Suche senden
Hochladen
DB vs. encryption
•
0 gefällt mir
•
111 views
T
Tomas Vondra
Folgen
Lightning talk introducing the idea of off-loading encryption to a trusted component.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 19
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
LDAP Injection
LDAP Injection
NSConclave
App Security and Securing App
App Security and Securing App
Andreas Schranzhofer
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Greg Bailey
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
Docker, Inc.
Shift Left Security
Shift Left Security
gjdevos
Empfohlen
LDAP Injection
LDAP Injection
NSConclave
App Security and Securing App
App Security and Securing App
Andreas Schranzhofer
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Fun with Macros & Other Sneaky Tricks to Avoid Detection - SANS Manchester 2020
Greg Bailey
Fluentd and Docker - running fluentd within a docker container
Fluentd and Docker - running fluentd within a docker container
Treasure Data, Inc.
Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
Docker, Inc.
Shift Left Security
Shift Left Security
gjdevos
Security in open source projects
Security in open source projects
Jose Manuel Ortega Candel
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
ScyllaDB
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Saurabh Verma
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2
Fluentd - Unified logging layer
Fluentd - Unified logging layer
Treasure Data, Inc.
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
Márton Kodok
G Data Retail 2011 English
G Data Retail 2011 English
Daniel Chee
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
Paula Januszkiewicz
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
Coding Security: Code Mania 101
Coding Security: Code Mania 101
Narudom Roongsiriwong, CISSP
Secure Programming
Secure Programming
alpha0
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
Vlad Fedosov
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
Giovanni Galloro
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebula Project
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
Dmytro Korzhevin
(In) Security graph database in real world
(In) Security graph database in real world
Miguel Hernández Boza
Enhance system transparency and truthfulness with request tracing
Enhance system transparency and truthfulness with request tracing
Sam Keen
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
Miguel Angel Fajardo
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Rod Soto
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
Andrew Liu
CREATE STATISTICS - What is it for? (PostgresLondon)
CREATE STATISTICS - What is it for? (PostgresLondon)
Tomas Vondra
Data corruption
Data corruption
Tomas Vondra
Weitere ähnliche Inhalte
Ähnlich wie DB vs. encryption
Security in open source projects
Security in open source projects
Jose Manuel Ortega Candel
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
ScyllaDB
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Saurabh Verma
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2
Fluentd - Unified logging layer
Fluentd - Unified logging layer
Treasure Data, Inc.
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
Márton Kodok
G Data Retail 2011 English
G Data Retail 2011 English
Daniel Chee
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
Paula Januszkiewicz
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
Coding Security: Code Mania 101
Coding Security: Code Mania 101
Narudom Roongsiriwong, CISSP
Secure Programming
Secure Programming
alpha0
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
Vlad Fedosov
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
Giovanni Galloro
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebula Project
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
Dmytro Korzhevin
(In) Security graph database in real world
(In) Security graph database in real world
Miguel Hernández Boza
Enhance system transparency and truthfulness with request tracing
Enhance system transparency and truthfulness with request tracing
Sam Keen
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
Miguel Angel Fajardo
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Rod Soto
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
Andrew Liu
Ähnlich wie DB vs. encryption
(20)
Security in open source projects
Security in open source projects
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
Zeotap: Moving to ScyllaDB - A Graph of Billions Scale
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
WSO2Con USA 2015: An Introduction to the WSO2 Analytics Platform
Fluentd - Unified logging layer
Fluentd - Unified logging layer
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
GDG DevFest Ukraine - Powering Interactive Data Analysis with Google BigQuery
G Data Retail 2011 English
G Data Retail 2011 English
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Coding Security: Code Mania 101
Coding Security: Code Mania 101
Secure Programming
Secure Programming
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
(In) Security graph database in real world
(In) Security graph database in real world
Enhance system transparency and truthfulness with request tracing
Enhance system transparency and truthfulness with request tracing
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
DataEng Mad - 03.03.2020 - Tibero 30-min Presentation.pdf
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
[PASS Summit 2016] Blazing Fast, Planet-Scale Customer Scenarios with Azure D...
Mehr von Tomas Vondra
CREATE STATISTICS - What is it for? (PostgresLondon)
CREATE STATISTICS - What is it for? (PostgresLondon)
Tomas Vondra
Data corruption
Data corruption
Tomas Vondra
CREATE STATISTICS - what is it for?
CREATE STATISTICS - what is it for?
Tomas Vondra
PostgreSQL performance improvements in 9.5 and 9.6
PostgreSQL performance improvements in 9.5 and 9.6
Tomas Vondra
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
Tomas Vondra
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
Tomas Vondra
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Tomas Vondra
Performance improvements in PostgreSQL 9.5 and beyond
Performance improvements in PostgreSQL 9.5 and beyond
Tomas Vondra
Postgresql na EXT3/4, XFS, BTRFS a ZFS
Postgresql na EXT3/4, XFS, BTRFS a ZFS
Tomas Vondra
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Tomas Vondra
Novinky v PostgreSQL 9.4 a JSONB
Novinky v PostgreSQL 9.4 a JSONB
Tomas Vondra
PostgreSQL performance archaeology
PostgreSQL performance archaeology
Tomas Vondra
Výkonnostní archeologie
Výkonnostní archeologie
Tomas Vondra
Český fulltext a sdílené slovníky
Český fulltext a sdílené slovníky
Tomas Vondra
SSD vs HDD / WAL, indexes and fsync
SSD vs HDD / WAL, indexes and fsync
Tomas Vondra
Checkpoint (CSPUG 22.11.2011)
Checkpoint (CSPUG 22.11.2011)
Tomas Vondra
Čtení explain planu (CSPUG 21.6.2011)
Čtení explain planu (CSPUG 21.6.2011)
Tomas Vondra
Replikace (CSPUG 19.4.2011)
Replikace (CSPUG 19.4.2011)
Tomas Vondra
PostgreSQL / Performance monitoring
PostgreSQL / Performance monitoring
Tomas Vondra
Mehr von Tomas Vondra
(19)
CREATE STATISTICS - What is it for? (PostgresLondon)
CREATE STATISTICS - What is it for? (PostgresLondon)
Data corruption
Data corruption
CREATE STATISTICS - what is it for?
CREATE STATISTICS - what is it for?
PostgreSQL performance improvements in 9.5 and 9.6
PostgreSQL performance improvements in 9.5 and 9.6
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
PostgreSQL na EXT4, XFS, BTRFS a ZFS / FOSDEM PgDay 2016
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
PostgreSQL na EXT4, XFS, BTRFS a ZFS / OpenAlt
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Performance improvements in PostgreSQL 9.5 and beyond
Performance improvements in PostgreSQL 9.5 and beyond
Postgresql na EXT3/4, XFS, BTRFS a ZFS
Postgresql na EXT3/4, XFS, BTRFS a ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
Novinky v PostgreSQL 9.4 a JSONB
Novinky v PostgreSQL 9.4 a JSONB
PostgreSQL performance archaeology
PostgreSQL performance archaeology
Výkonnostní archeologie
Výkonnostní archeologie
Český fulltext a sdílené slovníky
Český fulltext a sdílené slovníky
SSD vs HDD / WAL, indexes and fsync
SSD vs HDD / WAL, indexes and fsync
Checkpoint (CSPUG 22.11.2011)
Checkpoint (CSPUG 22.11.2011)
Čtení explain planu (CSPUG 21.6.2011)
Čtení explain planu (CSPUG 21.6.2011)
Replikace (CSPUG 19.4.2011)
Replikace (CSPUG 19.4.2011)
PostgreSQL / Performance monitoring
PostgreSQL / Performance monitoring
Kürzlich hochgeladen
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Kürzlich hochgeladen
(20)
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
DB vs. encryption
1.
DB vs. encryption
2.
credit card numbers
3.
credit card numbers (or
anything sensitive)
4.
full-disk encryption ● ● ● ● pgcrypto
5.
full-disk encryption ● data-at-rest
protection (theft of device) ● SQL injection ● filesystem-level access ● evil DBA pgcrypto
6.
full-disk encryption ● data-at-rest
protection (theft of device) ● SQL injection ● filesystem-level access ● evil DBA pgcrypto ● data-in-flight protection ● easy to leak key into logs / monitoring systems
7.
application-level encryption
8.
application (encrypt + decrypt) database
9.
can't compare /
hash values => no indexing, aggregation, ...
10.
can't compare /
hash values => no indexing, aggregation, ... (a lot of processing moves to app)
11.
So what can
we do about it?
12.
application (encrypt + decrypt) database
13.
application (encrypt + decrypt) database crypto (compare)
14.
application (encrypt + decrypt) database crypto (compare) compare(A,B)
15.
application (encrypt + decrypt) database crypto (compare) compare(A,B) -1/0/1
16.
application (encrypt + decrypt) database ●
CREATE INDEX ● GROUP BY ● WHERE crypto (compare)
17.
host B host C application (encrypt
+ decrypt) database ● CREATE INDEX ● GROUP BY ● WHERE crypto (compare) host A TCP
18.
host B TrustZone /
SGX HSM / usbarmory application (encrypt + decrypt) database ● CREATE INDEX ● GROUP BY ● WHERE crypto (compare) host A IPC
19.
https://github.com/tvondra/ccnumber ● PoC /
ugly prototype ● custom encrypted data type ● trusted component (comparator) ● communication over TCP/IP
Jetzt herunterladen