English

BigFoot: Exploiting and Mitigating Leakage in Encrypted Write-Ahead Logs

Cryptography and Security 2021-11-30 v2

Abstract

Modern databases and data-warehousing systems separate query processing and durable storage. Storage systems have idiosyncratic bugs and security vulnerabilities, thus attacks that compromise only storage are a realistic threat. In this paper, we show that encryption alone is not sufficient to protect databases from compromised storage. Using MongoDB WiredTiger as a concrete example, we demonstrate that sizes of encrypted writes to a durable write-ahead log can reveal sensitive information about the inputs and activities of MongoDB applications. We then design, implement, and evaluate BigFoot, a WAL modification that mitigates size leakage.

Cite

@article{arxiv.2111.09374,
  title  = {BigFoot: Exploiting and Mitigating Leakage in Encrypted Write-Ahead Logs},
  author = {Jialing Pei and Vitaly Shmatikov},
  journal= {arXiv preprint arXiv:2111.09374},
  year   = {2021}
}

Comments

8 pages

R2 v1 2026-06-24T07:42:44.155Z