Modern databases and data-warehousing systems separate query processing and durable storage. Storage systems have idiosyncratic bugs and security vulnerabilities, thus attacks that compromise only storage are a realistic threat. In this paper, we show that encryption alone is not sufficient to protect databases from compromised storage. Using MongoDB WiredTiger as a concrete example, we demonstrate that sizes of encrypted writes to a durable write-ahead log can reveal sensitive information about the inputs and activities of MongoDB applications. We then design, implement, and evaluate BigFoot, a WAL modification that mitigates size leakage.
翻译:现代数据库和数据- 仓储系统将查询处理和耐久存储分开。 存储系统有奇特的错误和安全弱点,因此,只影响存储的攻击是一种现实的威胁。 在本文中,我们表明,单靠加密不足以保护数据库免遭失密存储。 以MongoDB WiredTiger为具体例子,我们证明加密写到耐用写头日志的大小可以揭示关于MongoDB应用程序的投入和活动的敏感信息。 然后我们设计、实施和评估BigFoot, 这是一项减少大小渗漏的WAL修改。
相关内容
微信扫码咨询专知VIP会员