SgxSplitDB is an experimental secure and memory efficient RDBMS based on intel SGX.
intel SGX is an extention of intel CPU and used to protect data on not only storage layers but also memory layers for preventing the threat (eg. cloud vendors) from obtaining data, so that we can protect data on the memory by executing all processes of RDBMS on "Enclave" areas, the encrypted memory area generated by intel SGX.
EnclaveDB is an popular project of secure RDBMS and the feature is that most components and all data are processed on the Enclave, so that it enables us to protect data on the memory even in process execution. However, if we don't have an enough Enclave memory for processing a lot of data (eg. the case of using small virtual machine on the server), it might occur the performance bottlenecks because of the delay of page swapping of Enclave memory. We focus on the problem, so we propose a SgxSplitDB which protect data in RDBMS and extends the upper limit of TEE-based performance. There are two features that SgxSplitDB splits data into sensitive and non-sensitive data at the time of making table, and process only sensitive data on the Enclave memory, so that it enables us to decrease the amount of Enclave memory while protecting data on the memory.
Paper: Memory Efficient Data-Protection for Database Utilizing Secure/Unsecured Area of Intel SGX
sample test sample