This prevalence of database breaches spurs more interests towards building secure databases in both academia and industry. There have been a set of proposed works that can protect data using advanced encryption schemes or hide query access patterns, albeit at some performance cost. However, recent work has also shown that volume leakage is a significant vulnerability that can be exploited to reconstruct the entire database even when using state-of-the-art designs with strongest security guarantees.
In this work, we present new attacks for recovering the content of individual user queries, assuming no leakage from the system except the number of results. Unlike previous volume-based attacks that rely on assumptions either too stringent or unrealistic for many real-world systems, our attacks directly leverage real application semantics running on top of these database systems. The key insight is that, by exploiting the behavior of specific applications, one can immediately have an attack without making further assumptions like prior work does about the underlying system.