CMOS and beyond CMOS
Discover why imec is the premier R&D center for advanced logic & memory devices. anced logic & memory devices.
Connected health solutions
Explore the technologies that will power tomorrow’s wearable, implantable, ingestible and non-contact devices.
Life sciences
See how imec brings the power of chip technology to the world of healthcare.
Sensor solutions for IoT
Dive into innovative solutions for sensor networks, high speed networks and sensor technologies.
Artificial intelligence
Explore the possibilities and technologies of AI.
More expertises
Discover all our expertises.
Be the first to reap the benefits of imec’s research by joining one of our programs or starting an exclusive bilateral collaboration.
Build on our expertise for the design, prototyping and low-volume manufacturing of your innovative nanotech components and products.
Use one of imec’s mature technologies for groundbreaking applications across a multitude of industries such as healthcare, agriculture and Industry 4.0.
Venturing and startups
Kick-start your business. Launch or expand your tech company by drawing on the funds and knowhow of imec’s ecosystem of tailored venturing support.


Middleware for scalable, attribute-based querying of multitenant, cloud-based databases

There is a growing trend to subscribe to software services in the cloud. An example is a large corporation that creates, views, and manages massive amounts of invoices in the cloud through a SaaS service (Software as a Service). However, in general such services don’t offer many possibilities to restrict queries based on e.g. security or privacy considerations. And without such restrictions, an individual account manager, for example, can query and see all the invoices, irrespective of his role, assigned customers, or region. In addition, the SaaS provider cannot easily make its database multitenant, i.e. shared by a number of its customers.

A common way to solve this problem today is for the SaaS providers to set up separate installations per customer and to program the security logic in the application, a solution that is most often not efficient, error-prone, difficult to audit and expensive to adapt.

With SEQUOIA, we aimed to develop a generic solution for SaaS providers. A solution that allows them to set up one multitenant database while giving each of their customers the possibility to define fine-grained, attribute-based security rules. In the invoice example, the corporation using SaaS would then be able to set restrictions on viewing and modifying invoices based on e.g. region, responsibility, or account management.

Koen Handekyn, project lead and CEO of UP-nxt, says: “The solution we came up with in a real innovation compared to the state-of-the-art. In essence, it tailors the queries before they are executed, instead of having the application filter the results after a database search. This rewriting and compacting of queries is done by an add-on module, at the level of the data access middleware, and thus separated from the database or customer applications. This allows SaaS providers like us to add value to our service without having to install new databases or middleware, or reprogram the applications. And each of our customers can add its own rules, in a declarative language that is easy to use and to audit.”

Project outcomes

  • A security solution to enforce complex, custom authorization rules in search queries, with guarantees for safety, correctness and performance
  • Security middleware for SaaS, generic and application-independent
  • Validated in multiple storage and query architectures, with proof-of-concept in state-of-the-art data access middleware
  • Demonstrators in the three application domains of the partners



Middleware for scalable, attribute-based querying of multitenant, cloud-based databases.

SEQUOIA is an imec.icon research project funded by imec and IWT.

It ran from 01.01.2015 until 31.12.2016.

Project information


  • ESAS
  • UP-nxt
  • Verizon


  • imec - DistriNet - KU Leuven
  • imec - IDLab


  • Research Lead: Wouter Joosen
  • Project Lead: Koen Handekyn
  • Innovation Manager: Stefan Van Baelen