Using Trusted Execution Environments for Secure Stream Processing of Medical Data

Segarra, Carlos; Delgado-Gonzalo, Ricard; Lemay, Mathieu; Aublin, Pierre-Louis; Pietzuch, Peter; Schiavoni, Valerio

doi:10.1007/978-3-030-22496-7_6

Cited by 18 publications

(14 citation statements)

References 25 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some papers propose data leak protection, by screening data and comparing fingerprints [24]- [30]. Segarra et al [31] propose an architecture to securely stream medical data using Trusted Execution Environments, while Zuo et al investigate data leakage in mobile applications interaction with the cloud [32].…”

Section: Related Workmentioning

confidence: 99%

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Miller

Mérindol

Gallais³

et al. 2021

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)

View full text Add to dashboard Cite

Companies like Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows. This shift towards the cloud environment has led to more and more data leaks and breaches, resulting in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry.In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zerotrust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified policy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Miller

Mérindol

Gallais³

et al. 2021

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)

View full text Add to dashboard Cite

show abstract

“…Comparing our platform with the existing state-of-the-art systems, SafeSpark differs from the hardware-based approaches [31,32,35] since it enables the use of deterministic schemes to compute equality and order operations. This functionality makes it possible to achieve better performance results while relaxing the security guarantees.…”

Section: Discussionmentioning

confidence: 99%

“…Segarra et al in [32] propose a secure processing system build on top of Spark Streaming that uses Intel SGX to compute stream analytics over public untrusted clouds. This solution offers security guarantees similar to those proposed in Opaque without requiring changes to applications code.…”

Section: Related Workmentioning

confidence: 99%

On the Trade-Offs of Combining Multiple Secure Processing Primitives for Data Analytics

Carvalho

Cruz

Pontes

et al. 2020

Distributed Applications and Interoperable Systems

View full text Add to dashboard Cite

Cloud Computing services for data analytics are increasingly being sought by companies to extract value from large quantities of information. However, processing data from individuals and companies in third-party infrastructures raises several privacy concerns. To this end, different secure analytics techniques and systems have recently emerged. These initial proposals leverage specific cryptographic primitives lacking generality and thus having their application restricted to particular application scenarios. In this work, we contribute to this thriving body of knowledge by combining two complementary approaches to process sensitive data.We present SafeSpark, a secure data analytics framework that enables the combination of different cryptographic processing techniques with hardware-based protected environments for privacy-preserving data storage and processing. SafeSpark is modular and extensible therefore adapting to data analytics applications with different performance, security and functionality requirements.We have implemented a SafeSpark's prototype based on Spark SQL and Intel SGX hardware. It has been evaluated with the TPC-DS Benchmark under three scenarios using different cryptographic primitives and secure hardware configurations. These scenarios provide a particular set of security guarantees and yield distinct performance impact, with overheads ranging from as low as 10% to an acceptable 300% when compared to an insecure vanilla deployment of Apache Spark.

show abstract

“…CaSE [44] is a cache-assisted secure execution framework for the TRUSTZONE to defend against multiple attacks. Others [28,36,41] have implemented frameworks for TEEs to securely process data streams that could benefit from KEVLAR-TZ. However, while such projects have implemented full-fledged frameworks, KEVLAR-TZ provides a lean and resource-efficient cache with an easy-to-use API for applications that need fast access to persistent data.…”

Section: Related Workmentioning

confidence: 99%

KEVLAR-TZ: A Secure Cache for ARM TrustZone

Benedito¹,

Delgado-Gonzalo²,

Schiavoni³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KEVLAR-TZ, an application-level trusted cache designed to leverage ARM TRUSTZONE, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KEVLAR-TZ exposes a REST-based interface with connection endpoints inside the TRUSTZONE enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KEVLAR-TZ on top of the OP-TEE framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TRUSTZONE. KEVLAR-TZ is available as open-source at https://github.com/mqttz/kevlar-tz/.

show abstract

Using Trusted Execution Environments for Secure Stream Processing of Medical Data

Cited by 18 publications

References 25 publications

Towards Secure and Leak-Free Workflows Using Microservice Isolation

Towards Secure and Leak-Free Workflows Using Microservice Isolation

On the Trade-Offs of Combining Multiple Secure Processing Primitives for Data Analytics

KEVLAR-TZ: A Secure Cache for ARM TrustZone

Contact Info

Product

Resources

About