Why your encrypted Database isn't secure: practical attacks against encrypted OSS databases

(Dan Draper) There is a growing trend of encrypting data stored in relational databases such as PostgreSQL and MariaDB. The goal is to improve the security of the data we store. But how effective is encryption at meeting that goal? Hint: not as effective as you might think! So what are the limitations of an encrypted database and what should you be aware of to mitigate potential attacks? (And while maintaining performance, scalability and usability!) In this talk, Dan Draper summarises several recent papers from Cornell, Stanford and the University of Illinois on practical attacks against encrypted databases. He also provides some guidance and examples of how to mitigate these risks, how they can be factored into a threat-model and provides a look some alternative approaches that go some way towards addressing the problems.

https://lca2022.linux.org.au/schedule...

Videos licensed as CC BY-NC-SA 4.0

linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/

Produced by Next Day Video Australia: https://nextdayvideo.com.au

#linux.conf.au #linux #foss #opensource

Sun Jan 16 14:25:00 2022 at Kaya Theatre