Re: [infinispan-dev] Proposal - encrypted cache

If you ask Clement, it was quite a challenge to run one of the small JVM variant within the enclave. We would need a specific support at the VM level to do some piece of code within the enclave while others are not. On Thu 18-07-05 10:51, Sebastian Laskawiec wrote: >Just stumbled upon:

Re: [infinispan-dev] Proposal - encrypted cache

Just stumbled upon: https://blog.acolyer.org/2018/07/05/enclavedb-a-secure-database-using-sgx/ Perhaps using enclaves could be a way to secure in-memory data (especially having in mind that we can use off-heap). Adding mandatory TLS + Authentication would make Infinispan very secure. On Tue, Nov

Re: [infinispan-dev] Proposal - encrypted cache

With your explanation I think I get it now... So from my point of view, I would assume that we *can't* trust the servers. But with TLS we *can* trust the communication channel. Does this makes sense now? On Mon, Nov 28, 2016 at 4:07 PM, Sanne Grinovero wrote: > On 28

Re: [infinispan-dev] Proposal - encrypted cache

Hey Sanne! Comments inlined. Thanks Sebastian On Fri, Nov 25, 2016 at 2:55 PM, Sanne Grinovero wrote: > Hi Sebastian, > you're opening a very complex (but interesting!) topic. > > As the paper you linked to also reminds, it's extremely hard to > implement such a thing

Re: [infinispan-dev] Proposal - encrypted cache

Hi Sebastian, you're opening a very complex (but interesting!) topic. As the paper you linked to also reminds, it's extremely hard to implement such a thing without "giving away" lots of useful metadata to a potential attacker. It's an interesting paper as they propose a technique to maintain

[infinispan-dev] Proposal - encrypted cache

Hey! A while ago I stumbled upon [1]. The article talks about encrypting data before they reach the server, so that the server doesn't know how to decrypt it. This makes the data more secure. The idea is definitely not new and I have been asked about something similar several times during local