en.Wedoany.com Reported - Researchers at the Technical University of Munich and the University of Lisbon have developed a middleware system named GDPRuler that sits between applications and unmodified key-value databases to enforce privacy rules, addressing the structural weakness of cloud databases lacking verification mechanisms when handling requests to delete personal data.

GDPRuler runs its execution logic inside a Confidential Virtual Machine, a hardware-isolated environment supported by AMD SEV-SNP, Intel TDX, and ARM CCA that prevents cloud providers and other privileged software from reading system memory or tampering with its decisions. Remote attestation allows external parties to verify the deployment's authenticity and the expected operational state of the code before data exchange.

The system intercepts every database operation. It attaches compliance metadata to each key-value pair, recording the data owner, permitted purposes, sharing permissions, retention periods, and prohibited uses. When a data processor requests a record, the monitor checks the processor's declared purpose against the owner's storage policies and objections. Purposes objected to by the owner are rejected and logged.

Audit trails are specifically constructed for verification. Each compliance-related operation generates a log entry. Entries are batched and encrypted, protected by a message authentication code and a counter stored inside the Confidential Virtual Machine. During auditing, a regulator with a registered key retrieves the logs, and the system checks the integrity code and counter sequence. Any missing entries or value changes indicate tampering or rollback attempts. The research team verified the attestation and logging protocols under the Dolev-Yao attacker model using the Tamarin Prover. The analysis confirmed that the verified logs contain all expected entries and only genuine entries.

GDPRuler includes a policy language that compiles GDPR obligations into runtime checks. Data owners and processors express their policies as predicates attached to queries. The language covers purpose limitation and storage limitation under Article 5 of the GDPR, the right of access under Article 15, the right to erasure (right to be forgotten) under Article 17, the right to object under Article 21, and records of processing activities under Article 30. Provisions handled in higher application layers, such as breach notification, fall outside the database scope.

The researchers built prototypes for unmodified Redis and RocksDB and tested them on an AMD SEV-SNP server using the YCSB benchmark and GDPR-specific workloads. GDPRuler achieves an average throughput of approximately 61% of the native database throughput. The Confidential Virtual Machine is the primary contributor to this overhead, accounting for 28% to 32%, with the remainder coming from the compliance layer and encryption. Tamper-proof logging reduces throughput by about 2% because writes are performed out of the main path in batches. Storing metadata increases the database footprint by 8.9% for Redis and 19.8% for RocksDB. GDPR-specific queries see the greatest improvements; for example, retrieving all data for a single individual runs 13 to 182 times faster after GDPRuler indexes the metadata.

The system protects audit logs from rollback attacks through freshness checks, but rollback of the underlying database data is outside its scope. Side-channel attacks and denial-of-service attacks are also excluded. The prototype omits range queries. The same metadata fields and execution interface can be mapped to other privacy laws, including the California Consumer Privacy Act and Virginia’s Consumer Data Protection Act, with differences reflected in the selection of policy rules.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com