GhostDB: Hiding Data from Prying Eyes Demonstration

1
GhostDB Hiding Data from Prying Eyes
(Demonstration)

• Christophe Salperwyck, Nicolas Anciaux, Mehdi
  Benzine, Luc Bouganim, Philippe Pucheral,
  Dennis Shasha
• SMIS Project (INRIA-UVSQ), New York University

2
GhostDB Simulator

• One software simulator per component
• One laptop is used for each simulator

Visible Data
PC
Untrusted Server (Visible)
Terminal (PC)
Secure token (Hidden)
3
Secure Token Simulator

• The secure token's simulator shows
• The query (SQL) to process
• The physical query execution plan processed
• And the execution time of the current and
  previous queries executions

Execution Plan area
Query area
Execution time area
4
Terminal Simulator
Relational schema
Query
Communication channel
5
Untrusted Server Simulator
Communication channel
6
Query Execution
Query submitted
Visible sub queries to send to the untrusted
server
7
Visible sub queries
Visible sub queries received from the terminal
8
Visible execution
Visible sub queries results
9
Hidden computation
Query submitted
The query submitted is sent to the secure token
10
Hidden execution Plan
Query execution plan
The query execution plan is produced according to
the SQL query
11
Visible data transfert
The visible sub queries results are sent to the
secure token through the terminal to finalize the
computation
Visible sub queries results
12
Other strategies
Other execution plans more or less efficient can
be produced and executed to issue the same query
Use post filtering (bloom filter)instead of
pre-filtering
13
Efficiency
P3
P2
P1