We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR
< prev | next >
new | recent | 2111

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Cryptography and Security

Title: BigFoot: Exploiting and Mitigating Leakage in Encrypted Write-Ahead Logs

Authors: Jialing Pei, Vitaly Shmatikov
(Submitted on 17 Nov 2021 (v1), last revised 29 Nov 2021 (this version, v2))
Abstract: Modern databases and data-warehousing systems separate query processing and durable storage. Storage systems have idiosyncratic bugs and security vulnerabilities, thus attacks that compromise only storage are a realistic threat. In this paper, we show that encryption alone is not sufficient to protect databases from compromised storage. Using MongoDB WiredTiger as a concrete example, we demonstrate that sizes of encrypted writes to a durable write-ahead log can reveal sensitive information about the inputs and activities of MongoDB applications. We then design, implement, and evaluate BigFoot, a WAL modification that mitigates size leakage.
Comments: 8 pages
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2111.09374 [cs.CR]
  (or arXiv:2111.09374v2 [cs.CR] for this version)

Submission history

From: Jialing Pei [view email]
[v1] Wed, 17 Nov 2021 20:14:31 GMT (4558kb,D)
[v2] Mon, 29 Nov 2021 04:35:14 GMT (4556kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.