Skip to content

Brief introduction: SQLite's Virtual File System

Sebastian edited this page Sep 3, 2020 · 1 revision

📣 General

The Virtual File System of SQLite (VFS) serves as a layer between the file system and the SQLite database. This makes it possible to create your own implementations for various SQLite operations. Especially for non-trivial file systems or file systems with additional logic (e.g. Intel SGX Secure File API) or with synchronization mechanisms can be accessed via the SQLite library. Since SQLite is a file-based database system, the typical file functions of C must be newly implemented. In our case we will realize the integration of SGX compliant encryption and decryption of data by reimplementing the individual functions.

For SQLite logic, the VFS abstraction makes it look like a normal file system. Hidden for the library, the encryption and decryption operations are performed by Intel's SGX Secure File API.

The following sequence diagram contains a sketch of an early planning phase that explains the basic idea in an understandable way. uml_datasealing-architecture-vfs

For the implementation it was necessary to understand the overall structure. Therefore we thank the helpful reference implementation of Tomaka17 on StackOverflow, see using-sqlite-with-stdiostream.