CryptSQLite: Protecting Data Confidentiality of SQLite with Intel SGX

Protecting data confidentiality for database systems is a critical but challenging problem. In this paper, we propose a novel architecture to address this problem by combining Intel Software Guard Extensions (SGX) technology and the symmetric encryption scheme. Based on the proposed architecture, we use SQLite, a lightweight database system, as a study case and propose CryptSQLite to protect its data confidentiality. Our security analysis showed that CryptSQLite can protect the data confidentiality against attacks from outside attackers, malicious insiders, and malicious neighboring users. We further developed a prototype system based on the design. Our experimental results showed that CryptSQLite is a viable solution and incurs a moderate performance overhead.