encrypted index for the database is invalidated, and the remedial actions are otherwise completed or discarded.

Abstract: A “Database Confidentiality System” provides various techniques for using server-side trusted computing in combination with configurable type metadata and user- or system-definable rules associated with individual database fields to implement database confidentiality. In various implementations, type metadata and one or more rules are added to each database field. Metadata includes a domain, method of encryption, and a pointer to an encryption key used to encrypt the data in the corresponding field. The rules define one or more operations allowed on the corresponding data types. The type metadata and rules are optionally integrity protected and/or encrypted to avoid unauthorized changes or access. Various encryption techniques (e.g., probabilistic, Paillier, etc.) allow some computations to be performed in an untrusted environment without access to the encryption key.

Abstract: Computer systems, devices, and associated methods of evaluating an expression comprising restricted data are disclosed herein. In one embodiment, a method includes receiving a database statement from a client application and verifying the authenticity of the database statement. If the database statement is authentic, an approved expression is identified in the database statement for creating an evaluation rule. The method further includes restricting evaluation of expressions in a protected computing environment according to the created evaluation rule.

Abstract: Computer systems, devices, and associated methods of optimizing the execution of instructions of a database statement by a database server are disclosed herein. In one embodiment, a method includes identifying a potential execution plan for executing instructions of the database statement and estimating a cost for executing the execution plan. The cost can comprise an encrypted data processing cost associated with a operation in the execution plan of executing an operation on encrypted data in a protected computing environment. The method can include estimating the encrypted data processing cost in the protected computing environment based on statistics generated in the protected computing environment about a database table. In response to estimating the cost for executing the execution plan, comparing the cost to estimated costs of alternative execution plans, selecting the lowest-cost plan for execution, and executing the lowest-cost execution plan.

Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.

Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).

Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).

Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.

Abstract: Computer systems, devices, and associated methods of optimizing the execution of instructions of a database statement by a database server are disclosed herein. In one embodiment, a method includes identifying a potential execution plan for executing instructions of the database statement and estimating a cost for executing the execution plan. The cost can comprise an encrypted data processing cost associated with a operation in the execution plan of executing an operation on encrypted data in a protected computing environment. The method can include estimating the encrypted data processing cost in the protected computing environment based on statistics generated in the protected computing environment about a database table. In response to estimating the cost for executing the execution plan, comparing the cost to estimated costs of alternative execution plans, selecting the lowest-cost plan for execution, and executing the lowest-cost execution plan.

Abstract: Computer systems, devices, and associated methods of evaluating an expression comprising restricted data are disclosed herein. In one embodiment, a method includes receiving a database statement from a client application and verifying the authenticity of the database statement. If the database statement is authentic, an approved expression is identified in the database statement for creating an evaluation rule. The method further includes restricting evaluation of expressions in a protected computing environment according to the created evaluation rule.

Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.

Abstract: A “Database Confidentiality System” provides various techniques for using server-side trusted computing in combination with configurable type metadata and user- or system-definable rules associated with individual database fields to implement database confidentiality. In various implementations, type metadata and one or more rules are added to each database field. Metadata includes a domain, method of encryption, and a pointer to an encryption key used to encrypt the data in the corresponding field. The rules define one or more operations allowed on the corresponding data types. The type metadata and rules are optionally integrity protected and/or encrypted to avoid unauthorized changes or access. Various encryption techniques (e.g., probabilistic, Paillier, etc.) allow some computations to be performed in an untrusted environment without access to the encryption key.

Abstract: Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (UM) is controlled. The controlling includes generating a request for a data operation on the set of data. The request includes an authentication portion. The request is sent to the UM. A response to the request is received from the UM. The response includes cryptographic verification information attesting the integrity of the data operation with respect to prior data operations on the set of data. The response includes results from deferred verification at a trusted module (TM).

Abstract: A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.