CapsuleDB: A Secure Key-Value Store for the Global Data Plane

William Mullen

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2022-168

May 31, 2022

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2022/EECS-2022-168.pdf

The Global Data Plane (GDP) is a data-centric network infrastructure that provides federated access to compute resources. However, an environment in which code runs on untrusted hardware introduces new security challenges for data management. Furthermore, DataCapsules, which are the high-level logical units of transfer that move through the GDP, can store persistent data but are difficult to search through efficiently, requiring users to understand their somewhat complex security structures for correct usage. CapsuleDB is the first database and key-value store designed for the GDP. It exports a simple interface for developers without jeopardizing any of the security guarantees inherent to DataCapsules. Furthermore, it uses a novel indexing system to track active data and naturally age out older data by leveraging the unique structure of DataCapsules. Finally, it uses Intel SGX to protect against malicious host operating systems, providing an extra layer of security for deployments to nodes owned by other entities.

Advisors: John D. Kubiatowicz

BibTeX citation:

@mastersthesis{Mullen:EECS-2022-168,
    Author= {Mullen, William},
    Title= {CapsuleDB: A Secure Key-Value Store for the Global Data Plane},
    School= {EECS Department, University of California, Berkeley},
    Year= {2022},
    Month= {May},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2022/EECS-2022-168.html},
    Number= {UCB/EECS-2022-168},
    Abstract= {The Global Data Plane (GDP) is a data-centric network infrastructure that provides federated
access to compute resources. However, an environment in which code runs on untrusted hardware
introduces new security challenges for data management. Furthermore, DataCapsules, which are
the high-level logical units of transfer that move through the GDP, can store persistent data but
are difficult to search through efficiently, requiring users to understand their somewhat complex
security structures for correct usage. CapsuleDB is the first database and key-value store designed
for the GDP. It exports a simple interface for developers without jeopardizing any of the security
guarantees inherent to DataCapsules. Furthermore, it uses a novel indexing system to track active
data and naturally age out older data by leveraging the unique structure of DataCapsules. Finally,
it uses Intel SGX to protect against malicious host operating systems, providing an extra layer of
security for deployments to nodes owned by other entities.},
}

EndNote citation:

%0 Thesis
%A Mullen, William 
%T CapsuleDB: A Secure Key-Value Store for the Global Data Plane
%I EECS Department, University of California, Berkeley
%D 2022
%8 May 31
%@ UCB/EECS-2022-168
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2022/EECS-2022-168.html
%F Mullen:EECS-2022-168