Making the cloud prove it followed your privacy wishes

Making companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the regulators overseeing them have had limited means to confirm the data is gone or that the record of its removal is genuine.

GDPRuler, a middleware system from researchers at the Technical University of Munich and the University of Lisbon, sits between an application and an unmodified key-value database and enforces privacy rules as data passes through it. The weakness it addresses is structural. The cloud operator, its administrators, and a compromised hypervisor can read or alter the stored data and the audit logs meant to document lawful processing.

Detailed view of GDPRuler system (Source: Research paper)

Enforcement inside a sealed environment

GDPRuler runs its enforcement logic inside a Confidential Virtual Machine, a hardware-isolated environment supported by AMD SEV-SNP, Intel TDX, and ARM CCA. The isolation keeps the cloud provider and other privileged software from reading the system’s memory or tampering with its decisions. Remote attestation lets an outside party verify that the deployment is authentic and running the expected code before any data is exchanged.

The system intercepts every database operation. It attaches compliance metadata to each key-value pair, recording the data owner, the permitted purposes, sharing permissions, retention period, and prohibited uses. When a data processor requests a record, the monitor checks the processor’s declared purpose against the owner’s stored policy and the owner’s objections. A request with a purpose the owner objected to is denied and logged.

A tamper-evident record for auditors

The audit trail is the part built for verification. Each compliance-relevant operation produces a log entry. Entries are batched, encrypted, and protected with a message authentication code and a counter held inside the Confidential Virtual Machine. The counter increases with each batch. During an audit, a regulator with a registered key can retrieve the logs, and the system checks the integrity codes and counter sequence. A gap or an altered value indicates tampering or a rollback attempt.

The team verified the attestation and logging protocols with the Tamarin Prover under a Dolev-Yao attacker model, a setting in which the attacker controls the network and can add, delete, or modify log entries in storage. The analysis confirmed that a validated log contains every entry it should and only genuine entries.

Translating legal rules into code

GDPRuler includes a policy language that compiles GDPR obligations into runtime checks. Data owners and processors express their policies as predicates attached to queries.

The language covers purpose limitation and storage limitation under Article 5, the right of access under Article 15, the right to be forgotten under Article 17, the right to object under Article 21, and records of processing activities under Article 30. Articles handled higher in the application stack, such as breach notification, sit outside the database scope.

Performance and limits

The researchers built a prototype for unmodified Redis and RocksDB and tested it with YCSB benchmarks and GDPR-specific workloads on an AMD SEV-SNP server. GDPRuler reached about 61 percent of native database throughput on average. The Confidential Virtual Machine accounted for most of that cost, contributing 28 to 32 percent of the overhead, with the compliance layer and encryption adding the remainder. The tamper-evident logging reduced throughput by around 2 percent because writes happen off the main path in batches.

Storage metadata raised the database footprint by 8.9 percent for Redis and 19.8 percent for RocksDB. GDPR-specific queries gained the largest improvement. Operations such as retrieving all of one person’s data, which otherwise scan the entire store, ran 13 to 182 times faster once GDPRuler indexed the metadata.

The system has defined boundaries. It protects audit logs against rollback through freshness checks. Rollback of the underlying database data sits outside its scope, a design decision made to preserve compatibility with how databases store records. Side-channel and denial-of-service attacks are also excluded. The prototype omits range queries, and the evaluation left out one benchmark workload representing regulators because the original was unavailable.

The result is a storage layer that enforces privacy rules and produces evidence regulators can check, running on cloud infrastructure controlled by an untrusted operator. The same metadata fields and enforcement hooks map onto other privacy laws, including the California Consumer Privacy Act and Virginia’s Consumer Data Protection Act, with the differences captured in the choice of policy rules.

Download: Simplify security management with CIS SecureSuite Platform