{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T11:37:58Z","timestamp":1778153878748,"version":"3.51.4"},"reference-count":66,"publisher":"Association for Computing Machinery (ACM)","issue":"12","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. VLDB Endow."],"published-print":{"date-parts":[[2022,8]]},"abstract":"\n The past decade has witnessed the rapid development of cloud computing and data-centric applications. While these innovations offer numerous attractive features for data processing, they also bring in new issues about the loss of data ownership. Though some encrypted databases have emerged recently, they can not fully address these concerns for the data owner. In this paper, we propose an\n ownership-preserving database<\/jats:italic>\n (OPDB), a new paradigm that characterizes different roles' responsibilities from nowadays applications and preserves data ownership throughout the entire application. We build\n Operon<\/jats:italic>\n to follow the OPDB paradigm, which utilizes the trusted execution environment (TEE) and introduces a behavior control list (BCL). Different from access controls that merely handle accessibility permissions, BCL further makes data operation behaviors under control. Besides, we make\n Operon<\/jats:italic>\n practical for real-world applications, by extending database capabilities towards flexibility, functionality and ease of use.\n Operon<\/jats:italic>\n is the first database framework with which the data owner exclusively controls its data across different roles' subsystems. We have successfully integrated\n Operon<\/jats:italic>\n with different TEEs,\n i.e.<\/jats:italic>\n , Intel SGX and an FPGA-based implementation, and various database services on Alibaba Cloud,\n i.e.<\/jats:italic>\n , PolarDB and RDS PostgreSQL. The evaluation shows that\n Operon<\/jats:italic>\n achieves 71% - 97% of the performance of plaintext databases under the TPC-C benchmark while preserving the data ownership.\n <\/jats:p>","DOI":"10.14778\/3554821.3554826","type":"journal-article","created":{"date-parts":[[2022,9,29]],"date-time":"2022-09-29T22:28:39Z","timestamp":1664490519000},"page":"3332-3345","source":"Crossref","is-referenced-by-count":32,"title":["Operon"],"prefix":"10.14778","volume":"15","author":[{"given":"Sheng","family":"Wang","sequence":"first","affiliation":[{"name":"Alibaba Group"}]},{"given":"Yiran","family":"Li","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Huorong","family":"Li","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Feifei","family":"Li","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Chengjin","family":"Tian","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Le","family":"Su","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Yanshan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Yubing","family":"Ma","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Lie","family":"Yan","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Yuanyuan","family":"Sun","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Xuntao","family":"Cheng","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Xiaolong","family":"Xie","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]},{"given":"Yu","family":"Zou","sequence":"additional","affiliation":[{"name":"Alibaba Group"}]}],"member":"320","published-online":{"date-parts":[[2022,9,29]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2008.4497466"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3318464.3386141"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3299869.3314047"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2015.7113304"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338498.3358642"},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 17th USENIX Conference on File and Storage Technologies","author":"Bailleu Maurice","year":"2019","unstructured":"Maurice Bailleu , J\u00f6rg Thalheim , Pramod Bhatotia , Christof Fetzer , Michio Honda , and Kapil Vaswani . 2019 . Speicher: Securing LSM-Based Key-Value Stores Using Shielded Execution . In Proceedings of the 17th USENIX Conference on File and Storage Technologies ( Boston, MA, USA) (FAST '19). USENIX Association, USA, 173--190. Maurice Bailleu, J\u00f6rg Thalheim, Pramod Bhatotia, Christof Fetzer, Michio Honda, and Kapil Vaswani. 2019. Speicher: Securing LSM-Based Key-Value Stores Using Shielded Execution. In Proceedings of the 17th USENIX Conference on File and Storage Technologies (Boston, MA, USA) (FAST '19). USENIX Association, USA, 173--190."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1989323.1989346"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3267323.3268954"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI '21)","author":"Burkhalter Lukas","year":"2021","unstructured":"Lukas Burkhalter , Nicolas K\u00fcchler , Alexander Viand , Hossein Shafagh , and Anwar Hithnawi . 2021 . Zeph: Cryptographic enforcement of end-to-end data privacy . In Proceedings of the 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI '21) . USENIX Association, USA, 387--404. Lukas Burkhalter, Nicolas K\u00fcchler, Alexander Viand, Hossein Shafagh, and Anwar Hithnawi. 2021. Zeph: Cryptographic enforcement of end-to-end data privacy. In Proceedings of the 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI '21). USENIX Association, USA, 387--404."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448016.3457560"},{"key":"e_1_2_1_12_1","volume-title":"Annual cryptology conference","author":"Cash David","unstructured":"David Cash , Stanislaw Jarecki , Charanjit Jutla , Hugo Krawczyk , Marcel-C\u0103t\u0103lin Ro\u015fu , and Michael Steiner . 2013. Highly-scalable searchable symmetric encryption with support for boolean queries . In Annual cryptology conference . Springer , 353--373. David Cash, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-C\u0103t\u0103lin Ro\u015fu, and Michael Steiner. 2013. Highly-scalable searchable symmetric encryption with support for boolean queries. In Annual cryptology conference. Springer, 353--373."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-52993-5_24"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/52324.52336"},{"key":"e_1_2_1_15_1","volume-title":"Alibaba Cloud DataTrust Service. Retrieved","author":"Cloud Alibaba","year":"2022","unstructured":"Alibaba Cloud . 2022. Alibaba Cloud DataTrust Service. Retrieved March 1, 2022 from https:\/\/dp.alibaba.com\/product\/datatrust Alibaba Cloud. 2022. Alibaba Cloud DataTrust Service. Retrieved March 1, 2022 from https:\/\/dp.alibaba.com\/product\/datatrust"},{"key":"e_1_2_1_16_1","volume-title":"Alibba Cloud ApsaraDB RDS for PostgreSQL with Operon. Retrieved","author":"Cloud Alibaba","year":"2022","unstructured":"Alibaba Cloud . 2022. Alibba Cloud ApsaraDB RDS for PostgreSQL with Operon. Retrieved March 1, 2022 from https:\/\/help.aliyun.com\/document_detail\/144156.html Alibaba Cloud. 2022. Alibba Cloud ApsaraDB RDS for PostgreSQL with Operon. Retrieved March 1, 2022 from https:\/\/help.aliyun.com\/document_detail\/144156.html"},{"key":"e_1_2_1_17_1","unstructured":"Microsoft Corporation. 2022. Row-Level Security. Retrieved March 1 2022 from https:\/\/docs.microsoft.com\/en-us\/sql\/relational-databases\/security\/row-level-security Microsoft Corporation. 2022. Row-Level Security. Retrieved March 1 2022 from https:\/\/docs.microsoft.com\/en-us\/sql\/relational-databases\/security\/row-level-security"},{"key":"e_1_2_1_18_1","volume-title":"MySQL Reference Manual 12.3 Type Conversion in Expression Evaluation. Retrieved","author":"Oracle Corporation","year":"2022","unstructured":"Oracle Corporation . 2022. MySQL Reference Manual 12.3 Type Conversion in Expression Evaluation. Retrieved March 1, 2022 from https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/type-conversion.html Oracle Corporation. 2022. MySQL Reference Manual 12.3 Type Conversion in Expression Evaluation. Retrieved March 1, 2022 from https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/type-conversion.html"},{"key":"e_1_2_1_19_1","volume-title":"Virtual Private Database. Retrieved","author":"Oracle Corporation","year":"2022","unstructured":"Oracle Corporation . 2022. Virtual Private Database. Retrieved March 1, 2022 from https:\/\/www.oracle.com\/database\/technologies\/virtual-private-db.html Oracle Corporation. 2022. Virtual Private Database. Retrieved March 1, 2022 from https:\/\/www.oracle.com\/database\/technologies\/virtual-private-db.html"},{"key":"e_1_2_1_20_1","first-page":"1","article-title":"Intel sgx explained","volume":"2016","author":"Costan Victor","year":"2016","unstructured":"Victor Costan and Srinivas Devadas . 2016 . Intel sgx explained . IACR Cryptol. ePrint Arch. 2016 , 86 (2016), 1 -- 118 . Victor Costan and Srinivas Devadas. 2016. Intel sgx explained. IACR Cryptol. ePrint Arch. 2016, 86 (2016), 1--118.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_2_1_21_1","unstructured":"Transaction Processing Performance Council. 2010. TPC Benchmark C. Retrieved March 1 2022 from http:\/\/www.tpc.org\/tpcc Transaction Processing Performance Council. 2010. TPC Benchmark C. Retrieved March 1 2022 from http:\/\/www.tpc.org\/tpcc"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2882903.2903741"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14778\/2732240.2732246"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3322205.3311076"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.FIPS.197"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.955100"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.14778\/3364324.3364331"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00054"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1536414.1536440"},{"key":"e_1_2_1_30_1","volume-title":"EdgelessDB Official Website. Retrieved","author":"Edgeless Systems","year":"2022","unstructured":"Edgeless Systems GmbH. 2022. EdgelessDB Official Website. Retrieved March 1, 2022 from https:\/\/www.edgeless.systems\/products\/edgelessdb Edgeless Systems GmbH. 2022. EdgelessDB Official Website. Retrieved March 1, 2022 from https:\/\/www.edgeless.systems\/products\/edgelessdb"},{"key":"e_1_2_1_31_1","volume-title":"PostgreSQL Documentation","author":"The PostgreSQL Global Development Group","year":"2022","unstructured":"The PostgreSQL Global Development Group . 2022. PostgreSQL Documentation Chapter 10 Type Conversion. Retrieved March 1, 2022 from https:\/\/www.postgresql.org\/docs\/current\/typeconv.html The PostgreSQL Global Development Group. 2022. PostgreSQL Documentation Chapter 10 Type Conversion. Retrieved March 1, 2022 from https:\/\/www.postgresql.org\/docs\/current\/typeconv.html"},{"key":"e_1_2_1_32_1","volume-title":"PostgreSQL Official Website. Retrieved","author":"The PostgreSQL Global Development Group","year":"2022","unstructured":"The PostgreSQL Global Development Group . 2022. PostgreSQL Official Website. Retrieved March 1, 2022 from https:\/\/www.postgresql.org The PostgreSQL Global Development Group. 2022. PostgreSQL Official Website. Retrieved March 1, 2022 from https:\/\/www.postgresql.org"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/564691.564717"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2002.994695"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1506409.1506429"},{"key":"e_1_2_1_36_1","volume-title":"AWS KMS key hierarchy. Retrieved","author":"Amazon Web Services Inc. 2022.","year":"2022","unstructured":"Amazon Web Services Inc. 2022. AWS KMS key hierarchy. Retrieved March 1, 2022 from https:\/\/docs.aws.amazon.com\/kms\/latest\/cryptographic-details\/key-hierarchy.html Amazon Web Services Inc. 2022. AWS KMS key hierarchy. Retrieved March 1, 2022 from https:\/\/docs.aws.amazon.com\/kms\/latest\/cryptographic-details\/key-hierarchy.html"},{"key":"e_1_2_1_37_1","unstructured":"Advanced Micro Devices Incorporated. 2005. Secure Virtual Machine Architecture Reference Manual. Advanced Micro Devices Incorporated. 2005. Secure Virtual Machine Architecture Reference Manual."},{"key":"e_1_2_1_38_1","volume-title":"Cryptographers' Track at the RSA Conference","author":"Ishai Yuval","unstructured":"Yuval Ishai , Eyal Kushilevitz , Steve Lu , and Rafail Ostrovsky . 2016. Private large-scale databases with distributed searchable symmetric encryption . In Cryptographers' Track at the RSA Conference . Springer , 90--107. Yuval Ishai, Eyal Kushilevitz, Steve Lu, and Rafail Ostrovsky. 2016. Private large-scale databases with distributed searchable symmetric encryption. In Cryptographers' Track at the RSA Conference. Springer, 90--107."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303951"},{"key":"e_1_2_1_40_1","unstructured":"Alexey Kopytov. 2022. SysBench. Retrieved March 1 2022 from https:\/\/github.com\/akopytov\/sysbench Alexey Kopytov. 2022. SysBench. Retrieved March 1 2022 from https:\/\/github.com\/akopytov\/sysbench"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387532"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.14778\/3352063.3352141"},{"key":"e_1_2_1_43_1","unstructured":"Arm Limited. 2022. TrustZone. Retrieved March 1 2022 from https:\/\/www.arm.com\/technologies\/trustzone-for-cortex-a Arm Limited. 2022. TrustZone. Retrieved March 1 2022 from https:\/\/www.arm.com\/technologies\/trustzone-for-cortex-a"},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the 26th USENIX Conference on Security Symposium","author":"Matetic Sinisa","year":"2017","unstructured":"Sinisa Matetic , Mansoor Ahmed , Kari Kostiainen , Aritra Dhar , David Sommer , Arthur Gervais , Ari Juels , and Srdjan Capkun . 2017 . ROTE: Rollback Protection for Trusted Execution . In Proceedings of the 26th USENIX Conference on Security Symposium ( Vancouver, BC, Canada) (SEC '17). USENIX Association, USA, 1289--1306. Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE: Rollback Protection for Trusted Execution. In Proceedings of the 26th USENIX Conference on Security Symposium (Vancouver, BC, Canada) (SEC '17). USENIX Association, USA, 1289--1306."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.14778\/3415478.3415546"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487726.2488368"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00045"},{"key":"e_1_2_1_48_1","volume-title":"Pegah Nikbakht Bideh, and Joakim Brorsson","author":"Nilsson Alexander","year":"2020","unstructured":"Alexander Nilsson , Pegah Nikbakht Bideh, and Joakim Brorsson . 2020 . A survey of published attacks on Intel SGX. arXiv preprint arXiv:2006.13598 (2020). Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. 2020. A survey of published attacks on Intel SGX. arXiv preprint arXiv:2006.13598 (2020)."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/1756123.1756146"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.30"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.14778\/3342263.3342641"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043566"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00025"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.14778\/3389133.3389144"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2000.848445"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDT.2007.179"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.14778\/3447689.3447705"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.14778\/2535573.2488336"},{"key":"e_1_2_1_59_1","first-page":"1","article-title":"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation)","volume":"59","author":"Union European","year":"2016","unstructured":"European Union . 2016 . Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation) . Official Journal of the Europeran Union 59 (2016), 1 -- 88 . European Union. 2016. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). Official Journal of the Europeran Union 59 (2016), 1--88.","journal-title":"Official Journal of the Europeran Union"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00064"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3035918.3056101"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0052"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.5555\/2595846.2595847"},{"key":"e_1_2_1_64_1","volume-title":"11th Conference on Innovative Data Systems Research (CIDR '21)","author":"Zhao Zheguang","year":"2021","unstructured":"Zheguang Zhao , Seny Kamara , Tarik Moataz , and Stan Zdonik . 2021 . Encrypted Databases: From Theory to Systems . In 11th Conference on Innovative Data Systems Research (CIDR '21) . Zheguang Zhao, Seny Kamara, Tarik Moataz, and Stan Zdonik. 2021. Encrypted Databases: From Theory to Systems. In 11th Conference on Innovative Data Systems Research (CIDR '21)."},{"key":"e_1_2_1_65_1","volume-title":"Proceedings of the 14th USENIX Conference on Networked Systems Design and Implementation","author":"Zheng Wenting","year":"2017","unstructured":"Wenting Zheng , Ankur Dave , Jethro G. Beekman , Raluca Ada Popa , Joseph E. Gonzalez , and Ion Stoica . 2017 . Opaque: An Oblivious and Encrypted Distributed Analytics Platform . In Proceedings of the 14th USENIX Conference on Networked Systems Design and Implementation ( Boston, MA, USA) (NSDI '17). USENIX Association, USA, 283--298. Wenting Zheng, Ankur Dave, Jethro G. Beekman, Raluca Ada Popa, Joseph E. Gonzalez, and Ion Stoica. 2017. Opaque: An Oblivious and Encrypted Distributed Analytics Platform. In Proceedings of the 14th USENIX Conference on Networked Systems Design and Implementation (Boston, MA, USA) (NSDI '17). USENIX Association, USA, 283--298."},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448016.3457559"}],"container-title":["Proceedings of the VLDB Endowment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.14778\/3554821.3554826","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,28]],"date-time":"2022-12-28T11:22:41Z","timestamp":1672226561000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.14778\/3554821.3554826"}},"subtitle":["an encrypted database for ownership-preserving data management"],"short-title":[],"issued":{"date-parts":[[2022,8]]},"references-count":66,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2022,8]]}},"alternative-id":["10.14778\/3554821.3554826"],"URL":"https:\/\/doi.org\/10.14778\/3554821.3554826","relation":{},"ISSN":["2150-8097"],"issn-type":[{"value":"2150-8097","type":"print"}],"subject":[],"published":{"date-parts":[[2022,8]]}}}