Salvato in:
Dettagli Bibliografici
Autori principali: Kumar, Sam, Yagati, Samyukta, Power, Conor, Culler, David E., Popa, Raluca Ada
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2509.08740
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866916945058594816
author Kumar, Sam
Yagati, Samyukta
Power, Conor
Culler, David E.
Popa, Raluca Ada
author_facet Kumar, Sam
Yagati, Samyukta
Power, Conor
Culler, David E.
Popa, Raluca Ada
contents Organizations use data lakes to store and analyze sensitive data. But hackers may compromise data lake storage to bypass access controls and access sensitive data. To address this, we propose Membrane, a system that (1) cryptographically enforces data-dependent access control views over a data lake, (2) without restricting the analytical queries data scientists can run. We observe that data lakes, unlike DBMSes, disaggregate computation and storage into separate trust domains, making at-rest encryption sufficient to defend against remote attackers targeting data lake storage, even when running analytical queries in plaintext. This leads to a new system design for Membrane that combines encryption at rest with SQL-aware encryption. Using block ciphers, a fast symmetric-key primitive with hardware acceleration in CPUs, we develop a new SQL-aware encryption protocol well-suited to at-rest encryption. Membrane adds overhead only at the start of an interactive session due to decrypting views, delaying the first query result by up to $\approx 20\times$; subsequent queries process decrypted data in plaintext, resulting in low amortized overhead.
format Preprint
id arxiv_https___arxiv_org_abs_2509_08740
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Membrane: A Cryptographic Access Control System for Data Lakes
Kumar, Sam
Yagati, Samyukta
Power, Conor
Culler, David E.
Popa, Raluca Ada
Cryptography and Security
Databases
Organizations use data lakes to store and analyze sensitive data. But hackers may compromise data lake storage to bypass access controls and access sensitive data. To address this, we propose Membrane, a system that (1) cryptographically enforces data-dependent access control views over a data lake, (2) without restricting the analytical queries data scientists can run. We observe that data lakes, unlike DBMSes, disaggregate computation and storage into separate trust domains, making at-rest encryption sufficient to defend against remote attackers targeting data lake storage, even when running analytical queries in plaintext. This leads to a new system design for Membrane that combines encryption at rest with SQL-aware encryption. Using block ciphers, a fast symmetric-key primitive with hardware acceleration in CPUs, we develop a new SQL-aware encryption protocol well-suited to at-rest encryption. Membrane adds overhead only at the start of an interactive session due to decrypting views, delaying the first query result by up to $\approx 20\times$; subsequent queries process decrypted data in plaintext, resulting in low amortized overhead.
title Membrane: A Cryptographic Access Control System for Data Lakes
topic Cryptography and Security
Databases
url https://arxiv.org/abs/2509.08740