Is your Database Leaking Encrypted Data?

Alexander Rasin

Alexander Rasin

Speaker Bio

Dr. Alexander Rasin is an Associate Professor in the College of Computing and Digital Media (CDM) at DePaul University. He received his Ph.D. and M.Sc. in Computer Science from Brown University, Providence. He is a co-Director of Data Systems and Optimization Lab at CDM and his primary research interest is in cybersecurity problems of preventing data tampering and exfiltration, establishing standards for database forensic analysis, and developing fine-grained access control polices. Dr. Rasin’s other research projects focus on building and tuning the performance of domain-specific data management systems — including biomedical data integration, user-defined predicate query optimisiation, and physical database design and indexing. Several of his research projects are supported by NSF and NIST.


Forensic tools often operate in adversarial conditions, without cooperation from the device owner. Storage encryption (either device-drive or software) prevents forensic tools from accessing and reconstructing data in persistent storage. Meanwhile, RAM and its cache can provide an alternate source of decrypted data to forensic tools. Prior data encryption research considered disk partition encryption, encryption in file systems, and client-side encryption. However, such work does not account for encryption in database management systems (DBMS). DBMSes manage their own storage instead of relying on the operating system with native DBMS support for disk and RAM cache management, access control configuration, and built-in encryption features.
The first part of this talk teaches the basic principles of disk-to-RAM data flow within a DBMS. We describe different allocated RAM areas and their purpose in major relational DBMSes (including  Oracle, SQL Server, PostgreSQL, and MySQL). We also survey the built-in encryption features available in these DBMSes, including deployment trade-offs. The second part of this talk describes DBMS encryption vulnerabilities through examples. We discuss SQL operations that potentially expose decrypted data in RAM. We also demonstrate the quantity of data cached by SQL queries and the lifecycle of that data in memory.