End-to-end (E2E) security is increasingly being used as a means to maintain data-at-rest and data-in-transit confidentiality. Within the end-to-end security paradigm, data is encrypted very close to its source at the client side, and the client is the only one in possession of the keys used to encrypt; thus no information is revealed to the cloud provider or other cloud provider tenants.
Database management systems are integral components of many systems as they provide a well-established, efficient and scalable way of processing large amounts of data. Under the cloud paradigm, it becomes extremely appealing to preserve the ability to process data after its migration to the cloud. However, on-demand databases outsourced in the cloud are vulnerable to additional attacks compared to on-premise databases. While the cloud provider organization is usually trusted, its employees like database operators may misuse their elevated privileges to access cloud data.