A Lightweight MapReduce Framework for Secure Processing with SGX

Pires, Rafael; Gavril, Daniel; Felber, Pascal; Onica, Emanuel; Pasin, Marcelo

doi:10.1109/ccgrid.2017.129

Cited by 21 publications

(12 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SGX-based data computing. To the best of our knowledge, all works regarding executing data oriented task using SGX have a unique controller (e.g, [15,29,33]), as opposed to our setting where no unique individual is supposed to be in control of the computation. Additionally, most of the time this controller also provides the data to be computed on.…”

Section: Secure Database Computations Alternativesmentioning

confidence: 99%

Secure Distributed Queries over Large Sets of Personal Home Boxes

Ladjel

Anciaux

Pelletier

et al. 2020

Transactions on Large-Scale Data- And Knowledge-Centered Systems XLIV

View full text Add to dashboard Cite

Smart disclosure initiatives and new regulations such as GDPR allow individuals to get the control back on their data by gathering their entire digital life in a Personal Data Management Systems (PDMS). Multiple PDMS architectures exist and differ on their ability to preserve data privacy and to perform collective computations crossing data of multiple individuals (e.g., epidemiological or social studies) but none of them satisfy both objectives. The emergence of Trusted Execution Environments (TEE) changes the game. We propose a solution called Trusted PDMS, combining the TEE and PDMS properties to manage the data of each individual, and a complete framework to execute collective computation on top of them, with strong privacy and fault tolerance guarantees. We demonstrate the practicality of the solution through a real case-study being conducted over 10.000 patients in the healthcare field.

show abstract

Section: Secure Database Computations Alternativesmentioning

confidence: 99%

Secure Distributed Queries over Large Sets of Personal Home Boxes

Ladjel

Anciaux

Pelletier

et al. 2020

Transactions on Large-Scale Data- And Knowledge-Centered Systems XLIV

View full text Add to dashboard Cite

show abstract

“…This special hypervisor is a fork from the popular KVM hypervisor and is maintained by Intel 10 . For cloud environments without KVM, an alternative is to consider bare-metal instances (e.g., using OpenStack Ironic 11 or infrastructure containers (e.g., LXD 12 ), which could directly access the non-virtualized SGX device. In addition, the OpenStack Magnum component instantiates Kubernetes clusters on demand, clusters which now need to be aware of SGX.…”

Section: Infrastructure Servicesmentioning

confidence: 99%

“…Additionally, data processing services are also offered. One example is the usage of MapReduce paradigm for secure data processing [12]. Another example is a set of modifications made on Apache Spark that enable encrypted data to be processed in a way that decryption is done only inside enclaves.…”

Section: Platform Servicesmentioning

confidence: 99%

Secure end-to-end processing of smart metering data

et al. 2019

Self Cite

View full text Add to dashboard Cite

Cloud computing considerably reduces the costs of deploying applications through on-demand, automated and fine-granular allocation of resources. Even in private settings, cloud computing platforms enable agile and self-service management, which means that physical resources are shared more efficiently. Cloud computing considerably reduces the costs of deploying applications through on-demand, automated and fine-granular allocation of resources. Even in private settings, cloud computing platforms enable agile and self-service management, which means that physical resources are shared more efficiently. Nevertheless, using shared infrastructures also creates more opportunities for attacks and data breaches. In this paper, we describe the SecureCloud approach. The SecureCloud project aims to enable confidentiality and integrity of data and applications running in potentially untrusted cloud environments. The project leverages technologies such as Intel SGX, OpenStack and Kubernetes to provide a cloud platform that supports secure applications. In addition, the project provides tools that help generating cloud-native, secure applications and services that can be deployed on potentially untrusted clouds. The results have been validated in a real-world smart grid scenario to enable a data workflow that is protected end-to-end: from the collection of data to the generation of high-level information such as fraud alerts.

show abstract

“…Due to hardware limitations, the PRM has a maximum size of 128MB per Socket. In the literature, SGX has been used for privacy sensitive operations in the clouds, such as private web search [19], or MapReduce [20].…”

Section: Introductionmentioning

confidence: 99%

MaskAl: Privacy Preserving Masked Reads Alignment using Intel SGX

Lambert

Fernandes

Decouchant

et al. 2018

2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS)

View full text Add to dashboard Cite

The recent introduction of new DNA sequencing techniques caused the amount of processed and stored biological data to skyrocket. In order to process these vast amounts of data, bio-centers have been tempted to use low-cost public clouds. However, genomes are privacy sensitive, since they store personal information about their donors, such as their identity, disease risks, heredity and ethnic origin. The first critical DNA processing step that can be executed in a cloud, i.e., read alignment, consists in finding the location of the DNA sequences produced by a sequencing machine in the human genome. While recent developments aim at increasing performance, only few approaches address the need for fast and privacy preserving read alignment methods. This paper introduces MaskAl, a novel approach for read alignment. MaskAl combines a fast preprocessing step on raw genomic data-filtering and masking-with established algorithms to align sanitized reads, from which sensitive parts have been masked out, and refines the alignment score using the masked out information with Intel's software guard extensions (SGX). MaskAl is a highly competitive privacy-preserving read alignment software that can be massively parallelized with public clouds and emerging enclave clouds. Finally, MaskAl is nearly as accurate as plain-text approaches (more than 96% of aligned reads with MaskAl compared to 98% with BWA) and can process alignment workloads 87% faster than current privacy-preserving approaches while using less memory and network bandwidth.

show abstract

A Lightweight MapReduce Framework for Secure Processing with SGX

Cited by 21 publications

References 16 publications

Secure Distributed Queries over Large Sets of Personal Home Boxes

Secure Distributed Queries over Large Sets of Personal Home Boxes

Secure end-to-end processing of smart metering data

MaskAl: Privacy Preserving Masked Reads Alignment using Intel SGX

Contact Info

Product

Resources

About