1. 4

  2. 2

    Great work and thanks for sharing it! Good title, too. I like that you’re treating usability as a security property. It is. Biggest takeaway from this write-up regardless of what people are working on.

    It’s a field I haven’t studied that much since I wasn’t sure it was solvable. Your write-up describes a constant balancing act that reveals that, as of 2019, this stuff is still really hard to do without leaks. Now, one thing did jump out at me:

    “Some application developers really trust their database server to not lie to the application.”

    Maybe figure out how to make that the case past old, attestation schemes. I remember there were teams designing oblivious CPU’s and such. Then, there was work doing arbitrary algorithms much faster than in the past. I wonder what would happen if we layered the most lighting-fast, simple database possible (esp key-value store) on top of one of those. Maybe not even all of it: just the storage backend with the client doing query planning sending the queries to run obliviously.

    This might have already been tried: I haven’t read any of the literature past skimming some abstracts before submitting them here. Just brainstorming based on a handful of papers. Kind of applying high-assurance thinking where we start with a general-purpose, simple TCB that we stretch to do as much as possible. In this case, the TCB would be private, leak-proof, execution container with some interface to untrusted part with fast CPU’s and massive storage. Curious what you think since you’ve probably read up on where that sub-field is actually at.