Secure Portable Data Server 25/06/2012 Alexei Troussov SMIS team INRIA Rocquencourt
Agenda SMIS team (Secure & Mobile Information Systems) Areas of research interests Past projects and results Recent work Forthcoming challenges
SMIS Research areas Server Mobility Embedded database engine in SoC Hardware data storage security Tamper-resistance of data Software data storage security Privacy-centered design architecture Flexible access control scenarios
SMIS Projects & Achivements Past : PlugDB, GhostDB etc General design of embedded DB engine (8Kb RAM, 20Mhz CPU) First results related to NAND flash storage CG78 : Dossier Medico-Social Partagé (DMSP) Real-world experimentation with private companies and CG78 Modular architecture of DB engine with unit tests Considerable improvements of DB indexes (SIGMOD, VLDB) KISS & ICI-SMDH Extending DB engine with more features (geo-spatial data etc) Prepare hardware platform for future prototyping and benchmarks
Before we go on About NAND flash
Recent work DMSP (background) Very compact data server (Secure Portable Token) Strictly personal Can share information with approved peers via automatic synchronization Runs Medico-Social web application Experimentation with real patients has started last year
Recent work DMSP (application) SPTpat: Database, Web Server, Web Application SPTpro: Web Server, Web Application, CPS card reader Central Server: Apache+mod_jk+Tomcat (classic & boring) SPTpat SPTpro Central Server (SC) CPS
Recent work DMSP Unified test infrastructure for the whole application All modules of application were ported on PC Cryptography & certificate management Application servlets Configure routing proxies to capture network exchange traffic for analysis and debugging Automatic non-regression tests
Recent work DB engine (1) (1) Permanent refactoring (2) Re-implemented low-level storage module All storage-related code is now in one place Storage API is now much more flexible Some new data types can be added easily (BLOB added) Better performance (less overhead on address calculations, better caching mechanisms, improved buffers) And all this is now transactional and fault-tolerant DB engine code has been remarkably simplified Porting to another hardware platform will be easier
Recent work DB engine (2) (3) Several new types of indexes were implemented (research work) Full scan => Summary Scan, Summary & Hybrid Skip (4) Improved SQL query compilation engine Added new data types BLOB, VARCHAR, DATETIME NUMERIC now supports fractions DB schema can be now described in SQL DDL completely Fine-tuning query execution plans with hints Some SQL extensions are currently being added Geo-spatial data types Custom functions
Current & future challenges (1) Preparing for future hardware platform Slightly faster CPU, more RAM, no NOR flash External NAND flash (high capacity, but with FTL) Once board drivers and its emulator on PC are ready => migrate DB engine on it
Current & future challenges (2) Implement new design of DB engine: Stratification Clustered database for read-only access Sequential buffers for NAND NOR is a bottleneck now Adaptive indexes Use best indexing strategy depending on data usage Integrate various research results minimal exposure etc
Current & future challenges (3) Today we: Implemented microcontroller board drivers for Ethernet, Crypto CPU, SD card, LCD + touch screen, External RAM or NOR Configured development environment & debug tools for the new chip Have working prototype of embedded web server with hardware SSL
Questions