You want to crunch top-secret data securely? CryptDB may be the app for that

There are lots of applications for data crunching in the security-obsessed worlds of the defense, healthcare, and financial services industries. The problem is that these organizations have a hard time crunching all that data without potentially exposing it to prying eyes. Sure, it would be great to pump it all into Amazon(s amzn) Web Services and then run a ton of analytics, but that whole public cloud thing is problematic for these kinds of companies.

Dr. Sam Madden of MIT's CSAIL lab.

Dr. Sam Madden of MIT’s CSAIL lab.

CryptDB, a project out of MIT’s Computer Science and Artificial Intelligence Lab, (CSAIL) may be a solution for this problem. In theory, it would let you glean insights from your data without letting even your own personnel “see” that data at all, said Dr. Sam Madden, CSAIL director, on Friday.

“The goal is to run SQL on encrypted data, you don’t even allow your admin to decrypt any of that data and that’s important in cloud storage, Madden said at an SAP(s sap)-sponsored event at Hack/reduce in Cambridge, Mass.

He described the technology in broad strokes but it involves an unmodified MySQL or Postgres app on the front end that talks to a CryptDB query rewriter in the middle which in turn talks to a MySQL instance at the back end.

According to CryptDB’s web page:

“It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in.”

The technology is being built by a team including Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich and Hari Balarkishan.

CryptDB  could also run in a private cloud but there are still some big implementation questions. Asked how CryptDB would negotiate data transmission through firewalls, for example, Madden punted. “That’s not something we’re focusing on. The great thing about being an academic is we can ignore some problems,” he said.