research-article

SQL Ledger: Cryptographically Verifiable Data in Azure SQL Database

Authors:

Panagiotis Antonopoulos,

Raghav Kaushik,

Hanuma Kodavalla,

Sergio Rosales Aceves,

Jason Anderson,

Jakub SzymaszekAuthors Info & Claims

SIGMOD '21: Proceedings of the 2021 International Conference on Management of Data

Pages 2437 - 2449

https://doi.org/10.1145/3448016.3457558

Published: 18 June 2021 Publication History

Abstract

SQL Ledger is a new technology that allows cryptographically verifying the integrity of relational data stored in Azure SQL Database and SQL Server. This is achieved by maintaining all historical data in the database and persisting its cryptographic (SHA-256) digests in an immutable, tamper-evident ledger. Digests representing the overall state of the ledger can then be extracted and stored outside of the RDBMS to protect the data from any attacker or high privileged user, including DBAs, system and cloud administrators. The ledger and the historical data are managed transparently, offering protection without any application changes. Historical data is maintained in a relational form to support SQL queries for auditing, forensics and other purposes. SQL Ledger provides cryptographic data integrity guarantees while maintaining the power, flexibility and performance of a commercial RDBMS. In contrast to Blockchain solutions that aim for full integrity, SQL Ledger offers a form of integrity protection known as Forward Integrity. The proposed technology is significantly cheaper and more secure than traditional solutions that establish trust based on audits or mediators, but also has substantial advantages over Blockchain solutions that are complex to deploy, lack data management capabilities and suffer in terms of performance due to their decentralized nature.

Supplementary Material

MP4 File (3448016.3457558.mp4)

SQL Ledger is a new technology that allows cryptographically verifying the integrity of relational data stored in Azure SQL Database and SQL Server. This is achieved by maintaining all historical data in the database and persisting its cryptographic (SHA-256) digests in an immutable, tamper-evident ledger. Digests representing the overall state of the ledger can then be extracted and stored outside of the RDBMS to protect the data from any attacker or high privileged user, including DBAs, system and cloud administrators. The ledger and the historical data are managed transparently, offering protection without any application changes. Historical data is maintained in a relational form to support SQL queries for auditing, forensics and other purposes. SQL Ledger provides cryptographic data integrity guarantees while maintaining the power, flexibility and performance of a commercial RDBMS. In contrast to Blockchain solutions that aim for full integrity, SQL Ledger offers a form of integrity protection known as Forward Integrity. The proposed technology is significantly cheaper and more secure than traditional solutions that establish trust based on audits or mediators, but also has substantial advantages over Blockchain solutions that are complex to deploy, lack data management capabilities and suffer in terms of performance due to their decentralized nature.

Download
193.11 MB

References

[1]

E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. De Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich, et al. Hyperledger fabric: a distributed operating system for permissioned blockchains. In Proceedings of the Thirteenth EuroSys Conference, page 30. ACM, 2018.

[2]

P. Antonopoulos, A. Budovski, C. Diaconu, A. Hernandez Saenz, J. Hu, H. Kodavalla, D. Kossmann, S. Lingam, U. Farooq Minhas, N. Prakash, V. Purohit, H. Qu, C. Sreenivas Ravella, K. Reisteter, S. Shrotri, D. Tang, and V. Wakade. 2019. Socrates: The New SQL Server in the Cloud. In Proceedings of the 2019 International Conference on Management of Data (SIGMOD '19). Association for Computing Machinery, New York, NY, USA, 1743--1756.

Digital Library

[3]

A. Arasu, K. Eguro, R. Kaushik, D. Kossmann, P. Meng, V. Pandey, and R. Ramamurthy. 2017. Concerto: A High Concurrency Key-Value Store with Integrity. In Proceedings of the 2017 ACM International Conference on Management of Data (SIGMOD '17). Association for Computing Machinery, New York, NY, USA, 251--266.

[4]

AWS. Amazon Quantum Ledger Database. https://aws.amazon.com/qldb.

[5]

S. Bajaj and R. Sion. Trusteddb: A trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng., 26(3):752--765, 2014.

Digital Library

[6]

A. Baumann, M. Peinado, and G. C. Hunt. Shielding applications from an untrusted cloud with Haven. In OSDI, pages 267--283, 2014.

Digital Library

[7]

M. Bellare and B. Yee. Forward Integrity for Secure Audit Logs. Tech. rep. Computer Science and Engineering Department, University of California at San Diego, 1997.

[8]

ConsenSys. Quorum. https://consensys.net/quorum/

[9]

Corda. https://www.corda.net.

[10]

P. T. Devanbu, M. Gertz, C. U. Martel, and S. G. Stubblebine. Authentic data publication over the internet. Journal of Computer Security, 11(3):291--314, 2003.

Digital Library

[11]

Ethereum. https://www.ethereum.org.

[12]

Everledger. https://www.everledger.io

[13]

R. Jain and S. Prabhakar. Trustworthy data from untrusted databases. In ICDE, pages 529--540, 2013.

Digital Library

[14]

L. Lamport, R. Shostak, and M. Pease. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems, 4(3), 1982.

[15]

F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin. Dynamic authenticated index structures for outsourced databases. In SIGMOD, pages 121--132, 2006.

Digital Library

[16]

T. McConaghy, R. Marques, A. Muller, D. De Jonghe, T. McConaghy, G. McMullen, R. Henderson, S. Bellemare, and A. Granzotto. Bigchaindb: a scalable blockchain database. white paper, BigChainDB, 2016.

[17]

F. McKeen, I. Alexandrovich, A. Berenzon, et al. Innovative instructions and software model for isolated execution. In HASP, 2013.

Digital Library

[18]

R. C. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, pages 369--378, 1987.

[19]

Microsoft. Azure Immutable Blob Storage. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

[20]

Microsoft. Azure SQL Database Point in Time Restore. https://azure.microsoft.com/en-us/blog/azure-sql-database-point-in-time-restore/

[21]

Microsoft. Copy a transactionally consistent copy of a database in Azure SQL Database. https://docs.microsoft.com/en-us/azure/azure-sql/database/database-copy

[22]

C. Mohan, D. J. Haderle, B.G. Lindsay, H. Pirahesh, P. M. Schwarz. ARIES: A Transaction Recovery Method Supporting Fine-Granularity Locking and Partial Rollbacks Using Write-Ahead Logging. ACM TODS, 17(1):94--162, 1992.

Digital Library

[23]

E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2004.

[24]

S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008

[25]

Oracle. Oracle Blockchain Table https://docs.oracle.com/en/database/oracle/oracle-database/20/newft/oracle-blockchain-table.html

[26]

H. Pang, A. Jain, K. Ramamritham, and K. Tan. Verifying completeness of relational query results in data publishing. In SIGMOD, pages 407--418, 2005.

Digital Library

[27]

H. Pang and K. Tan. Authenticating query results in edge computing. In ICDE, pages 560--571, 2004.

Digital Library

[28]

F. M. Schuhknecht, A. Sharma, J. Dittrich, and D. Agrawal. ChainifyDB: How to Blockchainify any Data Management System. 2019.

[29]

S. Singh and S. Prabhakar. Ensuring correctness over untrusted private database. In EDBT, pages 476--486, 2008

Digital Library

[30]

Y. Zhang, J. Katz, and C. Papamanthou. IntegriDB: Verifiable SQL for outsourced databases. In CCS, pages 1480--1491, 2015.

Cited By

Yang XYue CZhang WLiu YOoi BChen J(2024)SecuDB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational DatabaseProceedings of the VLDB Endowment10.14778/3685800.368581517:12(3906-3919)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.14778/3685800.3685815
Tian SLu ZZhuo HTang XHong PChen SYang DYan YJiang ZZhang HJiang GBarcelo PSanchez-Pi NMeliou ASudarshan S(2024)LETUS: A Log-Structured Efficient Trusted Universal BlockChain StorageCompanion of the 2024 International Conference on Management of Data10.1145/3626246.3653390(161-174)Online publication date: 9-Jun-2024
https://dl.acm.org/doi/10.1145/3626246.3653390
Wang HXu CChen XZhang CHu HTian SYan YXu J(2024)V2FS : A Verifiable Virtual Filesystem for Multi-Chain Query Authentication2024 IEEE 40th International Conference on Data Engineering (ICDE)10.1109/ICDE60146.2024.00160(1999-2011)Online publication date: 13-May-2024
https://doi.org/10.1109/ICDE60146.2024.00160
Show More Cited By

Index Terms

SQL Ledger: Cryptographically Verifiable Data in Azure SQL Database
1. Information systems
  1. Data management systems
    1. Database management system engines
      1. DBMS engine architectures
2. Security and privacy
  1. Database and storage security

Recommendations

Azure SQL Database Always Encrypted
SIGMOD '20: Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data

This paper presents Always Encrypted, a recently released feature of Microsoft SQL Server that uses column granularity encryption to provide cryptographic data protection guarantees. Always Encrypted can be used to outsource database administration ...
Sql: Learn Basics of Queries and Implement Easily (sql programming, SQL 2016, sql database programming, sql for beginners, sql beginners guide, sql ... sql workbook, sql guide, MSSQL) (Volume 1)
Oracle Database 12c SQL

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGMOD '21: Proceedings of the 2021 International Conference on Management of Data

June 2021

2969 pages

ISBN:9781450383431

DOI:10.1145/3448016

General Chairs:
Guoliang Li
Tsinghua University (China)
,
Zhanhuai Li
Northwestern Polytechnical University (China)
,
Program Chairs:
Stratos Idreos
Harvard University (USA)
,
Divesh Srivastava
AT&T (USA)

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOD: ACM Special Interest Group on Management of Data

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGMOD/PODS '21

Sponsor:

SIGMOD

SIGMOD/PODS '21: International Conference on Management of Data

June 20 - 25, 2021

Virtual Event, China

Acceptance Rates

Overall Acceptance Rate 785 of 4,003 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
741
Total Downloads

Downloads (Last 12 months)102
Downloads (Last 6 weeks)7

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yang XYue CZhang WLiu YOoi BChen J(2024)SecuDB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational DatabaseProceedings of the VLDB Endowment10.14778/3685800.368581517:12(3906-3919)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.14778/3685800.3685815
Tian SLu ZZhuo HTang XHong PChen SYang DYan YJiang ZZhang HJiang GBarcelo PSanchez-Pi NMeliou ASudarshan S(2024)LETUS: A Log-Structured Efficient Trusted Universal BlockChain StorageCompanion of the 2024 International Conference on Management of Data10.1145/3626246.3653390(161-174)Online publication date: 9-Jun-2024
https://dl.acm.org/doi/10.1145/3626246.3653390
Wang HXu CChen XZhang CHu HTian SYan YXu J(2024)V2FS : A Verifiable Virtual Filesystem for Multi-Chain Query Authentication2024 IEEE 40th International Conference on Data Engineering (ICDE)10.1109/ICDE60146.2024.00160(1999-2011)Online publication date: 13-May-2024
https://doi.org/10.1109/ICDE60146.2024.00160
Liu YZhang JDing XGuo BHu DJiang Y(2024)Efficient Data Asset Right Provenance for Data Asset Trading Based on BlockchainKnowledge Science, Engineering and Management10.1007/978-981-97-5501-1_12(151-162)Online publication date: 27-Jul-2024
https://doi.org/10.1007/978-981-97-5501-1_12
Fernández‐Bravo Peñuela FArjona Aroca JMuñoz‐Escoí FYatsyk Gavrylyak YIllán García IBernabéu‐Aubán J(2024)DELTA: A Modular, Transparent, and Efficient Synchronization of DLTs and DatabasesInternational Journal of Network Management10.1002/nem.229334:5Online publication date: 5-Aug-2024
https://doi.org/10.1002/nem.2293
Platt MMcBurney P(2023)Sybil in the Haystack: A Comprehensive Review of Blockchain Consensus Mechanisms in Search of Strong Sybil Attack ResistanceAlgorithms10.3390/a1601003416:1(34)Online publication date: 6-Jan-2023
https://doi.org/10.3390/a16010034
Yang XZhang RYue CLiu YOoi BGao QZhang YYang H(2023)VeDB: A Software and Hardware Enabled Trusted Relational DatabaseProceedings of the ACM on Management of Data10.1145/35897741:2(1-27)Online publication date: 20-Jun-2023
https://dl.acm.org/doi/10.1145/3589774
Wang CCai LHuang FQiu WLi C(2023)VI-Store: Towards Optimizing Blockchain-Oriented Verifiable Ledger Database2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS60453.2023.00243(1751-1758)Online publication date: 17-Dec-2023
https://doi.org/10.1109/ICPADS60453.2023.00243
Barger AFunaro LLaventman GMeir HMoshkovich DNatarajan STock Y(2023)Orion: A Centralized Blockchain Database with Multi-Party Data Access Control2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC56567.2023.10174914(1-9)Online publication date: 1-May-2023
https://doi.org/10.1109/ICBC56567.2023.10174914
Oruma SPetrovic S(2023)Security Threats to 5G Networks for Social Robots in Public Spaces: A SurveyIEEE Access10.1109/ACCESS.2023.328833811(63205-63237)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3288338
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents