Keeping Secrets: Emerging Practice in Database Encryption

The presentation discusses the importance of threat model driven design in cybersecurity and DevOps, highlighting the vulnerabilities of snapshot attacks and the need for zero knowledge models in key management.

• Academic papers often discuss snapshot attacks, but there are other vulnerabilities to consider in threat model driven design
• VMware live motion and Google's cross cloud live migration use memory snapshots, which can be a problem for encrypted databases
• Web application security is crucial in protecting against insider threats and compromised keys
• Client-side encryption with homomorphic encryption is a promising solution for zero knowledge models in key management
• Hardware security modules and field level keys must be carefully guarded to minimize exposure
• Real-time anomaly detection and key segregation are important defenses against breaches

The speaker recounts walking into large fortune 50 companies where key management and identity policy were not properly implemented, emphasizing the need for better understanding of operator visibility and exposure paths.

A wide gap exists between real-world attack scenarios and the implicit security guarantees of most popular databases, particularly around confidentiality of encrypted information. This talk will review the latest advances and breaks in database encryption techniques, including searchable encryption, multi-party authorization, and attribute based access.The presentation will provide architects and defenders with specific practical guidance to protect high-sensitivity workloads in the most demanding privacy & compliance environments. We will dive-deep into database encryption threat models and the realities of production ops, including emerging methods around data in-use and blind administrator models.