Authors:
Kevin Foltz
and
William R. Simpson
Affiliation:
Institute for Defense Analyses, United States
Keyword(s):
Enterprise, Enterprise Resource Planning, Database, System Design, Confidentiality, Integrity, Homomorphic Encryption, Partial Homomorphic Encryption, Application Security, Security, Cloud Services, End-to-End Encryption, Key Management, Database Security.
Related
Ontology
Subjects/Areas/Topics:
Computer-Supported Education
;
Databases and Information Systems Integration
;
Enterprise Information Systems
;
Enterprise Resource Planning
;
Enterprise Software Technologies
;
Information Systems Analysis and Specification
;
Information Technologies Supporting Learning
;
Performance Evaluation and Benchmarking
;
Security
;
Security and Privacy
;
Simulation and Modeling
;
Simulation Tools and Platforms
;
Software Engineering
Abstract:
Prior work demonstrated the feasibility of using partial homomorphic encryption as part of a database encryption scheme in which standard SQL queries are performed on encrypted data. However, this work involved only translating raw SQL queries to the database through the CryptDB proxy. Our work extends the prior work to an Oracle application. The goal for this work was to determine feasibility for a full-scale implementation on a real Oracle Enterprise Resource Planning (ERP) system. This requires accommodating extra features such as stored procedures, views, and multi-user access controls. Our work shows that these additional functionalities can be practically implemented using encrypted data, and they can be implemented in a way that requires no code changes to the ERP application code. The overall request latency and computational resource requirements for operating on encrypted data are under one order of magnitude and within a small factor of those for unencrypted data. These re
sults demonstrate the feasibility of operating an Oracle ERP on encrypted data.
(More)