SlideShare a Scribd company logo

Transparent Data Encryption in PostgreSQL

Masahiko Sawada
Masahiko Sawada

Talk at PGCon 2019

Software
1 of 38
Download to read offline
Copyright©2019 NTT Corp. All Rights Reserved. Transparent Data Encryption in PostgreSQL NTT Open Source Software Center Masahiko Sawada PGCon 2019
2Copyright©2019 NTT Corp. All Rights Reserved. • Database servers are often the primary target of the following attacks • Privilege abuse • Database SQL injections attacks • Storage media theft • Eavesdropping attacks between client and server • etc. Database Security Threats DB administratorApplications Database server Eavesdropping attacks SQL injections Privilege abuse Physical storage theft
3Copyright©2019 NTT Corp. All Rights Reserved. Encryption Database Server Application Server
4Copyright©2019 NTT Corp. All Rights Reserved. • Protect data from attacks bypassing database access control layer(ACL) • Read database file directly • Taking a backup • Doesn’t protect from attacks by malicious “privileged” users • SELECT SQL command by superuser • Data is not encrypted while being used • On shared buffer, on network • Often implements as transparent data encryption(TDE) Data at rest Encryption
5Copyright©2019 NTT Corp. All Rights Reserved. • Full disk encryption (e.g. dmcrypt) is platform dependent • Doesn’t protect data from logged-in OS users How About Full Disk Encryption?
6Copyright©2019 NTT Corp. All Rights Reserved. • Provide set of cryptographic functions • A convenient tool But, • Not transparent to users • Need to modify SQL, application code • Triggers and views help • Could be a cause of performance overhead • Data needs to be decrypted every time it is accessed How About contrib/pgcrypto?
7Copyright©2019 NTT Corp. All Rights Reserved. Transparent Data Encryption in PostgreSQL
8Copyright©2019 NTT Corp. All Rights Reserved. Per tablespace encryption • CREATE TABLESPACE enctblsp ... WITH (encryption = on); • Fine grained control • Specified table and its indexes, TOAST table and WAL are transparently encrypted • Also encrypt other objects such as system catalogs and temporary files • Under discussion on pgsql-hackers • [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) Proposal
9Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Shared Buffer Disk postgres postgres Page Cache (Kernel) raw block data
10Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer Backend processes read pages from the shared buffers and modify them.
11Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer bgwriter periodically writes the dirty pages out to the kernel page cache.
12Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres raw block data Shared Buffer Page Cache (Kernel) Dirty pages are flushed to the disk by the checkpointer or the kernel.
13Copyright©2019 NTT Corp. All Rights Reserved. Buffer Level Encryption (our solution) postgres Shared Buffer Disk Pros: • Relatively less execution of encryption and decryption • Prevent peeking file on disk Cons: • Possibly repeated encryption and decryption of same data if the database doesn’t fit in shared buffers postgres postgres Page Cache (Kernel) raw data encrypted data
14Copyright©2019 NTT Corp. All Rights Reserved. Latency (90%tile): vanilla: 1.98 ms, TDE: 2.01 ms, pgcrypto: 2.28 ms Results 6000 6500 7000 7500 8000 8500 20 40 60 80 100 120 140 160 180 200 220 240 260 280 300 TPS Duraiton(sec) TPS comparison (R:100,W:3) vanilla tde pgcrypto 8000 8500 9000 9500 10000 10500 11000 10 30 50 70 90 110 130 150 170 190 210 230 250 270 TPS Duration (sec) TPS comparison (R:100) vanilla tde pgcrypto Latency (90%tile): vanilla: 2.32 ms, TDE: 2.45 ms, pgcrypto: 2.66 ms DB size < shared buffers DB size > shared buffers
15Copyright©2019 NTT Corp. All Rights Reserved. • Advanced Encryption Standard(AES) • Symmetric key algorithm • AES-256 • Block cipher • 16 bytes block size • Using openssl is preferable (--with-openssl) • AES-NI • Block cipher mode of operation • CBC or XTS How To Encrypt
16Copyright©2019 NTT Corp. All Rights Reserved. • For faster key rotation • Master key • Stored outside the database • Encrypt/Decrypt tablespace keys • One key per database cluster • Tablespace Key (= data key) • Stored inside the database • Encrypt/Decrypt database objects • One key per tablespace 2-Tier Key Hierarchy Master Key Encrypt/Decrypt Encrypt/ Decrypt External Location Database Server ENCRYPTED DATA Tablespace key
17Copyright©2019 NTT Corp. All Rights Reserved. • For faster key rotation • Master key • Stored outside the database • Encrypt/Decrypt tablespace keys • One key per database cluster • Tablespace Key (= data key) • Stored inside the database • Encrypt/Decrypt database objects • One key per tablespace 2-Tier Key Hierarchy Master Key Encrypt/Decrypt Encrypt/ Decrypt External Location Database Server ENCRYPTED DATA Tablespace key New Master Key
18Copyright©2019 NTT Corp. All Rights Reserved. • Key management is very important • How can we robustly manage the master key? • Better leave it to a specialist • Usually support some kinds of protocols • KMIP, HTTPS etc Key Management
19Copyright©2019 NTT Corp. All Rights Reserved. • Key manager manages a key management plugin as well as tablespace keys • Add generic interface between PostgreSQL and key management systems (Key management API) Integration with Key Management Systems Key management API get_key(), generate_key(), remove key() Encrypted file A KMS B KMS Bufmgr, smgr, encryption etc File A KMS A KMS KMIP HTTPSread/write Key manager (keyring) Encrypted Tablespace keys Shared Memory master key Local Memory Tablespace keys shared buffer
20Copyright©2019 NTT Corp. All Rights Reserved. • PostgreSQL gets the master key from KMS at startup • Cache the master key on the shared memory • Risk of key leakage when memory dump • MADV_DONTDUMP of madvise(2) helps • Risk of key leakage when swapped out • mlock(2) helps • Backend processes get the encrypted tablespace key at startup and decrypt all of them with the master key Caching Keys
21Copyright©2019 NTT Corp. All Rights Reserved. • WAL Block Encryption • Encrypt WAL block every commit time • WAL writer could encrypt • WAL Record encryption • Encrypt WAL when inserting to WAL buffer • Doesn’t encrypt WAL data that is not pertaining to encrypted tables WAL Encryption A block on WAL Buffer WAL file writeencrypt & write WAL file memcpy encrypt & memcpy 1. Encrypt WAL blocks 2. Encrypt WAL records
22Copyright©2019 NTT Corp. All Rights Reserved. • It’s more secure if we use the same encryption key for WAL encryption as that used for table • Choice #2 would be better approach WAL Encryption A block on WAL Buffer WAL file writeencrypt & write WAL file memcpy encrypt & memcpy 1. Encrypt WAL blocks 2. Encrypt WAL records
23Copyright©2019 NTT Corp. All Rights Reserved. Performance Overhead of WAL Encryption • Compare performance on insert-heavy workload • Encrypt all WAL blocks/records • pg_wal directory on tmpfs to avoid disk I/O bottleneck • Each transaction inserts a few records and commit • Max 7% degradation 1.00 1.06 1.07 1.05 1.04 0.00 0.20 0.40 0.60 0.80 1.00 1.20 No Encrytpion WAL Block WAL Record WAL Record (1/2) WAL Record (1/5) INSERT 10M rows (tempfs)
24Copyright©2019 NTT Corp. All Rights Reserved. • pg_wal on HDD • No big performance overhead Performance Overhead of WAL Encryption 1.00 1.01 1.00 0.00 0.20 0.40 0.60 0.80 1.00 1.20 No Encrytpion WAL Block WAL Record INSERT 50k rows (HDD)
25Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Format XLogRecord XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogREcordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple An example of xl_heap_update (wal_level = logical) Header data No user data is stored Block data FPI and tuples are stored Main data Could also contain tuples
26Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Encryption XLogRecord XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
27Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Encryption XLogRecord (ENCRYPTED!) XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
28Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Encryption XLogRecord (ENCRYPTED!) XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort xl_heap_update Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
29Copyright©2019 NTT Corp. All Rights Reserved. • Temporary files are written bypassing the shared buffers • base/pgsql_tmp/ • pg_replslots/ • pg_stat_statements Temporary File Encryption postgres Shared Buffer Disk temp files
30Copyright©2019 NTT Corp. All Rights Reserved. • Temporary files encryption could use “a disposable key” • Generated randomly by each backend process before use • lives only during process lifetime • No other process need to read temporary files • Interface problem • Non-uniformed file access interfaces Disposable Key
31Copyright©2019 NTT Corp. All Rights Reserved. CREATE DATABASE ... TABLESPACE enc_tblsp; • System catalogs could have user sensitive data • pg_statistics, pg_statistics_ext, pg_proc, pg_class etc • System catalogs of an encrypted database are encrypted • Encrypt all system catalogs in database that is created on a encrypted tablespace System Catalogs Encryption
32Copyright©2019 NTT Corp. All Rights Reserved. • Per tablespace, buffer-level transparent data at rest encryption • Less performance overhead • Encrypt WAL, system catalogs and temporary files as well • 2-tier key architecture • Fast key rotation • Integration with KMSs • Provide more flexible and robust key management Conclusion Remarks
33Copyright©2019 NTT Corp. All Rights Reserved. Two proposals • Cluster-wide data at rest encryption is under development • "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3 • Proposed by Antonin Houska • Per-Tablespace data at rest encryption • Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) • Proposed by Moon Insung, Masahiko Sawada Current Status
34Copyright©2019 NTT Corp. All Rights Reserved. • Further discussion on pgsql-hackers • Submit a draft version patch set for PostgreSQL 13 Future Plans
35Copyright©2019 NTT Corp. All Rights Reserved. • Block cipher mode of operation • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation • Disk encryption theory • https://en.wikipedia.org/wiki/Disk_encryption_theory#XEX- based_tweaked-codebook_mode_with_ciphertext_stealing_(XTS) Some References
36Copyright©2019 NTT Corp. All Rights Reserved. Thank you
37Copyright©2019 NTT Corp. All Rights Reserved. • CTR mode turns a block cipher into a streaming cipher • Stream cipher: byte-to-byte encryption • Unlike block mode cipher, random read is available • Used for stream data such as network packets CTR (Counter) Mode https://en.wikipedia.org/wiki/Disk_encryption_theory
38Copyright©2019 NTT Corp. All Rights Reserved. • The characteristics of WAL is quite similar to stream data • Append only • Data once written is never updated • Stream cipher doesn’t need padding even for 15 byte or less data Why Can CTR Mode be Used for WAL Encryption?

Recommended

Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
PostgreSQL replication
PostgreSQL replicationPostgreSQL replication
PostgreSQL replicationNTT DATA OSS Professional Services
 
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...Flink Forward
 
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...DataWorks Summit/Hadoop Summit
 
Sizing Your MongoDB Cluster
Sizing Your MongoDB ClusterSizing Your MongoDB Cluster
Sizing Your MongoDB ClusterMongoDB
 
Elk
Elk Elk
Elk Caleb Wang
 
Presto on Apache Spark: A Tale of Two Computation Engines
Presto on Apache Spark: A Tale of Two Computation EnginesPresto on Apache Spark: A Tale of Two Computation Engines
Presto on Apache Spark: A Tale of Two Computation EnginesDatabricks
 
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLLabel based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
 

Recommended

Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
PostgreSQL replication
PostgreSQL replicationPostgreSQL replication
PostgreSQL replicationNTT DATA OSS Professional Services
 
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...
Streaming Event Time Partitioning with Apache Flink and Apache Iceberg - Juli...Flink Forward
 
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...
The Columnar Era: Leveraging Parquet, Arrow and Kudu for High-Performance Ana...DataWorks Summit/Hadoop Summit
 
Sizing Your MongoDB Cluster
Sizing Your MongoDB ClusterSizing Your MongoDB Cluster
Sizing Your MongoDB ClusterMongoDB
 
Elk
Elk Elk
Elk Caleb Wang
 
Presto on Apache Spark: A Tale of Two Computation Engines
Presto on Apache Spark: A Tale of Two Computation EnginesPresto on Apache Spark: A Tale of Two Computation Engines
Presto on Apache Spark: A Tale of Two Computation EnginesDatabricks
 
Label based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLLabel based Mandatory Access Control on PostgreSQL
Label based Mandatory Access Control on PostgreSQLKohei KaiGai
 
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn SchedulerCloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn SchedulerDatabricks
 
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Flink Forward
 
MySQL GTID 시작하기
MySQL GTID 시작하기MySQL GTID 시작하기
MySQL GTID 시작하기I Goo Lee
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScaleMariaDB plc
 
Substrait Overview.pdf
Substrait Overview.pdfSubstrait Overview.pdf
Substrait Overview.pdfRinat Abdullin
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contentionTroubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contentionTanel Poder
 
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Abdelkrim Hadjidj
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsOracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsZohar Elkayam
 
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAApache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAAdam Doyle
 
Apache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic DatasetsApache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic DatasetsAlluxio, Inc.
 
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsOracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsEnkitec
 
CoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFiCoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFiTimothy Spann
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodLudovico Caldara
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Flink Forward
 
Oracle Database performance tuning using oratop
Oracle Database performance tuning using oratopOracle Database performance tuning using oratop
Oracle Database performance tuning using oratopSandesh Rao
 
How to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor NettyHow to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor NettyVMware Tanzu
 
Introducing Change Data Capture with Debezium
Introducing Change Data Capture with DebeziumIntroducing Change Data Capture with Debezium
Introducing Change Data Capture with DebeziumChengKuan Gan
 
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PGConf APAC
 
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016DataStax
 
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Precisely
 
Transparent Encryption in HDFS
Transparent Encryption in HDFSTransparent Encryption in HDFS
Transparent Encryption in HDFSDataWorks Summit
 

More Related Content

What's hot

Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn SchedulerCloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn SchedulerDatabricks
 
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Flink Forward
 
MySQL GTID 시작하기
MySQL GTID 시작하기MySQL GTID 시작하기
MySQL GTID 시작하기I Goo Lee
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScaleMariaDB plc
 
Substrait Overview.pdf
Substrait Overview.pdfSubstrait Overview.pdf
Substrait Overview.pdfRinat Abdullin
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contentionTroubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contentionTanel Poder
 
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Abdelkrim Hadjidj
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsOracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsZohar Elkayam
 
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAApache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAAdam Doyle
 
Apache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic DatasetsApache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic DatasetsAlluxio, Inc.
 
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsOracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsEnkitec
 
CoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFiCoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFiTimothy Spann
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodLudovico Caldara
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Flink Forward
 
Oracle Database performance tuning using oratop
Oracle Database performance tuning using oratopOracle Database performance tuning using oratop
Oracle Database performance tuning using oratopSandesh Rao
 
How to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor NettyHow to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor NettyVMware Tanzu
 
Introducing Change Data Capture with Debezium
Introducing Change Data Capture with DebeziumIntroducing Change Data Capture with Debezium
Introducing Change Data Capture with DebeziumChengKuan Gan
 
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PGConf APAC
 
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016DataStax
 

What's hot (20)

Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn SchedulerCloud-Native Apache Spark Scheduling with YuniKorn Scheduler
Cloud-Native Apache Spark Scheduling with YuniKorn Scheduler
 
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
 
MySQL GTID 시작하기
MySQL GTID 시작하기MySQL GTID 시작하기
MySQL GTID 시작하기
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScale
 
Substrait Overview.pdf
Substrait Overview.pdfSubstrait Overview.pdf
Substrait Overview.pdf
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
 
Troubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contentionTroubleshooting Complex Performance issues - Oracle SEG$ contention
Troubleshooting Complex Performance issues - Oracle SEG$ contention
 
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsOracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
 
Apache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEAApache Iceberg Presentation for the St. Louis Big Data IDEA
Apache Iceberg Presentation for the St. Louis Big Data IDEA
 
Apache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic DatasetsApache Iceberg - A Table Format for Hige Analytic Datasets
Apache Iceberg - A Table Format for Hige Analytic Datasets
 
Oracle Performance Tuning Fundamentals
Oracle Performance Tuning FundamentalsOracle Performance Tuning Fundamentals
Oracle Performance Tuning Fundamentals
 
CoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFiCoC23_ Looking at the New Features of Apache NiFi
CoC23_ Looking at the New Features of Apache NiFi
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The Hood
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
 
Oracle Database performance tuning using oratop
Oracle Database performance tuning using oratopOracle Database performance tuning using oratop
Oracle Database performance tuning using oratop
 
How to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor NettyHow to Avoid Common Mistakes When Using Reactor Netty
How to Avoid Common Mistakes When Using Reactor Netty
 
Introducing Change Data Capture with Debezium
Introducing Change Data Capture with DebeziumIntroducing Change Data Capture with Debezium
Introducing Change Data Capture with Debezium
 
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs
 
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
Myths of Big Partitions (Robert Stupp, DataStax) | Cassandra Summit 2016
 

Similar to Transparent Data Encryption in PostgreSQL

Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Precisely
 
Transparent Encryption in HDFS
Transparent Encryption in HDFSTransparent Encryption in HDFS
Transparent Encryption in HDFSDataWorks Summit
 
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast DataDatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast DataHakka Labs
 
InnoDB Tablespace Encryption
InnoDB Tablespace Encryption InnoDB Tablespace Encryption
InnoDB Tablespace Encryption Satya Bodapati
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...Imperva Incapsula
 
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and StorageAccelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and StorageAlluxio, Inc.
 
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxEncrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxNeo4j
 
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyBig Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyGidonGershinsky
 
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona ServerAdvanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona ServerSeveralnines
 
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet EncryptionData Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet EncryptionDatabricks
 
Kudu: Fast Analytics on Fast Data
Kudu: Fast Analytics on Fast DataKudu: Fast Analytics on Fast Data
Kudu: Fast Analytics on Fast Datamichaelguia
 
Blbs tn-double-the-power-half-the-space-uslet-en
Blbs tn-double-the-power-half-the-space-uslet-enBlbs tn-double-the-power-half-the-space-uslet-en
Blbs tn-double-the-power-half-the-space-uslet-enBloombase
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at RestMydbops
 
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...Maaz Anjum
 
Feature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with EncryptionFeature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with EncryptionLF Events
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
Engineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineEngineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineMongoDB
 
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems Baruch Osoveskiy
 
The Pendulum Swings Back: Converged and Hyperconverged Environments
The Pendulum Swings Back: Converged and Hyperconverged EnvironmentsThe Pendulum Swings Back: Converged and Hyperconverged Environments
The Pendulum Swings Back: Converged and Hyperconverged EnvironmentsTony Pearson
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...VirtualTech Japan Inc.
 

Similar to Transparent Data Encryption in PostgreSQL (20)

Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
 
Transparent Encryption in HDFS
Transparent Encryption in HDFSTransparent Encryption in HDFS
Transparent Encryption in HDFS
 
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast DataDatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
DatEngConf SF16 - Apache Kudu: Fast Analytics on Fast Data
 
InnoDB Tablespace Encryption
InnoDB Tablespace Encryption InnoDB Tablespace Encryption
InnoDB Tablespace Encryption
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
 
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and StorageAccelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
 
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptxEncrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
 
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyBig Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon Gershinsky
 
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona ServerAdvanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
 
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet EncryptionData Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet Encryption
 
Kudu: Fast Analytics on Fast Data
Kudu: Fast Analytics on Fast DataKudu: Fast Analytics on Fast Data
Kudu: Fast Analytics on Fast Data
 
Blbs tn-double-the-power-half-the-space-uslet-en
Blbs tn-double-the-power-half-the-space-uslet-enBlbs tn-double-the-power-half-the-space-uslet-en
Blbs tn-double-the-power-half-the-space-uslet-en
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at Rest
 
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
Maaz Anjum - IOUG Collaborate 2013 - An Insight into Space Realization on ODA...
 
Feature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with EncryptionFeature rich BTRFS is Getting Richer with Encryption
Feature rich BTRFS is Getting Richer with Encryption
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
Engineering an Encrypted Storage Engine
Engineering an Encrypted Storage EngineEngineering an Encrypted Storage Engine
Engineering an Encrypted Storage Engine
 
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems
 
The Pendulum Swings Back: Converged and Hyperconverged Environments
The Pendulum Swings Back: Converged and Hyperconverged EnvironmentsThe Pendulum Swings Back: Converged and Hyperconverged Environments
The Pendulum Swings Back: Converged and Hyperconverged Environments
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
 

More from Masahiko Sawada

PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説Masahiko Sawada
 
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...Masahiko Sawada
 
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報Masahiko Sawada
 
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -Masahiko Sawada
 
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQLBloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQLMasahiko Sawada
 
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...Masahiko Sawada
 
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説Masahiko Sawada
 
Vacuum more efficient than ever
Vacuum more efficient than everVacuum more efficient than ever
Vacuum more efficient than everMasahiko Sawada
 
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーションアーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーションMasahiko Sawada
 
PostgreSQLでスケールアウト
PostgreSQLでスケールアウトPostgreSQLでスケールアウト
PostgreSQLでスケールアウトMasahiko Sawada
 
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~Masahiko Sawada
 
PostgreSQL10徹底解説
PostgreSQL10徹底解説PostgreSQL10徹底解説
PostgreSQL10徹底解説Masahiko Sawada
 
FDW-based Sharding Update and Future
FDW-based Sharding Update and FutureFDW-based Sharding Update and Future
FDW-based Sharding Update and FutureMasahiko Sawada
 
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributorWhat’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributorMasahiko Sawada
 
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介Masahiko Sawada
 
pg_bigmと類似度検索
pg_bigmと類似度検索pg_bigmと類似度検索
pg_bigmと類似度検索Masahiko Sawada
 

More from Masahiko Sawada (20)

PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説
 
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
 
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報
 
Vacuum徹底解説
Vacuum徹底解説Vacuum徹底解説
Vacuum徹底解説
 
PostgreSQL 12の話
PostgreSQL 12の話PostgreSQL 12の話
PostgreSQL 12の話
 
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
 
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQLBloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQL
 
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
 
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説
 
Vacuum more efficient than ever
Vacuum more efficient than everVacuum more efficient than ever
Vacuum more efficient than ever
 
Vacuumとzheap
VacuumとzheapVacuumとzheap
Vacuumとzheap
 
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーションアーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーション
 
Parallel Vacuum
Parallel VacuumParallel Vacuum
Parallel Vacuum
 
PostgreSQLでスケールアウト
PostgreSQLでスケールアウトPostgreSQLでスケールアウト
PostgreSQLでスケールアウト
 
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
 
PostgreSQL10徹底解説
PostgreSQL10徹底解説PostgreSQL10徹底解説
PostgreSQL10徹底解説
 
FDW-based Sharding Update and Future
FDW-based Sharding Update and FutureFDW-based Sharding Update and Future
FDW-based Sharding Update and Future
 
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributorWhat’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributor
 
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介
 
pg_bigmと類似度検索
pg_bigmと類似度検索pg_bigmと類似度検索
pg_bigmと類似度検索
 

Recently uploaded

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 

Recently uploaded (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 

Transparent Data Encryption in PostgreSQL

  • 1. Copyright©2019 NTT Corp. All Rights Reserved. Transparent Data Encryption in PostgreSQL NTT Open Source Software Center Masahiko Sawada PGCon 2019
  • 2. 2Copyright©2019 NTT Corp. All Rights Reserved. • Database servers are often the primary target of the following attacks • Privilege abuse • Database SQL injections attacks • Storage media theft • Eavesdropping attacks between client and server • etc. Database Security Threats DB administratorApplications Database server Eavesdropping attacks SQL injections Privilege abuse Physical storage theft
  • 3. 3Copyright©2019 NTT Corp. All Rights Reserved. Encryption Database Server Application Server
  • 4. 4Copyright©2019 NTT Corp. All Rights Reserved. • Protect data from attacks bypassing database access control layer(ACL) • Read database file directly • Taking a backup • Doesn’t protect from attacks by malicious “privileged” users • SELECT SQL command by superuser • Data is not encrypted while being used • On shared buffer, on network • Often implements as transparent data encryption(TDE) Data at rest Encryption
  • 5. 5Copyright©2019 NTT Corp. All Rights Reserved. • Full disk encryption (e.g. dmcrypt) is platform dependent • Doesn’t protect data from logged-in OS users How About Full Disk Encryption?
  • 6. 6Copyright©2019 NTT Corp. All Rights Reserved. • Provide set of cryptographic functions • A convenient tool But, • Not transparent to users • Need to modify SQL, application code • Triggers and views help • Could be a cause of performance overhead • Data needs to be decrypted every time it is accessed How About contrib/pgcrypto?
  • 7. 7Copyright©2019 NTT Corp. All Rights Reserved. Transparent Data Encryption in PostgreSQL
  • 8. 8Copyright©2019 NTT Corp. All Rights Reserved. Per tablespace encryption • CREATE TABLESPACE enctblsp ... WITH (encryption = on); • Fine grained control • Specified table and its indexes, TOAST table and WAL are transparently encrypted • Also encrypt other objects such as system catalogs and temporary files • Under discussion on pgsql-hackers • [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) Proposal
  • 9. 9Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Shared Buffer Disk postgres postgres Page Cache (Kernel) raw block data
  • 10. 10Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer Backend processes read pages from the shared buffers and modify them.
  • 11. 11Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer bgwriter periodically writes the dirty pages out to the kernel page cache.
  • 12. 12Copyright©2019 NTT Corp. All Rights Reserved. PostgreSQL I/O Architecture postgres Disk postgres postgres raw block data Shared Buffer Page Cache (Kernel) Dirty pages are flushed to the disk by the checkpointer or the kernel.
  • 13. 13Copyright©2019 NTT Corp. All Rights Reserved. Buffer Level Encryption (our solution) postgres Shared Buffer Disk Pros: • Relatively less execution of encryption and decryption • Prevent peeking file on disk Cons: • Possibly repeated encryption and decryption of same data if the database doesn’t fit in shared buffers postgres postgres Page Cache (Kernel) raw data encrypted data
  • 14. 14Copyright©2019 NTT Corp. All Rights Reserved. Latency (90%tile): vanilla: 1.98 ms, TDE: 2.01 ms, pgcrypto: 2.28 ms Results 6000 6500 7000 7500 8000 8500 20 40 60 80 100 120 140 160 180 200 220 240 260 280 300 TPS Duraiton(sec) TPS comparison (R:100,W:3) vanilla tde pgcrypto 8000 8500 9000 9500 10000 10500 11000 10 30 50 70 90 110 130 150 170 190 210 230 250 270 TPS Duration (sec) TPS comparison (R:100) vanilla tde pgcrypto Latency (90%tile): vanilla: 2.32 ms, TDE: 2.45 ms, pgcrypto: 2.66 ms DB size < shared buffers DB size > shared buffers
  • 15. 15Copyright©2019 NTT Corp. All Rights Reserved. • Advanced Encryption Standard(AES) • Symmetric key algorithm • AES-256 • Block cipher • 16 bytes block size • Using openssl is preferable (--with-openssl) • AES-NI • Block cipher mode of operation • CBC or XTS How To Encrypt
  • 16. 16Copyright©2019 NTT Corp. All Rights Reserved. • For faster key rotation • Master key • Stored outside the database • Encrypt/Decrypt tablespace keys • One key per database cluster • Tablespace Key (= data key) • Stored inside the database • Encrypt/Decrypt database objects • One key per tablespace 2-Tier Key Hierarchy Master Key Encrypt/Decrypt Encrypt/ Decrypt External Location Database Server ENCRYPTED DATA Tablespace key
  • 17. 17Copyright©2019 NTT Corp. All Rights Reserved. • For faster key rotation • Master key • Stored outside the database • Encrypt/Decrypt tablespace keys • One key per database cluster • Tablespace Key (= data key) • Stored inside the database • Encrypt/Decrypt database objects • One key per tablespace 2-Tier Key Hierarchy Master Key Encrypt/Decrypt Encrypt/ Decrypt External Location Database Server ENCRYPTED DATA Tablespace key New Master Key
  • 18. 18Copyright©2019 NTT Corp. All Rights Reserved. • Key management is very important • How can we robustly manage the master key? • Better leave it to a specialist • Usually support some kinds of protocols • KMIP, HTTPS etc Key Management
  • 19. 19Copyright©2019 NTT Corp. All Rights Reserved. • Key manager manages a key management plugin as well as tablespace keys • Add generic interface between PostgreSQL and key management systems (Key management API) Integration with Key Management Systems Key management API get_key(), generate_key(), remove key() Encrypted file A KMS B KMS Bufmgr, smgr, encryption etc File A KMS A KMS KMIP HTTPSread/write Key manager (keyring) Encrypted Tablespace keys Shared Memory master key Local Memory Tablespace keys shared buffer
  • 20. 20Copyright©2019 NTT Corp. All Rights Reserved. • PostgreSQL gets the master key from KMS at startup • Cache the master key on the shared memory • Risk of key leakage when memory dump • MADV_DONTDUMP of madvise(2) helps • Risk of key leakage when swapped out • mlock(2) helps • Backend processes get the encrypted tablespace key at startup and decrypt all of them with the master key Caching Keys
  • 21. 21Copyright©2019 NTT Corp. All Rights Reserved. • WAL Block Encryption • Encrypt WAL block every commit time • WAL writer could encrypt • WAL Record encryption • Encrypt WAL when inserting to WAL buffer • Doesn’t encrypt WAL data that is not pertaining to encrypted tables WAL Encryption A block on WAL Buffer WAL file writeencrypt & write WAL file memcpy encrypt & memcpy 1. Encrypt WAL blocks 2. Encrypt WAL records
  • 22. 22Copyright©2019 NTT Corp. All Rights Reserved. • It’s more secure if we use the same encryption key for WAL encryption as that used for table • Choice #2 would be better approach WAL Encryption A block on WAL Buffer WAL file writeencrypt & write WAL file memcpy encrypt & memcpy 1. Encrypt WAL blocks 2. Encrypt WAL records
  • 23. 23Copyright©2019 NTT Corp. All Rights Reserved. Performance Overhead of WAL Encryption • Compare performance on insert-heavy workload • Encrypt all WAL blocks/records • pg_wal directory on tmpfs to avoid disk I/O bottleneck • Each transaction inserts a few records and commit • Max 7% degradation 1.00 1.06 1.07 1.05 1.04 0.00 0.20 0.40 0.60 0.80 1.00 1.20 No Encrytpion WAL Block WAL Record WAL Record (1/2) WAL Record (1/5) INSERT 10M rows (tempfs)
  • 24. 24Copyright©2019 NTT Corp. All Rights Reserved. • pg_wal on HDD • No big performance overhead Performance Overhead of WAL Encryption 1.00 1.01 1.00 0.00 0.20 0.40 0.60 0.80 1.00 1.20 No Encrytpion WAL Block WAL Record INSERT 50k rows (HDD)
  • 25. 25Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Format XLogRecord XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogREcordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple An example of xl_heap_update (wal_level = logical) Header data No user data is stored Block data FPI and tuples are stored Main data Could also contain tuples
  • 26. 26Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Encryption XLogRecord XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
  • 27. 27Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Encryption XLogRecord (ENCRYPTED!) XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_update xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
  • 28. 28Copyright©2019 NTT Corp. All Rights Reserved. WAL Record Encryption XLogRecord (ENCRYPTED!) XLogRecordBlockHeader (RelfileNode, BlockNumber) XLogRecordBlockImageHeader XLogRecordDataHeaderShort xl_heap_update Full page image (w/o hole) for new buffer xl_heap_header new tuple xl_heap_header old tuple Choice #1: Encrypt whole WAL record • Need another header containing ciphertext length and tablespace oid (key of encryption key) • Need decryption before validation • Frontend programs(pg_waldump, pg_rewind etc) need to obtain tablespace keys and master key Choice #2: Encrypt only block data + main data • XLogRecordHeader has a flag saying “hey this record is encrypted” • Frontend programs need to obtain tablespace keys and master key Choice #3: Move xl_xxx_xxx to just below header data and #2 • Frontend tools don’t want to see user data don’t need to decrypt WAL record • Possible?
  • 29. 29Copyright©2019 NTT Corp. All Rights Reserved. • Temporary files are written bypassing the shared buffers • base/pgsql_tmp/ • pg_replslots/ • pg_stat_statements Temporary File Encryption postgres Shared Buffer Disk temp files
  • 30. 30Copyright©2019 NTT Corp. All Rights Reserved. • Temporary files encryption could use “a disposable key” • Generated randomly by each backend process before use • lives only during process lifetime • No other process need to read temporary files • Interface problem • Non-uniformed file access interfaces Disposable Key
  • 31. 31Copyright©2019 NTT Corp. All Rights Reserved. CREATE DATABASE ... TABLESPACE enc_tblsp; • System catalogs could have user sensitive data • pg_statistics, pg_statistics_ext, pg_proc, pg_class etc • System catalogs of an encrypted database are encrypted • Encrypt all system catalogs in database that is created on a encrypted tablespace System Catalogs Encryption
  • 32. 32Copyright©2019 NTT Corp. All Rights Reserved. • Per tablespace, buffer-level transparent data at rest encryption • Less performance overhead • Encrypt WAL, system catalogs and temporary files as well • 2-tier key architecture • Fast key rotation • Integration with KMSs • Provide more flexible and robust key management Conclusion Remarks
  • 33. 33Copyright©2019 NTT Corp. All Rights Reserved. Two proposals • Cluster-wide data at rest encryption is under development • "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3 • Proposed by Antonin Houska • Per-Tablespace data at rest encryption • Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) • Proposed by Moon Insung, Masahiko Sawada Current Status
  • 34. 34Copyright©2019 NTT Corp. All Rights Reserved. • Further discussion on pgsql-hackers • Submit a draft version patch set for PostgreSQL 13 Future Plans
  • 35. 35Copyright©2019 NTT Corp. All Rights Reserved. • Block cipher mode of operation • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation • Disk encryption theory • https://en.wikipedia.org/wiki/Disk_encryption_theory#XEX- based_tweaked-codebook_mode_with_ciphertext_stealing_(XTS) Some References
  • 36. 36Copyright©2019 NTT Corp. All Rights Reserved. Thank you
  • 37. 37Copyright©2019 NTT Corp. All Rights Reserved. • CTR mode turns a block cipher into a streaming cipher • Stream cipher: byte-to-byte encryption • Unlike block mode cipher, random read is available • Used for stream data such as network packets CTR (Counter) Mode https://en.wikipedia.org/wiki/Disk_encryption_theory
  • 38. 38Copyright©2019 NTT Corp. All Rights Reserved. • The characteristics of WAL is quite similar to stream data • Append only • Data once written is never updated • Stream cipher doesn’t need padding even for 15 byte or less data Why Can CTR Mode be Used for WAL Encryption?