Submit Search
Upload
Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
•
13 likes
•
12,408 views
Masahiko Sawada
Follow
Talk at FOSDEM PGDAY 2019
Read less
Read more
Software
Report
Share
Report
Share
1 of 46
Download now
Download to read offline
Recommended
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
Using Apache Arrow, Calcite, and Parquet to Build a Relational Cache
Using Apache Arrow, Calcite, and Parquet to Build a Relational Cache
Dremio Corporation
InfluxDB IOx Tech Talks: Query Processing in InfluxDB IOx
InfluxDB IOx Tech Talks: Query Processing in InfluxDB IOx
InfluxData
The delta architecture
The delta architecture
Prakash Chockalingam
Enable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgent
Bobby Curtis
Introduction to the Mysteries of ClickHouse Replication, By Robert Hodges and...
Introduction to the Mysteries of ClickHouse Replication, By Robert Hodges and...
Altinity Ltd
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
PostgreSQL-Consulting
[211] HBase 기반 검색 데이터 저장소 (공개용)
[211] HBase 기반 검색 데이터 저장소 (공개용)
NAVER D2
Recommended
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
Using Apache Arrow, Calcite, and Parquet to Build a Relational Cache
Using Apache Arrow, Calcite, and Parquet to Build a Relational Cache
Dremio Corporation
InfluxDB IOx Tech Talks: Query Processing in InfluxDB IOx
InfluxDB IOx Tech Talks: Query Processing in InfluxDB IOx
InfluxData
The delta architecture
The delta architecture
Prakash Chockalingam
Enable GoldenGate Monitoring with OEM 12c/JAgent
Enable GoldenGate Monitoring with OEM 12c/JAgent
Bobby Curtis
Introduction to the Mysteries of ClickHouse Replication, By Robert Hodges and...
Introduction to the Mysteries of ClickHouse Replication, By Robert Hodges and...
Altinity Ltd
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
PostgreSQL-Consulting
[211] HBase 기반 검색 데이터 저장소 (공개용)
[211] HBase 기반 검색 데이터 저장소 (공개용)
NAVER D2
Optimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database Drivers
ScyllaDB
DB Time, Average Active Sessions, and ASH Math - Oracle performance fundamentals
DB Time, Average Active Sessions, and ASH Math - Oracle performance fundamentals
John Beresniewicz
The Apache Spark File Format Ecosystem
The Apache Spark File Format Ecosystem
Databricks
Mastering PostgreSQL Administration
Mastering PostgreSQL Administration
EDB
Linux performance tuning & stabilization tips (mysqlconf2010)
Linux performance tuning & stabilization tips (mysqlconf2010)
Yoshinori Matsunobu
PostgreSQL and RAM usage
PostgreSQL and RAM usage
Alexey Bashtanov
Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0
Mydbops
Deep Dive on ClickHouse Sharding and Replication-2202-09-22.pdf
Deep Dive on ClickHouse Sharding and Replication-2202-09-22.pdf
Altinity Ltd
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System Administrators
Command Prompt., Inc
Apache Hadoop Security - Ranger
Apache Hadoop Security - Ranger
Isheeta Sanghi
Apache Kafka’s Transactions in the Wild! Developing an exactly-once KafkaSink...
Apache Kafka’s Transactions in the Wild! Developing an exactly-once KafkaSink...
HostedbyConfluent
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet Encryption
Databricks
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
InfluxData
Autovacuum, explained for engineers, new improved version PGConf.eu 2015 Vienna
Autovacuum, explained for engineers, new improved version PGConf.eu 2015 Vienna
PostgreSQL-Consulting
Solving PostgreSQL wicked problems
Solving PostgreSQL wicked problems
Alexander Korotkov
PGEncryption_Tutorial
PGEncryption_Tutorial
Vibhor Kumar
Sharding Methods for MongoDB
Sharding Methods for MongoDB
MongoDB
InfluxDB IOx Tech Talks: The Impossible Dream: Easy-to-Use, Super Fast Softw...
InfluxDB IOx Tech Talks: The Impossible Dream: Easy-to-Use, Super Fast Softw...
InfluxData
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
NTT DATA Technology & Innovation
PostgreSQL HA
PostgreSQL HA
haroonm
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Severalnines
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Alluxio, Inc.
More Related Content
What's hot
Optimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database Drivers
ScyllaDB
DB Time, Average Active Sessions, and ASH Math - Oracle performance fundamentals
DB Time, Average Active Sessions, and ASH Math - Oracle performance fundamentals
John Beresniewicz
The Apache Spark File Format Ecosystem
The Apache Spark File Format Ecosystem
Databricks
Mastering PostgreSQL Administration
Mastering PostgreSQL Administration
EDB
Linux performance tuning & stabilization tips (mysqlconf2010)
Linux performance tuning & stabilization tips (mysqlconf2010)
Yoshinori Matsunobu
PostgreSQL and RAM usage
PostgreSQL and RAM usage
Alexey Bashtanov
Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0
Mydbops
Deep Dive on ClickHouse Sharding and Replication-2202-09-22.pdf
Deep Dive on ClickHouse Sharding and Replication-2202-09-22.pdf
Altinity Ltd
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System Administrators
Command Prompt., Inc
Apache Hadoop Security - Ranger
Apache Hadoop Security - Ranger
Isheeta Sanghi
Apache Kafka’s Transactions in the Wild! Developing an exactly-once KafkaSink...
Apache Kafka’s Transactions in the Wild! Developing an exactly-once KafkaSink...
HostedbyConfluent
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet Encryption
Databricks
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
InfluxData
Autovacuum, explained for engineers, new improved version PGConf.eu 2015 Vienna
Autovacuum, explained for engineers, new improved version PGConf.eu 2015 Vienna
PostgreSQL-Consulting
Solving PostgreSQL wicked problems
Solving PostgreSQL wicked problems
Alexander Korotkov
PGEncryption_Tutorial
PGEncryption_Tutorial
Vibhor Kumar
Sharding Methods for MongoDB
Sharding Methods for MongoDB
MongoDB
InfluxDB IOx Tech Talks: The Impossible Dream: Easy-to-Use, Super Fast Softw...
InfluxDB IOx Tech Talks: The Impossible Dream: Easy-to-Use, Super Fast Softw...
InfluxData
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
NTT DATA Technology & Innovation
PostgreSQL HA
PostgreSQL HA
haroonm
What's hot
(20)
Optimizing Performance in Rust for Low-Latency Database Drivers
Optimizing Performance in Rust for Low-Latency Database Drivers
DB Time, Average Active Sessions, and ASH Math - Oracle performance fundamentals
DB Time, Average Active Sessions, and ASH Math - Oracle performance fundamentals
The Apache Spark File Format Ecosystem
The Apache Spark File Format Ecosystem
Mastering PostgreSQL Administration
Mastering PostgreSQL Administration
Linux performance tuning & stabilization tips (mysqlconf2010)
Linux performance tuning & stabilization tips (mysqlconf2010)
PostgreSQL and RAM usage
PostgreSQL and RAM usage
Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0
Deep Dive on ClickHouse Sharding and Replication-2202-09-22.pdf
Deep Dive on ClickHouse Sharding and Replication-2202-09-22.pdf
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System Administrators
Apache Hadoop Security - Ranger
Apache Hadoop Security - Ranger
Apache Kafka’s Transactions in the Wild! Developing an exactly-once KafkaSink...
Apache Kafka’s Transactions in the Wild! Developing an exactly-once KafkaSink...
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet Encryption
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
InfluxDB IOx Tech Talks: Intro to the InfluxDB IOx Read Buffer - A Read-Optim...
Autovacuum, explained for engineers, new improved version PGConf.eu 2015 Vienna
Autovacuum, explained for engineers, new improved version PGConf.eu 2015 Vienna
Solving PostgreSQL wicked problems
Solving PostgreSQL wicked problems
PGEncryption_Tutorial
PGEncryption_Tutorial
Sharding Methods for MongoDB
Sharding Methods for MongoDB
InfluxDB IOx Tech Talks: The Impossible Dream: Easy-to-Use, Super Fast Softw...
InfluxDB IOx Tech Talks: The Impossible Dream: Easy-to-Use, Super Fast Softw...
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
PostgreSQL HA
PostgreSQL HA
Similar to Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Severalnines
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Alluxio, Inc.
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Surekha Parekh
Denver Big Data Analytics Day
Denver Big Data Analytics Day
Zivaro Inc
Oracle Storage a ochrana dat
Oracle Storage a ochrana dat
MarketingArrowECS_CZ
MySQL Data Encryption at Rest
MySQL Data Encryption at Rest
Mydbops
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
Laura Hood
NVMe and Flash – Make Your Storage Great Again!
NVMe and Flash – Make Your Storage Great Again!
DataCore Software
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Neo4j
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems
Baruch Osoveskiy
Oracle SPARC T7 a M7 servery
Oracle SPARC T7 a M7 servery
MarketingArrowECS_CZ
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
Yashi Italia
Galaxy Big Data with MariaDB
Galaxy Big Data with MariaDB
MariaDB Corporation
Zsq03116usen 02
Zsq03116usen 02
Manikandan Suresh
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
UniFabric
[아이펀팩토리] 2017 NDCP
[아이펀팩토리] 2017 NDCP
iFunFactory Inc.
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADE
Rocket Software
DAOS - Scale-Out Software-Defined Storage for HPC/Big Data/AI Convergence
DAOS - Scale-Out Software-Defined Storage for HPC/Big Data/AI Convergence
inside-BigData.com
Similar to Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
(20)
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Denver Big Data Analytics Day
Denver Big Data Analytics Day
Oracle Storage a ochrana dat
Oracle Storage a ochrana dat
MySQL Data Encryption at Rest
MySQL Data Encryption at Rest
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
NVMe and Flash – Make Your Storage Great Again!
NVMe and Flash – Make Your Storage Great Again!
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems
Oracle SPARC T7 a M7 servery
Oracle SPARC T7 a M7 servery
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
Galaxy Big Data with MariaDB
Galaxy Big Data with MariaDB
Zsq03116usen 02
Zsq03116usen 02
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
[아이펀팩토리] 2017 NDCP
[아이펀팩토리] 2017 NDCP
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADE
DAOS - Scale-Out Software-Defined Storage for HPC/Big Data/AI Convergence
DAOS - Scale-Out Software-Defined Storage for HPC/Big Data/AI Convergence
More from Masahiko Sawada
PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説
Masahiko Sawada
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
Masahiko Sawada
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報
Masahiko Sawada
Vacuum徹底解説
Vacuum徹底解説
Masahiko Sawada
PostgreSQL 12の話
PostgreSQL 12の話
Masahiko Sawada
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
Masahiko Sawada
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQL
Masahiko Sawada
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Masahiko Sawada
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説
Masahiko Sawada
Vacuum more efficient than ever
Vacuum more efficient than ever
Masahiko Sawada
Vacuumとzheap
Vacuumとzheap
Masahiko Sawada
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーション
Masahiko Sawada
Parallel Vacuum
Parallel Vacuum
Masahiko Sawada
PostgreSQLでスケールアウト
PostgreSQLでスケールアウト
Masahiko Sawada
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
Masahiko Sawada
PostgreSQL10徹底解説
PostgreSQL10徹底解説
Masahiko Sawada
FDW-based Sharding Update and Future
FDW-based Sharding Update and Future
Masahiko Sawada
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributor
Masahiko Sawada
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介
Masahiko Sawada
pg_bigmと類似度検索
pg_bigmと類似度検索
Masahiko Sawada
More from Masahiko Sawada
(20)
PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報
Vacuum徹底解説
Vacuum徹底解説
PostgreSQL 12の話
PostgreSQL 12の話
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQL
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説
Vacuum more efficient than ever
Vacuum more efficient than ever
Vacuumとzheap
Vacuumとzheap
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーション
Parallel Vacuum
Parallel Vacuum
PostgreSQLでスケールアウト
PostgreSQLでスケールアウト
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
PostgreSQL10徹底解説
PostgreSQL10徹底解説
FDW-based Sharding Update and Future
FDW-based Sharding Update and Future
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributor
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介
pg_bigmと類似度検索
pg_bigmと類似度検索
Recently uploaded
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
vaddepallysandeep122
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Mater
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
Philip Schwarz
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
OnePlan Solutions
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
andrehoraa
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
kalichargn70th171
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
AnoyGreter
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Ahmed Mohamed
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
StefanoLambiase
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
Tier1 app
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
smiwainfosol
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
FerryKemperman
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
Lionel Briand
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
Dinusha Kumarasiri
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
Christian Birchler
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Drew Moseley
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
Hanief Utama
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
Wave PLM
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Natan Silnitsky
Recently uploaded
(20)
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
MYjobs Presentation Django-based project
MYjobs Presentation Django-based project
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
1.
Copyright©2019 NTT Corp.
All Rights Reserved. ,
2.
Copyright©2019 NTT Corp.
All Rights Reserved. • Database and Threats • Data at rest Encryption • Transparent data encryption • Transparent data encryption in PostgreSQL • Key rotation • Key Management • Integration of PostgreSQL with key management system • Conclusion
3.
Copyright©2019 NTT Corp.
All Rights Reserved.
4.
Copyright©2019 NTT Corp.
All Rights Reserved. • Database servers are often the primary target of the following attacks • Privilege abuse • Database SQL injections attacks • Storage media theft • Eavesdropping attacks between client and server • etc. 44 Eavesdropping attacks 4 4
5.
Copyright©2019 NTT Corp.
All Rights Reserved. • Reason to protect database • Databases store valuable and sensitive data, some leakage also causes a high risk • Essential data protection standards and regulations for businesses • PCI DSS, GDPR, HIPPA etc. Various data protection standards and regulations require data encryption
6.
Copyright©2019 NTT Corp.
All Rights Reserved.
7.
Copyright©2019 NTT Corp.
All Rights Reserved. • Data at rest • Backup files and database cluster files stored in physical storage • Measures against threats to data at rest in PostgreSQL • Data encryption using pgcrypto or Full disk encryption However, using pgcrypto or full disk encryption does not meet some requirements Data is secure ! Data leak Threat of theft occurred Database storage Database storage User data stored encrypted User data stored non-encrypted
8.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Using pgcrypto degrades application program performance • Platform-independent • Minimize application program development cost • Secure encryption key management • Periodic key rotation
9.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Using full disk encryption depends on platforms • Minimize application program development cost • Secure encryption key management • Periodic key rotation
10.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Minimize application program development cost • Using pgcrypto requires many application program modifications • Secure encryption key management • Periodic key rotation
11.
Copyright©2019 NTT Corp.
All Rights Reserved. • Many modifications of the application program source code for areas(Tables) where encryption is required • Regression testing required after source code modification • Encryption supports increase time and labor costs =# INSERT INTO card_info ( user_name, card_number) VALUES ( ‘MOON INSUNG’, ‘1234-2345-3456-4567’ ); =# INSERT INTO card_info ( user_name, card_number) VALUES ( ‘MOON INSUNG’, encrypt (‘1234-2345-3456-4567’, 'KEY_VALUE', ‘aes-cbc’) ); SQL statement before encryption SQL statement after encryption using pgcrypto
12.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Minimize application program development cost • Secure encryption key management • pgcrypto doesn't provide secure encryption key management facilities out-of-the-box • Periodic key rotation
13.
Copyright©2019 NTT Corp.
All Rights Reserved. • If encryption key is leaked, the encrypted data at rest cannot be protected from threats of malicious access • Storing encrypted data and its key in the same place makes the data encryption meaningless
14.
Copyright©2019 NTT Corp.
All Rights Reserved. • Key management in a separate secure place for the encryption keys Database storage Encrypted data Threat of theft occurred Separate location Secure Place Data is secure
15.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Minimize application program development cost • Secure encryption key management • Periodic key rotation • Reduced performance due to re-encryption when rotating keys Database storage Encrypted data Decryption current key Database storage Non- encrypted data Database storage Encrypted dataEncryption New key Performance degradation due to re-encryption and data unavailability
16.
Copyright©2019 NTT Corp.
All Rights Reserved. • Requirements related to data encryption • Minimize performance degradation • Platform-independent • Minimize application program development cost • Secure encryption key management • Periodic key rotation • Difficult to satisfy these requirements related to data encryption using pgcrypto and full disk encryption in PostgreSQL In the following slides, we describe the result of our efforts to address these challenges
17.
Copyright©2019 NTT Corp.
All Rights Reserved.
18.
Copyright©2019 NTT Corp.
All Rights Reserved. 1. Per tablespace encryption 2. Transparent encryption at a layer between PostgreSQL’s shared buffer and OS 3. 2-tier key architecture 4. WAL encryption 5. System catalogs encryption 6. Temporary files encryption - - -
19.
Copyright©2019 NTT Corp.
All Rights Reserved. • Create encryption-enabled tablespaces • Tables and indexes on the tablespace are transparently encrypted • Less modification of DDLs . =# CREATE TABLESPACE enc_tblsp LOCATION ... WITH (eyncryption_algorithm = ‘aes128’); =# CREATE TABLE card (...) TABLESPACE enc_tblsp; =# SET default_tablespace TO enc_tblsp; =# CREATE TABLE card2 (..);
20.
Copyright©2019 NTT Corp.
All Rights Reserved. • Two possible solutions for now • Using pgcrypto with views and triggers • Full disk encryption (FDE) • Our solution is that encryption and decryption are performed when writing/reading to/from disk
21.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Shared Buffer Disk postgres postgres Page Cache (Kernel) raw block data
22.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer Backend processes read pages from the shared buffers and modify them.
23.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer bgwriter periodically writes the dirty pages out to the kernel page cache.
24.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Disk postgres postgres raw block data Shared Buffer Page Cache (Kernel) Dirty pages are flushed to the disk by the checkpointer or the kernel.
25.
Copyright©2019 NTT Corp.
All Rights Reserved. - postgres Shared Buffer Disk Pros: • Protect data even on shared buffer Cons: • Encryption and decryption are needed whenever accessing buffers on shared buffer • Different backends encrypt/decrypt the same buffer postgres postgres Page Cache (Kernel) raw data encrypted data
26.
Copyright©2019 NTT Corp.
All Rights Reserved. - . postgres Shared Buffer Disk Pros: • Less execution of encryption and decryption Cons: • Platform dependence • Cannot protect data from peeking by logged-in OS user postgres postgres Page Cache (Kernel) raw data encrypted data
27.
Copyright©2019 NTT Corp.
All Rights Reserved. 3 ) ) ) -( 2 .- .3 . 32 .- postgres Shared Buffer Disk Pros: • Relatively less execution of encryption and decryption • Prevent peeking file on disk Cons: • Possibly more encryption and decryption are performed when database size > shared buffer postgres postgres Page Cache (Kernel) raw data encrypted data
28.
Copyright©2019 NTT Corp.
All Rights Reserved. Transparence Performance impacts Protection against threats 1. Using pgcrypto OK (using views and triggers) High * Disk thefts * Memory dump * Peeking at data on disk 2. Full disk encryption OK Low * Disk thefts 3. Buffer level encryption OK Middle * Disk thefts * Peeking at data on disk
29.
Copyright©2019 NTT Corp.
All Rights Reserved. • Wrote proof-of-concept code of per tablespaces TDE • Tablespace encryption • Transparent encryption • 2-tier key architecutre • Key rotation • Features the PoC code doesn’t support (for now): • WAL encryption • System catalog encryption • Temporary files encryption
30.
Copyright©2019 NTT Corp.
All Rights Reserved. • PostgreSQL 11.1 • Vanilla PostgreSQL • PostgreSQL with TDE PoC code • PostgreSQL with pgcrypto • 32GB RAM, 500GB HDD • 6GB shared buffers • Data sets • 5GB (< shared_buffers) • 15GB (> shared_buffers) • Observations • TPS • Response times • Duration: 5min
31.
Copyright©2019 NTT Corp.
All Rights Reserved. Latency (90%tile): vanilla: 1.98 ms, TDE: 2.01 ms, pgcrypto: 2.28 ms 6000 6500 7000 7500 8000 8500 20 40 60 80 100 120 140 160 180 200 220 240 260 280 300 TPS Duraiton(sec) TPS comparison (R:100,W:3) vanilla tde pgcrypto 8000 8500 9000 9500 10000 10500 11000 10 30 50 70 90 110 130 150 170 190 210 230 250 270 TPS Duration (sec) TPS comparison (R:100) vanilla tde pgcrypto Latency (90%tile): vanilla: 2.32 ms, TDE: 2.45 ms, pgcrypto: 2.66 ms DB size < shared buffers DB size > shared buffers
32.
Copyright©2019 NTT Corp.
All Rights Reserved. • Master Key and Data Encryption Key • The master key is separated from encrypted data • Stored outside of the database • The data encryption keys are managed by database • Faster key rotation ENCRYPTED DATA Master Key Data Encryption Key Encrypt/Decrypt Encrypt/ Decrypt plain
33.
Copyright©2019 NTT Corp.
All Rights Reserved. • Master Key and Data Encryption Key • The master key is separated from encrypted data • Stored outside of the database • The data encryption keys are managed by database • Faster key rotation ENCRYPTED DATA Master Key Data Encryption Key Encrypt/Decrypt Encrypt/ Decrypt encry pted plain New Master Key Encrypt/Decrypt
34.
Copyright©2019 NTT Corp.
All Rights Reserved. • Key rotation always requires re-encrypting data • The 2-tier key architecture requires only key rotation of data encryption keys • 16, 24, 32 bytes key for AES-128, AES-192, AES-256 • One symmetric key per tablespaces
35.
Copyright©2019 NTT Corp.
All Rights Reserved. • WAL is also the sensitive data • WAL of encrypted relations is encrypted when inserting to the WAL buffer
36.
Copyright©2019 NTT Corp.
All Rights Reserved. • Two system catalogs could have user sensitive data • pg_statistics • pg_statistics_ext . =# SELECT tablename, attname, histogram_bounds FROM pg_stats WHERE tablename = 'card'; -[ RECORD 1 ]----+----------------------------------------------- tablename | card attname | card_number histogram_bounds | {1102-6674-6045-5459,1606-6441-9374-1335,2507- 2573-1560-9962,3323-3000-4260-1336,4319-9183-6377-7031,6035-9617- 5940-2060,6682-5210-8901-2679,7304-3837-8200-8185,8391-3583-3888- 1725,9091-3895-2466-7845,9970-5910-3522-1423}
37.
Copyright©2019 NTT Corp.
All Rights Reserved. • Temporary files are written bypassing the shared buffers • base/pgsql_tmp/ • pg_replslots/ . postgres Shared Buffer Disk temp files
38.
Copyright©2019 NTT Corp.
All Rights Reserved. • Per tablespace, buffer-level transparent encryption • 2-tier key architecture • Encrypt WAL, system catalogs and temporary files • SRLU buffer and fork relations are not encrypted • Pros • Less DDL modification • Less performance impact • Fast key rotation • Cons • Cannot set per users • Cannot prevent attack by malicious super user
39.
Copyright©2019 NTT Corp.
All Rights Reserved.
40.
Copyright©2019 NTT Corp.
All Rights Reserved. • Services or systems that are dedicated to robustly manage keys • Usually support some kinds of protocols • KMIP • PKCS#11 • SafeNet KeySecure, Amazon KMS, Oracle KeyVault etc ( )( ( (
41.
Copyright©2019 NTT Corp.
All Rights Reserved. • Robust key management • User don’t need to worry about key life cycles ENCRYPTED DATA Master Key Data Encryption Keys Get the master key and decrypt/decrypt Encrypt/Decrypt Key Management System PostgreSQL Register the master key Remove an old master key
42.
Copyright©2019 NTT Corp.
All Rights Reserved. • KMSs support different interfaces and protocols • KMIP, PKCS#11, etc. • Our solution • Pluggable architecture to communicate with various KMSs • Add generic key management APIs • get key, register key, remove key etc.
43.
Copyright©2019 NTT Corp.
All Rights Reserved. • Encryption key is also important • Integration with KMS frees user from key management • Adding generic key management APIs enable us to communicate with various key management systems
44.
Copyright©2019 NTT Corp.
All Rights Reserved. • Per tablespace, buffer-level transparent data at rest encryption • Less performance overhead • Encrypt WAL, system catalogs and temporary files as well • 2-tier key architecture • Fast key rotation • Integration with KMSs • More flexible and robust key management
45.
Copyright©2019 NTT Corp.
All Rights Reserved. 1. Basic components of transparent data encryption • Per tablespace encryption* • 2-tier key architecture* • Key rotation* • System catalog encryption • Temporary file encryption • Fetching the master key by arbitrary commands* 2. WAL encryption 3. Integration with KMSs • Pluggable • Registering key, removing key ... PoC codes has *-marked features
46.
Copyright©2019 NTT Corp.
All Rights Reserved. !
Download now