1. Field of the Invention
The present invention relates to data storage systems. More specifically, the present invention relates to a method and apparatus for performing selective encryption/decryption in a data storage system.
2. Related Art
Users typically desire to obtain both performance and security from a data storage system. However, securing data stored in a data storage system often results in decreased performance. For example, one common method of securing data stored in a data storage system is to encrypt the data. Subsequently, each time a user or an application requires access to the data, the data storage system must decrypt the data. If this decryption occurs infrequently, the decrease in performance may be tolerable. However, if the user requires access to a significant amount of data, or repeated access to the same data, the reduction in performance can be significant.
One technique for encrypting data in a data storage system is to encrypt data at the column level, which is referred to as “column-level encryption.” However, if a user encrypts a large number of columns, column-level encryption can become tedious and time-consuming. Furthermore, known encryption schemes, such as column-level encryption, lack the ability to protect dependent data structures, such as auxiliary sort/join memory chunks.
Hence, what is needed is a system for securing data in a data storage system without the problems listed above.