Guidelines for Using the CryptDB System Securely.

This report has two goals. First, we review guidelines for using the CryptDB system [PRZB11, Pop14] securely by the administrators of database applications. These guidelines were already described in [PRZB11] and elaborated on in [Pop14], but in light of some recent work [NKW15] that applied these guidelines incorrectly, a short document devoted to summarizing these guidelines may be useful. Second, we explain that the study of Naveed, Kamara, and Wright [NKW15] represents an unsafe usage of CryptDB, violating CryptDB’s security guidelines. Hence, the conclusions drawn in that paper regarding CryptDB’s guarantees for medical applications are incorrect: had the guidelines been followed, none of the claimed attacks would have been possible.