Cumulus4j uses encryption in order to protect your data.
Before data is written to the data store, it gets encrypted by Cumulus4j. Cumulus4j also decrypts data before it is used by your application. All this happens transparently to your application.
The Cumulus4j datastructure is depicted below. It stores objects in a manner that hides relations of field values i.e. which values occur together in an object.
In the table ClassMeta, metadata about objects is stored. Each ClassMeta entry has a list of references to the FieldMeta entries of the fields of the class. In the table FieldMeta, metadata about object fields is stored. Each FieldMeta entry has a reference to the ClassMeta entry of its class and may have references to its sub-fields. The table DataEntry holds encrypted representation of actual objects. These objects can be accessed through IndexEntry tables that hold index values and encrypted pointers to the DataEntry table. Additionally each index entry has a reference to the FieldMeta entry of its field.
We use state of the art probabilistic symmetric encryption schemes (e.g. AES with Galois/Counter mode and PKCS#5 padding) to protect your data. The encryption not only hides the content, it also makes sure that data manipulations will be detected. Cumulus4j applies encryption to the DataEntries and to the indices in the IndexEntries.
Cumulus4j transforms issued queries in order to execute them on the Cumulus4j Data Structure. Retrieved data is encrypted on-the-fly. Selections are executed efficiently in 4 Steps.
Cumulus4j provides Ind-ICP security for your data. This means, that it hides which attribute values belong together. An adversary copying your datastore cannot reconstruct the stored objects.
The Cumulus4j adapter can be used transparently to the application. It is integrated into DataNucleus and fully supports JDO and JPA.