Submit Search
Upload
Transparent Data Encryption in PostgreSQL
•
6 likes
•
10,103 views
Masahiko Sawada
Follow
Talk at PGCon 2019
Read less
Read more
Software
Report
Share
Report
Share
1 of 38
Download now
Download to read offline
Recommended
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
PostgreSQL replication
PostgreSQL replication
NTT DATA OSS Professional Services
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Flink Forward
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
DataWorks Summit/Hadoop Summit
Sizing Your MongoDB Cluster
Sizing Your MongoDB Cluster
MongoDB
Elk
Elk
Caleb Wang
Presto on Apache Spark: A Tale of Two Computation Engines
Presto on Apache Spark: A Tale of Two Computation Engines
Databricks
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQL
Kohei KaiGai
Recommended
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Masahiko Sawada
PostgreSQL replication
PostgreSQL replication
NTT DATA OSS Professional Services
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Flink Forward
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
DataWorks Summit/Hadoop Summit
Sizing Your MongoDB Cluster
Sizing Your MongoDB Cluster
MongoDB
Elk
Elk
Caleb Wang
Presto on Apache Spark: A Tale of Two Computation Engines
Presto on Apache Spark: A Tale of Two Computation Engines
Databricks
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQL
Kohei KaiGai
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Databricks
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Flink Forward
MySQL GTID 시작하기
MySQL GTID 시작하기
I Goo Lee
MariaDB MaxScale
MariaDB MaxScale
MariaDB plc
Substrait Overview.pdf
Substrait Overview.pdf
Rinat Abdullin
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
Nelson Calero
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Tanel Poder
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2
Abdelkrim Hadjidj
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Zohar Elkayam
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Adam Doyle
Apache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic Datasets
Alluxio, Inc.
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning Fundamentals
Enkitec
CoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFi
Timothy Spann
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The Hood
Ludovico Caldara
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Flink Forward
Oracle Database performance tuning using oratop
Oracle Database performance tuning using oratop
Sandesh Rao
How to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor Netty
VMware Tanzu
Introducing Change Data Capture with Debezium
Introducing Change Data Capture with Debezium
ChengKuan Gan
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs
PGConf APAC
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
DataStax
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
Transparent Encryption in HDFS
Transparent Encryption in HDFS
DataWorks Summit
More Related Content
What's hot
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Databricks
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Flink Forward
MySQL GTID 시작하기
MySQL GTID 시작하기
I Goo Lee
MariaDB MaxScale
MariaDB MaxScale
MariaDB plc
Substrait Overview.pdf
Substrait Overview.pdf
Rinat Abdullin
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
Nelson Calero
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Tanel Poder
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2
Abdelkrim Hadjidj
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Zohar Elkayam
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Adam Doyle
Apache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic Datasets
Alluxio, Inc.
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning Fundamentals
Enkitec
CoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFi
Timothy Spann
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The Hood
Ludovico Caldara
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Flink Forward
Oracle Database performance tuning using oratop
Oracle Database performance tuning using oratop
Sandesh Rao
How to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor Netty
VMware Tanzu
Introducing Change Data Capture with Debezium
Introducing Change Data Capture with Debezium
ChengKuan Gan
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs
PGConf APAC
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
DataStax
What's hot
(20)
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
MySQL GTID 시작하기
MySQL GTID 시작하기
MariaDB MaxScale
MariaDB MaxScale
Substrait Overview.pdf
Substrait Overview.pdf
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic Datasets
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning Fundamentals
CoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFi
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The Hood
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Oracle Database performance tuning using oratop
Oracle Database performance tuning using oratop
How to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor Netty
Introducing Change Data Capture with Debezium
Introducing Change Data Capture with Debezium
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Similar to Transparent Data Encryption in PostgreSQL
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
Transparent Encryption in HDFS
Transparent Encryption in HDFS
DataWorks Summit
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
Hakka Labs
InnoDB Tablespace Encryption
InnoDB Tablespace Encryption
Satya Bodapati
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
Imperva Incapsula
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Alluxio, Inc.
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Neo4j
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon Gershinsky
GidonGershinsky
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Severalnines
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet Encryption
Databricks
Kudu: Fast Analytics on Fast Data
Kudu: Fast Analytics on Fast Data
michaelguia
Blbs tn-double-the-power-half-the-space-uslet-en
Blbs tn-double-the-power-half-the-space-uslet-en
Bloombase
MySQL Data Encryption at Rest
MySQL Data Encryption at Rest
Mydbops
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Maaz Anjum
Feature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with Encryption
LF Events
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
Scott Carlson
Engineering an Encrypted Storage Engine
Engineering an Encrypted Storage Engine
MongoDB
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems
Baruch Osoveskiy
The Pendulum Swings Back: Converged and Hyperconverged Environments
The Pendulum Swings Back: Converged and Hyperconverged Environments
Tony Pearson
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
VirtualTech Japan Inc.
Similar to Transparent Data Encryption in PostgreSQL
(20)
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Transparent Encryption in HDFS
Transparent Encryption in HDFS
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
InnoDB Tablespace Encryption
InnoDB Tablespace Encryption
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon Gershinsky
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet Encryption
Kudu: Fast Analytics on Fast Data
Kudu: Fast Analytics on Fast Data
Blbs tn-double-the-power-half-the-space-uslet-en
Blbs tn-double-the-power-half-the-space-uslet-en
MySQL Data Encryption at Rest
MySQL Data Encryption at Rest
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Feature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with Encryption
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
Engineering an Encrypted Storage Engine
Engineering an Encrypted Storage Engine
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems
The Pendulum Swings Back: Converged and Hyperconverged Environments
The Pendulum Swings Back: Converged and Hyperconverged Environments
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
More from Masahiko Sawada
PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説
Masahiko Sawada
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
Masahiko Sawada
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報
Masahiko Sawada
Vacuum徹底解説
Vacuum徹底解説
Masahiko Sawada
PostgreSQL 12の話
PostgreSQL 12の話
Masahiko Sawada
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
Masahiko Sawada
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQL
Masahiko Sawada
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Masahiko Sawada
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説
Masahiko Sawada
Vacuum more efficient than ever
Vacuum more efficient than ever
Masahiko Sawada
Vacuumとzheap
Vacuumとzheap
Masahiko Sawada
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーション
Masahiko Sawada
Parallel Vacuum
Parallel Vacuum
Masahiko Sawada
PostgreSQLでスケールアウト
PostgreSQLでスケールアウト
Masahiko Sawada
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
Masahiko Sawada
PostgreSQL10徹底解説
PostgreSQL10徹底解説
Masahiko Sawada
FDW-based Sharding Update and Future
FDW-based Sharding Update and Future
Masahiko Sawada
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributor
Masahiko Sawada
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介
Masahiko Sawada
pg_bigmと類似度検索
pg_bigmと類似度検索
Masahiko Sawada
More from Masahiko Sawada
(20)
PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報
Vacuum徹底解説
Vacuum徹底解説
PostgreSQL 12の話
PostgreSQL 12の話
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQL
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説
Vacuum more efficient than ever
Vacuum more efficient than ever
Vacuumとzheap
Vacuumとzheap
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーション
Parallel Vacuum
Parallel Vacuum
PostgreSQLでスケールアウト
PostgreSQLでスケールアウト
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
PostgreSQL10徹底解説
PostgreSQL10徹底解説
FDW-based Sharding Update and Future
FDW-based Sharding Update and Future
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributor
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介
pg_bigmと類似度検索
pg_bigmと類似度検索
Recently uploaded
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
Software Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
Arshad QA
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
bodapatigopi8531
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
ThousandEyes
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Fatema Valibhai
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
MyIntelliSource, Inc.
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
Andolasoft Inc
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
ABDERRAOUF MEHENNI
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
kalichargn70th171
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
anilsa9823
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
aagamshah0812
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Jhone kinadey
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
Wave PLM
Recently uploaded
(20)
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Software Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
Transparent Data Encryption in PostgreSQL
1.
Copyright©2019 NTT Corp.
All Rights Reserved. Transparent Data Encryption in PostgreSQL NTT Open Source Software Center Masahiko Sawada PGCon 2019
2.
2Copyright©2019 NTT Corp.
All Rights Reserved. • Database servers are often the primary target of the following attacks • Privilege abuse • Database SQL injections attacks • Storage media theft • Eavesdropping attacks between client and server • etc. Database Security Threats DB administratorApplications Database server Eavesdropping attacks SQL injections Privilege abuse Physical storage theft
3.
3Copyright©2019 NTT Corp.
All Rights Reserved. Encryption Database Server Application Server
4.
4Copyright©2019 NTT Corp.
All Rights Reserved. • Protect data from attacks bypassing database access control layer(ACL) • Read database file directly • Taking a backup • Doesn’t protect from attacks by malicious “privileged” users • SELECT SQL command by superuser • Data is not encrypted while being used • On shared buffer, on network • Often implements as transparent data encryption(TDE) Data at rest Encryption
5.
5Copyright©2019 NTT Corp.
All Rights Reserved. • Full disk encryption (e.g. dmcrypt) is platform dependent • Doesn’t protect data from logged-in OS users How About Full Disk Encryption?
6.
6Copyright©2019 NTT Corp.
All Rights Reserved. • Provide set of cryptographic functions • A convenient tool But, • Not transparent to users • Need to modify SQL, application code • Triggers and views help • Could be a cause of performance overhead • Data needs to be decrypted every time it is accessed How About contrib/pgcrypto?
7.
7Copyright©2019 NTT Corp.
All Rights Reserved. Transparent Data Encryption in PostgreSQL
8.
8Copyright©2019 NTT Corp.
All Rights Reserved. Per tablespace encryption • CREATE TABLESPACE enctblsp ... WITH (encryption = on); • Fine grained control • Specified table and its indexes, TOAST table and WAL are transparently encrypted • Also encrypt other objects such as system catalogs and temporary files • Under discussion on pgsql-hackers • [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) Proposal
9.
9Copyright©2019 NTT Corp.
All Rights Reserved. PostgreSQL I/O Architecture postgres Shared Buffer Disk postgres postgres Page Cache (Kernel) raw block data
10.
10Copyright©2019 NTT Corp.
All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer Backend processes read pages from the shared buffers and modify them.
11.
11Copyright©2019 NTT Corp.
All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer bgwriter periodically writes the dirty pages out to the kernel page cache.
12.
12Copyright©2019 NTT Corp.
All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres raw block data Shared Buffer Page Cache (Kernel) Dirty pages are flushed to the disk by the checkpointer or the kernel.
13.
13Copyright©2019 NTT Corp.
All Rights Reserved. Buffer Level Encryption (our solution) postgres Shared Buffer Disk Pros: • Relatively less execution of encryption and decryption • Prevent peeking file on disk Cons: • Possibly repeated encryption and decryption of same data if the database doesn’t fit in shared buffers postgres postgres Page Cache (Kernel) raw data encrypted data
14.
14Copyright©2019 NTT Corp.
All Rights Reserved. Latency (90%tile): vanilla: 1.98 ms, TDE: 2.01 ms, pgcrypto: 2.28 ms Results 6000 6500 7000 7500 8000 8500 20 40 60 80 100 120 140 160 180 200 220 240 260 280 300 TPS Duraiton(sec) TPS comparison (R:100,W:3) vanilla tde pgcrypto 8000 8500 9000 9500 10000 10500 11000 10 30 50 70 90 110 130 150 170 190 210 230 250 270 TPS Duration (sec) TPS comparison (R:100) vanilla tde pgcrypto Latency (90%tile): vanilla: 2.32 ms, TDE: 2.45 ms, pgcrypto: 2.66 ms DB size < shared buffers DB size > shared buffers
15.
15Copyright©2019 NTT Corp.
All Rights Reserved. • Advanced Encryption Standard(AES) • Symmetric key algorithm • AES-256 • Block cipher • 16 bytes block size • Using openssl is preferable (--with-openssl) • AES-NI • Block cipher mode of operation • CBC or XTS How To Encrypt
16.
16Copyright©2019 NTT Corp.
All Rights Reserved. • For faster key rotation • Master key • Stored outside the database • Encrypt/Decrypt tablespace keys • One key per database cluster • Tablespace Key (= data key) • Stored inside the database • Encrypt/Decrypt database objects • One key per tablespace 2-Tier Key Hierarchy Master Key Encrypt/Decrypt Encrypt/ Decrypt External Location Database Server ENCRYPTED DATA Tablespace key
17.
17Copyright©2019 NTT Corp.
All Rights Reserved. • For faster key rotation • Master key • Stored outside the database • Encrypt/Decrypt tablespace keys • One key per database cluster • Tablespace Key (= data key) • Stored inside the database • Encrypt/Decrypt database objects • One key per tablespace 2-Tier Key Hierarchy Master Key Encrypt/Decrypt Encrypt/ Decrypt External Location Database Server ENCRYPTED DATA Tablespace key New Master Key
18.
18Copyright©2019 NTT Corp.
All Rights Reserved. • Key management is very important • How can we robustly manage the master key? • Better leave it to a specialist • Usually support some kinds of protocols • KMIP, HTTPS etc Key Management
19.
19Copyright©2019 NTT Corp.
All Rights Reserved. • Key manager manages a key management plugin as well as tablespace keys • Add generic interface between PostgreSQL and key management systems (Key management API) Integration with Key Management Systems Key management API get_key(), generate_key(), remove key() Encrypted file A KMS B KMS Bufmgr, smgr, encryption etc File A KMS A KMS KMIP HTTPSread/write Key manager (keyring) Encrypted Tablespace keys Shared Memory master key Local Memory Tablespace keys shared buffer
20.
20Copyright©2019 NTT Corp.
All Rights Reserved. • PostgreSQL gets the master key from KMS at startup • Cache the master key on the shared memory • Risk of key leakage when memory dump • MADV_DONTDUMP of madvise(2) helps • Risk of key leakage when swapped out • mlock(2) helps • Backend processes get the encrypted tablespace key at startup and decrypt all of them with the master key Caching Keys
21.
21Copyright©2019 NTT Corp.
All Rights Reserved. • WAL Block Encryption • Encrypt WAL block every commit time • WAL writer could encrypt • WAL Record encryption • Encrypt WAL when inserting to WAL buffer • Doesn’t encrypt WAL data that is not pertaining to encrypted tables WAL Encryption A block on WAL Buffer WAL file writeencrypt & write WAL file memcpy encrypt & memcpy 1. Encrypt WAL blocks 2. Encrypt WAL records
22.
22Copyright©2019 NTT Corp.
All Rights Reserved. • It’s more secure if we use the same encryption key for WAL encryption as that used for table • Choice #2 would be better approach WAL Encryption A block on WAL Buffer WAL file writeencrypt & write WAL file memcpy encrypt & memcpy 1. Encrypt WAL blocks 2. Encrypt WAL records
23.
23Copyright©2019 NTT Corp.
All Rights Reserved. Performance Overhead of WAL Encryption • Compare performance on insert-heavy workload • Encrypt all WAL blocks/records • pg_wal directory on tmpfs to avoid disk I/O bottleneck • Each transaction inserts a few records and commit • Max 7% degradation 1.00 1.06 1.07 1.05 1.04 0.00 0.20 0.40 0.60 0.80 1.00 1.20 No Encrytpion WAL Block WAL Record WAL Record (1/2) WAL Record (1/5) INSERT 10M rows (tempfs)
24.
24Copyright©2019 NTT Corp.
All Rights Reserved. • pg_wal on HDD • No big performance overhead Performance Overhead of WAL Encryption 1.00 1.01 1.00 0.00 0.20 0.40 0.60 0.80 1.00 1.20 No Encrytpion WAL Block WAL Record INSERT 50k rows (HDD)
25.
25Copyright©2019 NTT Corp.
All Rights Reserved. WAL Record Format XLogRecord XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogREcordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple An example of xl_heap_update (wal_level = logical) Header data No user data is stored Block data FPI and tuples are stored Main data Could also contain tuples
26.
26Copyright©2019 NTT Corp.
All Rights Reserved. WAL Record Encryption XLogRecord XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
27.
27Copyright©2019 NTT Corp.
All Rights Reserved. WAL Record Encryption XLogRecord (ENCRYPTED!) XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
28.
28Copyright©2019 NTT Corp.
All Rights Reserved. WAL Record Encryption XLogRecord (ENCRYPTED!) XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort xl_heap_update Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
29.
29Copyright©2019 NTT Corp.
All Rights Reserved. • Temporary files are written bypassing the shared buffers • base/pgsql_tmp/ • pg_replslots/ • pg_stat_statements Temporary File Encryption postgres Shared Buffer Disk temp files
30.
30Copyright©2019 NTT Corp.
All Rights Reserved. • Temporary files encryption could use “a disposable key” • Generated randomly by each backend process before use • lives only during process lifetime • No other process need to read temporary files • Interface problem • Non-uniformed file access interfaces Disposable Key
31.
31Copyright©2019 NTT Corp.
All Rights Reserved. CREATE DATABASE ... TABLESPACE enc_tblsp; • System catalogs could have user sensitive data • pg_statistics, pg_statistics_ext, pg_proc, pg_class etc • System catalogs of an encrypted database are encrypted • Encrypt all system catalogs in database that is created on a encrypted tablespace System Catalogs Encryption
32.
32Copyright©2019 NTT Corp.
All Rights Reserved. • Per tablespace, buffer-level transparent data at rest encryption • Less performance overhead • Encrypt WAL, system catalogs and temporary files as well • 2-tier key architecture • Fast key rotation • Integration with KMSs • Provide more flexible and robust key management Conclusion Remarks
33.
33Copyright©2019 NTT Corp.
All Rights Reserved. Two proposals • Cluster-wide data at rest encryption is under development • "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3 • Proposed by Antonin Houska • Per-Tablespace data at rest encryption • Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) • Proposed by Moon Insung, Masahiko Sawada Current Status
34.
34Copyright©2019 NTT Corp.
All Rights Reserved. • Further discussion on pgsql-hackers • Submit a draft version patch set for PostgreSQL 13 Future Plans
35.
35Copyright©2019 NTT Corp.
All Rights Reserved. • Block cipher mode of operation • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation • Disk encryption theory • https://en.wikipedia.org/wiki/Disk_encryption_theory#XEX- based_tweaked-codebook_mode_with_ciphertext_stealing_(XTS) Some References
36.
36Copyright©2019 NTT Corp.
All Rights Reserved. Thank you
37.
37Copyright©2019 NTT Corp.
All Rights Reserved. • CTR mode turns a block cipher into a streaming cipher • Stream cipher: byte-to-byte encryption • Unlike block mode cipher, random read is available • Used for stream data such as network packets CTR (Counter) Mode https://en.wikipedia.org/wiki/Disk_encryption_theory
38.
38Copyright©2019 NTT Corp.
All Rights Reserved. • The characteristics of WAL is quite similar to stream data • Append only • Data once written is never updated • Stream cipher doesn’t need padding even for 15 byte or less data Why Can CTR Mode be Used for WAL Encryption?
Download now