Masking page reference patterns in encryption databases on untrusted storage

摘要

To support ubiquitous computing, the underlying data have to be persistent and available anywhere-anytime. The data thus have to migrate from devices that are local to individual computers, to shared storage volumes that are accessible over open network. This potentially exposes the data to heightened security risks. In particular, the activity on a database exhibits regular page reference patterns that could help attackers learn logical links among physical pages and then launch additional attacks. We propose two countermeasures to mitigate the risk of attacks initiated through analyzing the shared storage server’s activity for those page patterns. The first countermeasure relocates data pages according to which page sequences they are in. The second countermeasure enhances the first by randomly prefetching pages from predicted page sequences. We have implemented the two countermeasures in MySQL, and experiment results demonstrate their effectiveness and practicality.