Encrypted databases provide data protection (security) in cloud platforms and/or database-as-a-service settings. In encrypted databases, data (cleartext) can be encrypted at the client to provide encrypted data (ciphertext), which can be provided to the database for storage. In some examples, a third-party provides the database for interaction with one or more applications, although the stored data is encrypted. That is, the database is outsourced to the third-party.
Outsourcing a database offers efficient resource management and low maintenance costs for clients, but exposes outsourced data (client data) to a service provider (the third-party providing the database and its agents). To ensure data confidentiality, data owners seek to prevent unauthorized access, while data is stored or processed. Storing data on an untrusted database requires protection measures against, for example, curious personnel working for the service provider or outside attackers exploiting software vulnerabilities on the database server. In addition, data owners also seek to control data access for their own personnel.