Enviar pesquisa
Carregar
Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
•
13 gostaram
•
12,421 visualizações
Masahiko Sawada
Seguir
Talk at FOSDEM PGDAY 2019
Leia menos
Leia mais
Software
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 46
Baixar agora
Baixar para ler offline
Recomendados
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
Change Data Feed in Delta
Change Data Feed in Delta
Databricks
All about Zookeeper and ClickHouse Keeper.pdf
All about Zookeeper and ClickHouse Keeper.pdf
Altinity Ltd
Analytics at Speed: Introduction to ClickHouse and Common Use Cases. By Mikha...
Analytics at Speed: Introduction to ClickHouse and Common Use Cases. By Mikha...
Altinity Ltd
The basics of fluentd
The basics of fluentd
Treasure Data, Inc.
Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15
Jonathan Katz
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
Mydbops
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
Jonathan Katz
Recomendados
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
Change Data Feed in Delta
Change Data Feed in Delta
Databricks
All about Zookeeper and ClickHouse Keeper.pdf
All about Zookeeper and ClickHouse Keeper.pdf
Altinity Ltd
Analytics at Speed: Introduction to ClickHouse and Common Use Cases. By Mikha...
Analytics at Speed: Introduction to ClickHouse and Common Use Cases. By Mikha...
Altinity Ltd
The basics of fluentd
The basics of fluentd
Treasure Data, Inc.
Looking ahead at PostgreSQL 15
Looking ahead at PostgreSQL 15
Jonathan Katz
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
Mydbops
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
Jonathan Katz
Elk
Elk
Caleb Wang
Performance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshooting
Sveta Smirnova
Elastic Stack Introduction
Elastic Stack Introduction
Vikram Shinde
Migration to ClickHouse. Practical guide, by Alexander Zaitsev
Migration to ClickHouse. Practical guide, by Alexander Zaitsev
Altinity Ltd
Best Practices for Running PostgreSQL on AWS - DAT314 - re:Invent 2017
Best Practices for Running PostgreSQL on AWS - DAT314 - re:Invent 2017
Amazon Web Services
Evening out the uneven: dealing with skew in Flink
Evening out the uneven: dealing with skew in Flink
Flink Forward
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3
PoguttuezhiniVP
Terraform
Terraform
Phil Wilkins
The Elastic ELK Stack
The Elastic ELK Stack
enterprisesearchmeetup
Hardening Kafka Replication
Hardening Kafka Replication
confluent
Introduction VAUUM, Freezing, XID wraparound
Introduction VAUUM, Freezing, XID wraparound
Masahiko Sawada
YugaByte DB Internals - Storage Engine and Transactions
YugaByte DB Internals - Storage Engine and Transactions
Yugabyte
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
SATOSHI TAGOMORI
How to tune Kafka® for production
How to tune Kafka® for production
confluent
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Amazon Web Services
A Fast Intro to Fast Query with ClickHouse, by Robert Hodges
A Fast Intro to Fast Query with ClickHouse, by Robert Hodges
Altinity Ltd
Elasticsearch
Elasticsearch
Hermeto Romano
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
Grant McAlister
Bridge to Cloud: Using Apache Kafka to Migrate to GCP
Bridge to Cloud: Using Apache Kafka to Migrate to GCP
confluent
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides
Altinity Ltd
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Severalnines
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Alluxio, Inc.
Mais conteúdo relacionado
Mais procurados
Elk
Elk
Caleb Wang
Performance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshooting
Sveta Smirnova
Elastic Stack Introduction
Elastic Stack Introduction
Vikram Shinde
Migration to ClickHouse. Practical guide, by Alexander Zaitsev
Migration to ClickHouse. Practical guide, by Alexander Zaitsev
Altinity Ltd
Best Practices for Running PostgreSQL on AWS - DAT314 - re:Invent 2017
Best Practices for Running PostgreSQL on AWS - DAT314 - re:Invent 2017
Amazon Web Services
Evening out the uneven: dealing with skew in Flink
Evening out the uneven: dealing with skew in Flink
Flink Forward
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3
PoguttuezhiniVP
Terraform
Terraform
Phil Wilkins
The Elastic ELK Stack
The Elastic ELK Stack
enterprisesearchmeetup
Hardening Kafka Replication
Hardening Kafka Replication
confluent
Introduction VAUUM, Freezing, XID wraparound
Introduction VAUUM, Freezing, XID wraparound
Masahiko Sawada
YugaByte DB Internals - Storage Engine and Transactions
YugaByte DB Internals - Storage Engine and Transactions
Yugabyte
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
SATOSHI TAGOMORI
How to tune Kafka® for production
How to tune Kafka® for production
confluent
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Amazon Web Services
A Fast Intro to Fast Query with ClickHouse, by Robert Hodges
A Fast Intro to Fast Query with ClickHouse, by Robert Hodges
Altinity Ltd
Elasticsearch
Elasticsearch
Hermeto Romano
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
Grant McAlister
Bridge to Cloud: Using Apache Kafka to Migrate to GCP
Bridge to Cloud: Using Apache Kafka to Migrate to GCP
confluent
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides
Altinity Ltd
Mais procurados
(20)
Elk
Elk
Performance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshooting
Elastic Stack Introduction
Elastic Stack Introduction
Migration to ClickHouse. Practical guide, by Alexander Zaitsev
Migration to ClickHouse. Practical guide, by Alexander Zaitsev
Best Practices for Running PostgreSQL on AWS - DAT314 - re:Invent 2017
Best Practices for Running PostgreSQL on AWS - DAT314 - re:Invent 2017
Evening out the uneven: dealing with skew in Flink
Evening out the uneven: dealing with skew in Flink
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3
Terraform
Terraform
The Elastic ELK Stack
The Elastic ELK Stack
Hardening Kafka Replication
Hardening Kafka Replication
Introduction VAUUM, Freezing, XID wraparound
Introduction VAUUM, Freezing, XID wraparound
YugaByte DB Internals - Storage Engine and Transactions
YugaByte DB Internals - Storage Engine and Transactions
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
How to tune Kafka® for production
How to tune Kafka® for production
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
A Fast Intro to Fast Query with ClickHouse, by Robert Hodges
A Fast Intro to Fast Query with ClickHouse, by Robert Hodges
Elasticsearch
Elasticsearch
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
re:Invent 2022 DAT326 Deep dive into Amazon Aurora and its innovations
Bridge to Cloud: Using Apache Kafka to Migrate to GCP
Bridge to Cloud: Using Apache Kafka to Migrate to GCP
A Day in the Life of a ClickHouse Query Webinar Slides
A Day in the Life of a ClickHouse Query Webinar Slides
Semelhante a Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Severalnines
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Alluxio, Inc.
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Surekha Parekh
Denver Big Data Analytics Day
Denver Big Data Analytics Day
Zivaro Inc
Oracle Storage a ochrana dat
Oracle Storage a ochrana dat
MarketingArrowECS_CZ
MySQL Data Encryption at Rest
MySQL Data Encryption at Rest
Mydbops
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
Laura Hood
NVMe and Flash – Make Your Storage Great Again!
NVMe and Flash – Make Your Storage Great Again!
DataCore Software
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Neo4j
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems
Baruch Osoveskiy
Oracle SPARC T7 a M7 servery
Oracle SPARC T7 a M7 servery
MarketingArrowECS_CZ
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
Yashi Italia
PGEncryption_Tutorial
PGEncryption_Tutorial
Vibhor Kumar
Galaxy Big Data with MariaDB
Galaxy Big Data with MariaDB
MariaDB Corporation
Zsq03116usen 02
Zsq03116usen 02
Manikandan Suresh
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
UniFabric
[아이펀팩토리] 2017 NDCP
[아이펀팩토리] 2017 NDCP
iFunFactory Inc.
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADE
Rocket Software
Semelhante a Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
(20)
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Accelerate and Scale Big Data Analytics with Disaggregated Compute and Storage
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Key Note Session IDUG DB2 Seminar, 16th April London - Julian Stuhler .Trito...
Denver Big Data Analytics Day
Denver Big Data Analytics Day
Oracle Storage a ochrana dat
Oracle Storage a ochrana dat
MySQL Data Encryption at Rest
MySQL Data Encryption at Rest
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
NVMe and Flash – Make Your Storage Great Again!
NVMe and Flash – Make Your Storage Great Again!
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
Encrypting and Protecting Your Data in Neo4j(Jeff_Tallman).pptx
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
Oracle Performance On Linux X86 systems
Oracle Performance On Linux X86 systems
Oracle SPARC T7 a M7 servery
Oracle SPARC T7 a M7 servery
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
Yashi dealer meeting settembre 2016 tecnologie xeon intel italia
PGEncryption_Tutorial
PGEncryption_Tutorial
Galaxy Big Data with MariaDB
Galaxy Big Data with MariaDB
Zsq03116usen 02
Zsq03116usen 02
NGENSTOR_ODA_P2V_V5
NGENSTOR_ODA_P2V_V5
[아이펀팩토리] 2017 NDCP
[아이펀팩토리] 2017 NDCP
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADE
Mais de Masahiko Sawada
PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説
Masahiko Sawada
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
Masahiko Sawada
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報
Masahiko Sawada
Vacuum徹底解説
Vacuum徹底解説
Masahiko Sawada
PostgreSQL 12の話
PostgreSQL 12の話
Masahiko Sawada
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
Masahiko Sawada
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQL
Masahiko Sawada
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Masahiko Sawada
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説
Masahiko Sawada
Vacuum more efficient than ever
Vacuum more efficient than ever
Masahiko Sawada
Vacuumとzheap
Vacuumとzheap
Masahiko Sawada
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーション
Masahiko Sawada
Parallel Vacuum
Parallel Vacuum
Masahiko Sawada
PostgreSQLでスケールアウト
PostgreSQLでスケールアウト
Masahiko Sawada
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
Masahiko Sawada
PostgreSQL10徹底解説
PostgreSQL10徹底解説
Masahiko Sawada
FDW-based Sharding Update and Future
FDW-based Sharding Update and Future
Masahiko Sawada
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributor
Masahiko Sawada
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介
Masahiko Sawada
pg_bigmと類似度検索
pg_bigmと類似度検索
Masahiko Sawada
Mais de Masahiko Sawada
(20)
PostgreSQL 15の新機能を徹底解説
PostgreSQL 15の新機能を徹底解説
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
行ロックと「LOG: process 12345 still waiting for ShareLock on transaction 710 afte...
PostgreSQL 15 開発最新情報
PostgreSQL 15 開発最新情報
Vacuum徹底解説
Vacuum徹底解説
PostgreSQL 12の話
PostgreSQL 12の話
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
OSS活動のやりがいとそれから得たもの - PostgreSQLコミュニティにて -
Bloat and Fragmentation in PostgreSQL
Bloat and Fragmentation in PostgreSQL
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
Database Encryption and Key Management for PostgreSQL - Principles and Consid...
今秋リリース予定のPostgreSQL11を徹底解説
今秋リリース予定のPostgreSQL11を徹底解説
Vacuum more efficient than ever
Vacuum more efficient than ever
Vacuumとzheap
Vacuumとzheap
アーキテクチャから理解するPostgreSQLのレプリケーション
アーキテクチャから理解するPostgreSQLのレプリケーション
Parallel Vacuum
Parallel Vacuum
PostgreSQLでスケールアウト
PostgreSQLでスケールアウト
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
OSS 開発ってどうやっているの? ~ PostgreSQL の現場から~
PostgreSQL10徹底解説
PostgreSQL10徹底解説
FDW-based Sharding Update and Future
FDW-based Sharding Update and Future
What’s new in 9.6, by PostgreSQL contributor
What’s new in 9.6, by PostgreSQL contributor
PostgreSQL 9.6 新機能紹介
PostgreSQL 9.6 新機能紹介
pg_bigmと類似度検索
pg_bigmと類似度検索
Último
Software Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
Arshad QA
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
AmarnathKambale
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
proinshot.com
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
kalichargn70th171
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
Define the academic and professional writing..pdf
Define the academic and professional writing..pdf
PearlKirahMaeRagusta1
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
aagamshah0812
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
Fatema Valibhai
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
ThousandEyes
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
HimanshiGarg82
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
shikhaohhpro
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
Último
(20)
Software Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Define the academic and professional writing..pdf
Define the academic and professional writing..pdf
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Transparent Data Encryption in PostgreSQL and Integration with Key Management Service
1.
Copyright©2019 NTT Corp.
All Rights Reserved. ,
2.
Copyright©2019 NTT Corp.
All Rights Reserved. • Database and Threats • Data at rest Encryption • Transparent data encryption • Transparent data encryption in PostgreSQL • Key rotation • Key Management • Integration of PostgreSQL with key management system • Conclusion
3.
Copyright©2019 NTT Corp.
All Rights Reserved.
4.
Copyright©2019 NTT Corp.
All Rights Reserved. • Database servers are often the primary target of the following attacks • Privilege abuse • Database SQL injections attacks • Storage media theft • Eavesdropping attacks between client and server • etc. 44 Eavesdropping attacks 4 4
5.
Copyright©2019 NTT Corp.
All Rights Reserved. • Reason to protect database • Databases store valuable and sensitive data, some leakage also causes a high risk • Essential data protection standards and regulations for businesses • PCI DSS, GDPR, HIPPA etc. Various data protection standards and regulations require data encryption
6.
Copyright©2019 NTT Corp.
All Rights Reserved.
7.
Copyright©2019 NTT Corp.
All Rights Reserved. • Data at rest • Backup files and database cluster files stored in physical storage • Measures against threats to data at rest in PostgreSQL • Data encryption using pgcrypto or Full disk encryption However, using pgcrypto or full disk encryption does not meet some requirements Data is secure ! Data leak Threat of theft occurred Database storage Database storage User data stored encrypted User data stored non-encrypted
8.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Using pgcrypto degrades application program performance • Platform-independent • Minimize application program development cost • Secure encryption key management • Periodic key rotation
9.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Using full disk encryption depends on platforms • Minimize application program development cost • Secure encryption key management • Periodic key rotation
10.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Minimize application program development cost • Using pgcrypto requires many application program modifications • Secure encryption key management • Periodic key rotation
11.
Copyright©2019 NTT Corp.
All Rights Reserved. • Many modifications of the application program source code for areas(Tables) where encryption is required • Regression testing required after source code modification • Encryption supports increase time and labor costs =# INSERT INTO card_info ( user_name, card_number) VALUES ( ‘MOON INSUNG’, ‘1234-2345-3456-4567’ ); =# INSERT INTO card_info ( user_name, card_number) VALUES ( ‘MOON INSUNG’, encrypt (‘1234-2345-3456-4567’, 'KEY_VALUE', ‘aes-cbc’) ); SQL statement before encryption SQL statement after encryption using pgcrypto
12.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Minimize application program development cost • Secure encryption key management • pgcrypto doesn't provide secure encryption key management facilities out-of-the-box • Periodic key rotation
13.
Copyright©2019 NTT Corp.
All Rights Reserved. • If encryption key is leaked, the encrypted data at rest cannot be protected from threats of malicious access • Storing encrypted data and its key in the same place makes the data encryption meaningless
14.
Copyright©2019 NTT Corp.
All Rights Reserved. • Key management in a separate secure place for the encryption keys Database storage Encrypted data Threat of theft occurred Separate location Secure Place Data is secure
15.
Copyright©2019 NTT Corp.
All Rights Reserved. • Minimize performance degradation • Platform-independent • Minimize application program development cost • Secure encryption key management • Periodic key rotation • Reduced performance due to re-encryption when rotating keys Database storage Encrypted data Decryption current key Database storage Non- encrypted data Database storage Encrypted dataEncryption New key Performance degradation due to re-encryption and data unavailability
16.
Copyright©2019 NTT Corp.
All Rights Reserved. • Requirements related to data encryption • Minimize performance degradation • Platform-independent • Minimize application program development cost • Secure encryption key management • Periodic key rotation • Difficult to satisfy these requirements related to data encryption using pgcrypto and full disk encryption in PostgreSQL In the following slides, we describe the result of our efforts to address these challenges
17.
Copyright©2019 NTT Corp.
All Rights Reserved.
18.
Copyright©2019 NTT Corp.
All Rights Reserved. 1. Per tablespace encryption 2. Transparent encryption at a layer between PostgreSQL’s shared buffer and OS 3. 2-tier key architecture 4. WAL encryption 5. System catalogs encryption 6. Temporary files encryption - - -
19.
Copyright©2019 NTT Corp.
All Rights Reserved. • Create encryption-enabled tablespaces • Tables and indexes on the tablespace are transparently encrypted • Less modification of DDLs . =# CREATE TABLESPACE enc_tblsp LOCATION ... WITH (eyncryption_algorithm = ‘aes128’); =# CREATE TABLE card (...) TABLESPACE enc_tblsp; =# SET default_tablespace TO enc_tblsp; =# CREATE TABLE card2 (..);
20.
Copyright©2019 NTT Corp.
All Rights Reserved. • Two possible solutions for now • Using pgcrypto with views and triggers • Full disk encryption (FDE) • Our solution is that encryption and decryption are performed when writing/reading to/from disk
21.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Shared Buffer Disk postgres postgres Page Cache (Kernel) raw block data
22.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer Backend processes read pages from the shared buffers and modify them.
23.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Disk postgres postgres Page Cache (Kernel) raw block data Shared Buffer bgwriter periodically writes the dirty pages out to the kernel page cache.
24.
Copyright©2019 NTT Corp.
All Rights Reserved. / / / postgres Disk postgres postgres raw block data Shared Buffer Page Cache (Kernel) Dirty pages are flushed to the disk by the checkpointer or the kernel.
25.
Copyright©2019 NTT Corp.
All Rights Reserved. - postgres Shared Buffer Disk Pros: • Protect data even on shared buffer Cons: • Encryption and decryption are needed whenever accessing buffers on shared buffer • Different backends encrypt/decrypt the same buffer postgres postgres Page Cache (Kernel) raw data encrypted data
26.
Copyright©2019 NTT Corp.
All Rights Reserved. - . postgres Shared Buffer Disk Pros: • Less execution of encryption and decryption Cons: • Platform dependence • Cannot protect data from peeking by logged-in OS user postgres postgres Page Cache (Kernel) raw data encrypted data
27.
Copyright©2019 NTT Corp.
All Rights Reserved. 3 ) ) ) -( 2 .- .3 . 32 .- postgres Shared Buffer Disk Pros: • Relatively less execution of encryption and decryption • Prevent peeking file on disk Cons: • Possibly more encryption and decryption are performed when database size > shared buffer postgres postgres Page Cache (Kernel) raw data encrypted data
28.
Copyright©2019 NTT Corp.
All Rights Reserved. Transparence Performance impacts Protection against threats 1. Using pgcrypto OK (using views and triggers) High * Disk thefts * Memory dump * Peeking at data on disk 2. Full disk encryption OK Low * Disk thefts 3. Buffer level encryption OK Middle * Disk thefts * Peeking at data on disk
29.
Copyright©2019 NTT Corp.
All Rights Reserved. • Wrote proof-of-concept code of per tablespaces TDE • Tablespace encryption • Transparent encryption • 2-tier key architecutre • Key rotation • Features the PoC code doesn’t support (for now): • WAL encryption • System catalog encryption • Temporary files encryption
30.
Copyright©2019 NTT Corp.
All Rights Reserved. • PostgreSQL 11.1 • Vanilla PostgreSQL • PostgreSQL with TDE PoC code • PostgreSQL with pgcrypto • 32GB RAM, 500GB HDD • 6GB shared buffers • Data sets • 5GB (< shared_buffers) • 15GB (> shared_buffers) • Observations • TPS • Response times • Duration: 5min
31.
Copyright©2019 NTT Corp.
All Rights Reserved. Latency (90%tile): vanilla: 1.98 ms, TDE: 2.01 ms, pgcrypto: 2.28 ms 6000 6500 7000 7500 8000 8500 20 40 60 80 100 120 140 160 180 200 220 240 260 280 300 TPS Duraiton(sec) TPS comparison (R:100,W:3) vanilla tde pgcrypto 8000 8500 9000 9500 10000 10500 11000 10 30 50 70 90 110 130 150 170 190 210 230 250 270 TPS Duration (sec) TPS comparison (R:100) vanilla tde pgcrypto Latency (90%tile): vanilla: 2.32 ms, TDE: 2.45 ms, pgcrypto: 2.66 ms DB size < shared buffers DB size > shared buffers
32.
Copyright©2019 NTT Corp.
All Rights Reserved. • Master Key and Data Encryption Key • The master key is separated from encrypted data • Stored outside of the database • The data encryption keys are managed by database • Faster key rotation ENCRYPTED DATA Master Key Data Encryption Key Encrypt/Decrypt Encrypt/ Decrypt plain
33.
Copyright©2019 NTT Corp.
All Rights Reserved. • Master Key and Data Encryption Key • The master key is separated from encrypted data • Stored outside of the database • The data encryption keys are managed by database • Faster key rotation ENCRYPTED DATA Master Key Data Encryption Key Encrypt/Decrypt Encrypt/ Decrypt encry pted plain New Master Key Encrypt/Decrypt
34.
Copyright©2019 NTT Corp.
All Rights Reserved. • Key rotation always requires re-encrypting data • The 2-tier key architecture requires only key rotation of data encryption keys • 16, 24, 32 bytes key for AES-128, AES-192, AES-256 • One symmetric key per tablespaces
35.
Copyright©2019 NTT Corp.
All Rights Reserved. • WAL is also the sensitive data • WAL of encrypted relations is encrypted when inserting to the WAL buffer
36.
Copyright©2019 NTT Corp.
All Rights Reserved. • Two system catalogs could have user sensitive data • pg_statistics • pg_statistics_ext . =# SELECT tablename, attname, histogram_bounds FROM pg_stats WHERE tablename = 'card'; -[ RECORD 1 ]----+----------------------------------------------- tablename | card attname | card_number histogram_bounds | {1102-6674-6045-5459,1606-6441-9374-1335,2507- 2573-1560-9962,3323-3000-4260-1336,4319-9183-6377-7031,6035-9617- 5940-2060,6682-5210-8901-2679,7304-3837-8200-8185,8391-3583-3888- 1725,9091-3895-2466-7845,9970-5910-3522-1423}
37.
Copyright©2019 NTT Corp.
All Rights Reserved. • Temporary files are written bypassing the shared buffers • base/pgsql_tmp/ • pg_replslots/ . postgres Shared Buffer Disk temp files
38.
Copyright©2019 NTT Corp.
All Rights Reserved. • Per tablespace, buffer-level transparent encryption • 2-tier key architecture • Encrypt WAL, system catalogs and temporary files • SRLU buffer and fork relations are not encrypted • Pros • Less DDL modification • Less performance impact • Fast key rotation • Cons • Cannot set per users • Cannot prevent attack by malicious super user
39.
Copyright©2019 NTT Corp.
All Rights Reserved.
40.
Copyright©2019 NTT Corp.
All Rights Reserved. • Services or systems that are dedicated to robustly manage keys • Usually support some kinds of protocols • KMIP • PKCS#11 • SafeNet KeySecure, Amazon KMS, Oracle KeyVault etc ( )( ( (
41.
Copyright©2019 NTT Corp.
All Rights Reserved. • Robust key management • User don’t need to worry about key life cycles ENCRYPTED DATA Master Key Data Encryption Keys Get the master key and decrypt/decrypt Encrypt/Decrypt Key Management System PostgreSQL Register the master key Remove an old master key
42.
Copyright©2019 NTT Corp.
All Rights Reserved. • KMSs support different interfaces and protocols • KMIP, PKCS#11, etc. • Our solution • Pluggable architecture to communicate with various KMSs • Add generic key management APIs • get key, register key, remove key etc.
43.
Copyright©2019 NTT Corp.
All Rights Reserved. • Encryption key is also important • Integration with KMS frees user from key management • Adding generic key management APIs enable us to communicate with various key management systems
44.
Copyright©2019 NTT Corp.
All Rights Reserved. • Per tablespace, buffer-level transparent data at rest encryption • Less performance overhead • Encrypt WAL, system catalogs and temporary files as well • 2-tier key architecture • Fast key rotation • Integration with KMSs • More flexible and robust key management
45.
Copyright©2019 NTT Corp.
All Rights Reserved. 1. Basic components of transparent data encryption • Per tablespace encryption* • 2-tier key architecture* • Key rotation* • System catalog encryption • Temporary file encryption • Fetching the master key by arbitrary commands* 2. WAL encryption 3. Integration with KMSs • Pluggable • Registering key, removing key ... PoC codes has *-marked features
46.
Copyright©2019 NTT Corp.
All Rights Reserved. !
Baixar agora