Building Web Applications on Top of Encrypted Data Using Mylar
Raluca Ada Popa, Emily Stark, Jonas Helfer, Steven Valdez, Nickolai Zeldovich, M. Frans Kaashoek, and Hari Balakrishnan
Using a Web application for confidential data requires the user to trust the server to protect the data from unauthorized disclosures. This trust is often misplaced, however, because there are many ways in which confidential data could leak from a server. For example, attackers could exploit a vulnerability in the server software to break in, a curious administrator could peek at the data on the server, or the server operator may be compelled to disclose data by law. How can one build Web applications that protect data confidentiality against attackers with full access to servers?