Cloud computing and, in particular, cloud databases are useful tools providing flexibility for enterprise’s IT infrastructure. But usage of such technology may lead to privacy issues because users have to entrust to cloud services. In this paper we propose a solution for secured cloud database without significant limitations. Our approach is based on usage of following functional elements: SQL-queries and response processors, cryptographic metadata storage and variety of encryption algorithms. Usage of different encryptions like order-preserving and homomorphic allows performing resource-intensive computations on cloud server on encrypted data. SQL-queries processor transforms user’s queries into a secured form, analyzing query and encrypting vulnerable data. Response processor decrypts a secured data in database’s response and converts it to a suitable for user form. Cryptographic metadata storage provides access to encryption keys. Architecture with detailed description of components and theirs interaction’s principles will be presented. Our approach has been validated by an implementation of a prototype and its integration with WordPress Content Management System.

Cloud Security Alliance. Top Threats to Cloud Computing V1.0 Cloud Security Alliance 2010.

Cloud Security Alliance. The Notorious Nine. Cloud Computing Top Threats in 2013. Available from: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

William R Claycomb, Alex Nicoll: Insider Threats to Cloud Computing: Directions for New Research Challenges CERT 2012.

Privacy Rights Clearinghouse. Chronology of data breaches. Available from: https://www.privacyrights.org/data-breach

A. J. Feldman, W. P. Zeller, M. J. Freedman, and E. W. Felten. SPORC: Group collaboration using untrusted cloud resources. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation, Vancouver, Canada, October 2010.

P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin and M. Walfish. Depot: Cloud storage with minimal trust. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation, Vancouver, Canada, October 2010.

R. A.Popa, C.M.S.Redeld, N.Zeldovich, and H.Balakrishnan: CryptDB: Protecting Condentiality with Encrypted Query Processing proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, 2011.

L. Xiao, O. Bastani, I-Ling Yen: Security Analisys for Order Preserving Encryption Schemes, January, 10, 2012.

R. Steinwandt, W. Geiselmann, and R. Endsuleit, “Attacking a polynomial-based cryptosystem: Polly Cracker,” International Journal of Information Security, vol. 1, no. 3, pp. 143–148, 2002.

Shatilov K., Boiko V., Krendelev S., Anisutina D., Sumaneev A. «Solution for Secure Private Data Storage in a Cloud» // Proceedings of the 2014 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 2, pages 885–889 (2014).

Egorova V., Chechulina D., &Krendelev S. F. (2013) New View on Block Encryption (Unpublished) Available: https://db.tt/vnE9wfgj