CryptDB is a system that provides practical and provable confidentiality for applications backed by SQL databases. It executes SQL queries over encrypted data using efficient SQL-aware encryption schemes. CryptDB also chains encryption keys to user passwords, ensuring that data can only be decrypted by the password of a user with access. This prevents database administrators from accessing decrypted data and ensures confidentiality for logged-out users. An analysis of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the columns. CryptDB has low overhead, reducing throughput by 14.5% for phpBB and 26% for TPC-C queries compared to unmodified MySQL. It also provides strong security guarantees, protecting sensitive fields with highly secure encryption schemes. CryptDB addresses two main threats: a curious DBA trying to access private data and an adversary gaining control of application and DBMS servers. It ensures confidentiality for logged-out users even if servers are compromised. CryptDB uses three key ideas: executing SQL queries over encrypted data, adjustable query-based encryption, and chaining encryption keys to user passwords. It supports a wide range of SQL operations and has been implemented on MySQL and Postgres. CryptDB's design and implementation are applicable to most standard SQL DBMSes. It provides strong security guarantees, protecting sensitive data while allowing efficient query processing.CryptDB is a system that provides practical and provable confidentiality for applications backed by SQL databases. It executes SQL queries over encrypted data using efficient SQL-aware encryption schemes. CryptDB also chains encryption keys to user passwords, ensuring that data can only be decrypted by the password of a user with access. This prevents database administrators from accessing decrypted data and ensures confidentiality for logged-out users. An analysis of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the columns. CryptDB has low overhead, reducing throughput by 14.5% for phpBB and 26% for TPC-C queries compared to unmodified MySQL. It also provides strong security guarantees, protecting sensitive fields with highly secure encryption schemes. CryptDB addresses two main threats: a curious DBA trying to access private data and an adversary gaining control of application and DBMS servers. It ensures confidentiality for logged-out users even if servers are compromised. CryptDB uses three key ideas: executing SQL queries over encrypted data, adjustable query-based encryption, and chaining encryption keys to user passwords. It supports a wide range of SQL operations and has been implemented on MySQL and Postgres. CryptDB's design and implementation are applicable to most standard SQL DBMSes. It provides strong security guarantees, protecting sensitive data while allowing efficient query processing.