SQLite, one of the most popular light-weighted database system, has been widely used in various systems. However, the compact design of SQLite did not make enough consideration on user data security. Specifically, anyone who has obtained the access to the database file will be able to read or tamper the data. Existing encryption-based solutions can only protect data on storage, while still exposing data when in computation. In this article, we combine the Trusted Execution Environment (TEE) technology and the authenticated encryption scheme, proposed and developed the CryptSQLite, a high security SQLite database system, which protects both the confidentiality and integrity of users’ data. Our security analysis proves that CryptSQLite can protect data confidentiality and integrity. Our implementation and experiments indicate that CryptSQLite incurs an average of 21 percent of extra time for SQL statement executions, compared with traditional encryption-based solutions that failed to offer rigorous security guarantees.

中文翻译：

---

CryptSQLite：具有高数据安全性的 SQLite

SQLite 作为最流行的轻量级数据库系统之一，已被广泛应用于各种系统中。然而，SQLite 紧凑的设计并没有对用户数据的安全性做出足够的考虑。具体来说，任何获得数据库文件访问权限的人都可以读取或篡改数据。现有的基于加密的解决方案只能保护存储上的数据，同时在计算时仍然暴露数据。在本文中，我们结合可信执行环境（TEE）技术和认证加密方案，提出并开发了 CryptSQLite，一个高安全性的 SQLite 数据库系统，它保护了用户数据的机密性和完整性。我们的安全分析证明 CryptSQLite 可以保护数据的机密性和完整性。