Enclaive's Confidential Container in Use: MariaDB and Data-in-Use Encryption

Comments off | SQL By · 10/01/2023



Enclaive's Confidential Container in Use: MariaDB and Data-in-Use Encryption

Enclaive's Confidential Container in Use: MariaDB and Data-in-Use Encryption

MariaDB-SGX is a confidential cloud compute-ready version of MariaDB. Using enclaive’s confidential compute and Intel SGX technology, MariaDB is turned into a Data-in-Use encrypted database, meaning any query on data is fully encrypted way while assuring the integrity of the database.

Goal

MariaDB runs in a confidential container vs. “vanilla” container. We aim to protect the import of user:pass list. and demonstrate that MariaDB in a confidential container does not leak the tuples, while the vanilla version does.

Outline

1. run docker-compose to start two identical containers of the MariaDB, left in a confidential container; right in a standard container. Note that prior to starting the containers, we created a file with passwords and SQL insert commands (insert.sql).
2a. vanilla container allows reading the passwords in the cleartext after import (bottom right terminal)
2b. confidential container leaks no passwords (bottom right terminal).

The rationality is that the file imported within the confidential container is a fully memory-encrypted process shielded from other applications running on the system.

🚨🚨 LIKE OR SUBSCRIBE TO SUPPORT MORE DEMOS 🚨🚨

👉 Try it: https://github.com/enclaive/enclaive-docker-mariadb-sgx/tree/demo
👉 More examples: https://github.com/enclaive/
👉 Web site: https://enclaive.io

#mariadb #docker #kubernetes #sgx #confidentialcomputing

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav