Submit Search
Upload
DB vs. encryption
•
0 likes
•
111 views
T
Tomas Vondra
Follow
Lightning talk introducing the idea of off-loading encryption to a trusted component.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 19
Download now
Download to read offline
Recommended
LDAP Injection
LDAP Injection
NSConclave
App Security and Securing App
App Security and Securing App
Andreas Schranzhofer
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Greg Bailey
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
Docker, Inc.
Shift Left Security
Shift Left Security
gjdevos
Recommended
LDAP Injection
LDAP Injection
NSConclave
App Security and Securing App
App Security and Securing App
Andreas Schranzhofer
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Greg Bailey
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
Docker, Inc.
Shift Left Security
Shift Left Security
gjdevos
Security in open source projects
Security in open source projects
Jose Manuel Ortega Candel
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
ScyllaDB
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Saurabh Verma
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2
Fluentd - Unified logging layer
Fluentd - Unified logging layer
Treasure Data, Inc.
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
Márton Kodok
G Data Retail 2011 English
G Data Retail 2011 English
Daniel Chee
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
Paula Januszkiewicz
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
Coding Security: Code Mania 101
Coding Security: Code Mania 101
Narudom Roongsiriwong, CISSP
Secure Programming
Secure Programming
alpha0
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
Vlad Fedosov
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
Giovanni Galloro
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebula Project
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
Dmytro Korzhevin
(In) Security graph database in real world
(In) Security graph database in real world
Miguel Hernández Boza
Enhance system transparency and truthfulness with request tracing
Enhance system transparency and truthfulness with request tracing
Sam Keen
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
Miguel Angel Fajardo
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Rod Soto
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
Andrew Liu
CREATE STATISTICS - What is it for? (PostgresLondon)
CREATE STATISTICS - What is it for? (PostgresLondon)
Tomas Vondra
Data corruption
Data corruption
Tomas Vondra
More Related Content
Similar to DB vs. encryption
Security in open source projects
Security in open source projects
Jose Manuel Ortega Candel
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
ScyllaDB
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Saurabh Verma
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2
Fluentd - Unified logging layer
Fluentd - Unified logging layer
Treasure Data, Inc.
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
Márton Kodok
G Data Retail 2011 English
G Data Retail 2011 English
Daniel Chee
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
Paula Januszkiewicz
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
Coding Security: Code Mania 101
Coding Security: Code Mania 101
Narudom Roongsiriwong, CISSP
Secure Programming
Secure Programming
alpha0
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
Vlad Fedosov
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
Giovanni Galloro
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebula Project
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
Dmytro Korzhevin
(In) Security graph database in real world
(In) Security graph database in real world
Miguel Hernández Boza
Enhance system transparency and truthfulness with request tracing
Enhance system transparency and truthfulness with request tracing
Sam Keen
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
Miguel Angel Fajardo
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Rod Soto
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
Andrew Liu
Similar to DB vs. encryption
(20)
Security in open source projects
Security in open source projects
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
Fluentd - Unified logging layer
Fluentd - Unified logging layer
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
G Data Retail 2011 English
G Data Retail 2011 English
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Coding Security: Code Mania 101
Coding Security: Code Mania 101
Secure Programming
Secure Programming
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
(In) Security graph database in real world
(In) Security graph database in real world
Enhance system transparency and truthfulness with request tracing
Enhance system transparency and truthfulness with request tracing
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
More from Tomas Vondra
CREATE STATISTICS - What is it for? (PostgresLondon)
CREATE STATISTICS - What is it for? (PostgresLondon)
Tomas Vondra
Data corruption
Data corruption
Tomas Vondra
CREATE STATISTICS - what is it for?
CREATE STATISTICS - what is it for?
Tomas Vondra
PostgreSQL performance improvements in 9.5 and 9.6
PostgreSQL performance improvements in 9.5 and 9.6
Tomas Vondra
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
Tomas Vondra
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
Tomas Vondra
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Tomas Vondra
Performance improvements in PostgreSQL 9.5 and beyond
Performance improvements in PostgreSQL 9.5 and beyond
Tomas Vondra
Postgresql na EXT3/4, XFS, BTRFS a ZFS
Postgresql na EXT3/4, XFS, BTRFS a ZFS
Tomas Vondra
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Tomas Vondra
Novinky v PostgreSQL 9.4 a JSONB
Novinky v PostgreSQL 9.4 a JSONB
Tomas Vondra
PostgreSQL performance archaeology
PostgreSQL performance archaeology
Tomas Vondra
Výkonnostní archeologie
Výkonnostní archeologie
Tomas Vondra
Český fulltext a sdílené slovníky
Český fulltext a sdílené slovníky
Tomas Vondra
SSD vs HDD / WAL, indexes and fsync
SSD vs HDD / WAL, indexes and fsync
Tomas Vondra
Checkpoint (CSPUG 22.11.2011)
Checkpoint (CSPUG 22.11.2011)
Tomas Vondra
Čtení explain planu (CSPUG 21.6.2011)
Čtení explain planu (CSPUG 21.6.2011)
Tomas Vondra
Replikace (CSPUG 19.4.2011)
Replikace (CSPUG 19.4.2011)
Tomas Vondra
PostgreSQL / Performance monitoring
PostgreSQL / Performance monitoring
Tomas Vondra
More from Tomas Vondra
(19)
CREATE STATISTICS - What is it for? (PostgresLondon)
CREATE STATISTICS - What is it for? (PostgresLondon)
Data corruption
Data corruption
CREATE STATISTICS - what is it for?
CREATE STATISTICS - what is it for?
PostgreSQL performance improvements in 9.5 and 9.6
PostgreSQL performance improvements in 9.5 and 9.6
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Performance improvements in PostgreSQL 9.5 and beyond
Performance improvements in PostgreSQL 9.5 and beyond
Postgresql na EXT3/4, XFS, BTRFS a ZFS
Postgresql na EXT3/4, XFS, BTRFS a ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Novinky v PostgreSQL 9.4 a JSONB
Novinky v PostgreSQL 9.4 a JSONB
PostgreSQL performance archaeology
PostgreSQL performance archaeology
Výkonnostní archeologie
Výkonnostní archeologie
Český fulltext a sdílené slovníky
Český fulltext a sdílené slovníky
SSD vs HDD / WAL, indexes and fsync
SSD vs HDD / WAL, indexes and fsync
Checkpoint (CSPUG 22.11.2011)
Checkpoint (CSPUG 22.11.2011)
Čtení explain planu (CSPUG 21.6.2011)
Čtení explain planu (CSPUG 21.6.2011)
Replikace (CSPUG 19.4.2011)
Replikace (CSPUG 19.4.2011)
PostgreSQL / Performance monitoring
PostgreSQL / Performance monitoring
Recently uploaded
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Recently uploaded
(20)
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
DB vs. encryption
1.
DB vs. encryption
2.
credit card numbers
3.
credit card numbers (or
anything sensitive)
4.
full-disk encryption ● ● ● ● pgcrypto
5.
full-disk encryption ● data-at-rest
protection (theft of device) ● SQL injection ● filesystem-level access ● evil DBA pgcrypto
6.
full-disk encryption ● data-at-rest
protection (theft of device) ● SQL injection ● filesystem-level access ● evil DBA pgcrypto ● data-in-flight protection ● easy to leak key into logs / monitoring systems
7.
application-level encryption
8.
application (encrypt + decrypt) database
9.
can't compare /
hash values => no indexing, aggregation, ...
10.
can't compare /
hash values => no indexing, aggregation, ... (a lot of processing moves to app)
11.
So what can
we do about it?
12.
application (encrypt + decrypt) database
13.
application (encrypt + decrypt) database crypto (compare)
14.
application (encrypt + decrypt) database crypto (compare) compare(A,B)
15.
application (encrypt + decrypt) database crypto (compare) compare(A,B) -1/0/1
16.
application (encrypt + decrypt) database ●
CREATE INDEX ● GROUP BY ● WHERE crypto (compare)
17.
host B host C application (encrypt
+ decrypt) database ● CREATE INDEX ● GROUP BY ● WHERE crypto (compare) host A TCP
18.
host B TrustZone /
SGX HSM / usbarmory application (encrypt + decrypt) database ● CREATE INDEX ● GROUP BY ● WHERE crypto (compare) host A IPC
19.
https://github.com/tvondra/ccnumber ● PoC /
ugly prototype ● custom encrypted data type ● trusted component (comparator) ● communication over TCP/IP
Download now