VC3: Trustworthy Data Analytics in the Cloud Using SGX

Schuster, Félix; Costa, Manuel; Fournet, Cédric; Gkantsidis, Christos; Peinado, Marcus; Mainar-Ruiz, Gloria; Russinovich, Mark

doi:10.1109/sp.2015.10

Cited by 485 publications

(345 citation statements)

References 50 publications

Supporting

Mentioning

332

Contrasting

Unclassified

Order By: Relevance

“…A malicious adversary, in contrast, can modify data in the storage and deviate the worker from its execution path. Such adversaries are considered by other works [20,44]. Although our security model considers only honest-but-curious adversary, we believe that our approach remains applicable against malicious adversary.…”

Section: Computation and Adversary Modelmentioning

confidence: 99%

“…Cipherbase [8] extends TrustedDB's idea to offer a fullfledged SQL database system with data confidentiality. V C3 [44] employs Intel SGX processors to build a general-purposed data analytics system. In particular, it supports MapReduce computations, and protects both data and the code inside SGX's enclaves.…”

Section: Related Workmentioning

confidence: 99%

“…A line of recent works have advocated an approach of combining encryption with trusted computing primitives that offer a confidentiality and integrity protected execution environment [8,11,44]. This trusted environment can be provisioned by either hardware (e.g., IBM 4767 PCIeCC2 [3], Intel SGX [4]) or hardwaresoftware combination [34,35].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute

Dang

Dinh

Chang

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:We consider privacy-preserving computation of big data using trusted computing primitives with limited private memory. Simply ensuring that the data remains encrypted outside the trusted computing environment is insufficient to preserve data privacy, for data movement observed during computation could leak information. While it is possible to thwart such leakage using generic solution such as ORAM [42], designing efficient privacy-preserving algorithms is challenging. Besides computation efficiency, it is critical to keep trusted code bases lean, for large ones are unwieldy to vet and verify. In this paper, we advocate a simple approach wherein many basic algorithms (e.g., sorting) can be made privacy-preserving by adding a step that securely scrambles the data before feeding it to the original algorithms. We call this approach Scramblethen-Compute (StC), and give a sufficient condition whereby existing external memory algorithms can be made privacy-preserving via StC. This approach facilitates code-reuse, and its simplicity contributes to a smaller trusted code base. It is also general, allowing algorithm designers to leverage an extensive body of known efficient algorithms for better performance. Our experiments show that StC could offer up to 4.1× speedups over known, application-specific alternatives.

show abstract

Section: Computation and Adversary Modelmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute

Dang

Dinh

Chang

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Different forms of memory-based array were deployed for this purpose using external interface of input-output. Schuster et al [32] have presented a technique that secured analytical framework that uses MapReduce framework. Yang et al [33] have introduced the mechanism of attribute-based encryption for addressing the problem of secured access control.…”

Section: Researches Performed On Big Data Securitymentioning

confidence: 99%

Content an Insight to Security Paradigm for BigData on Cloud: Current Trend and Research

Dule¹,

Girijamma²

2017

IJECE

View full text Add to dashboard Cite

The sucesssive growth of collabrative applications producing Bigdata on timeline leads new opprutinity to setup commodities on cloud infrastructure. Mnay organizations will have demand of an efficient data storage mechanism and also the efficient data analysis. The Big Data (BD) also faces some of the security issues for the important data or information which is shared or transferred over the cloud. These issues include the tampering, losing control over the data, etc. This survey work offers some of the interesting, important aspects of big data including the high security and privacy issue. In this, the survey of existing research works for the preservation of privacy and security mechanism and also the existing tools for it are stated. The discussions for upcoming tools which are needed to be focused on performance improvement are discussed. With the survey analysis, a research gap is illustrated, and a future research idea is presented

show abstract

“…Estes são implementados para garantir a integridade e privacidade das informações durante todo o processamento, até mesmo em eventuais comprometimentos do sistema operacional ou do hipervisor. A proposta traz implicações diretas ao paradigma de computação nas nuvens (i.e., cloud computing), possibilitando ofertar garantias de integridade e privacidadeàs aplicações em níveis não atingíveis até o momento [2].Enquanto o SGX não estiver amplamente disponível, podese empregar um emulador como o OpenSGX [3] para reproduzir as diversas funcionalidades do SGX. Os recursos oferecidos pelo OpenSGX propiciam, além de uma prévia experiência com um sistema de enclaves, a possibilidade de uma avaliação a priori sobre o custo adicional em processamento imposto pelo SGX.…”

unclassified

Avaliação do Intel Software Guard Extensions via Emulação

Spohn

Trebien

2018

RITA

View full text Add to dashboard Cite

Abstract:The Intel Software Guard Extensions (SGX) technology, recently introduced in the new generations of x86 processors, allows the execution of applications in a fully protected environment (i.e., within enclaves). Because it is a recent technology, machines that rely on this technology are still a minority. In order to evaluate the SGX, an emulator of this technology (called OpenSGX) implements and replicates the main functionalities and structures used in SGX. The focus is to evaluate the resulting overhead from running an application within an environment with emulated SGX. For the evaluation, benchmark applications from the MiBench platform were employed. As performance metrics, we gathered the total number of instructions and the total number of CPU cycles for the execution of each application with and without OpenSGX. Keywords: trusted execution environment -software guard extensions -emulator Resumo: Ao permitir a execução de aplicações em um contexto totalmente protegido (i.e., dentro de enclaves), amplia-se as possibilidades para as novas gerações de processadores Intel da família x86 com a extensão Software Guard Extensions (SGX). Por se tratar de uma tecnologia recente, as máquinas que contam com essa tecnologia ainda são minoria. Objetivando avaliar o SGX, utilizou-se um emulador dessa tecnologia denominado OpenSGX, o qual implementa e reproduz as principais funcionalidades e estruturas utilizadas no SGX. O enfoque consistiu em avaliar o overhead, em termos de processamento, resultante da execução de uma aplicação em um ambiente com o SGX emulado. Para a avaliação, empregou-se aplicações de benchmark da plataforma MiBench, modificando-as para compatibilizar a execução em enclaves no OpenSGX. Como métricas de desempenho, coletou-se o número total de instruções e o número total de ciclos de CPU para a execução completa de cada aplicação com e sem o OpenSGX. IntroduçãoAs tecnologias de hardware voltadasà computação confiável disponibilizam recursos e mecanismos para a criação e manutenção de ambientes de execução confiável (Trusted Execution Environment, TEE). Considera-se, de modo geral, que a execuçãoé confiável em ambientes onde o controle sobre o sistemaé pleno [1]. Recursos de TEE não constam, habitualmente, em processadores populares (e.g., família Intel x86). No entanto, a Intel introduziu, em agosto de 2015, a extensão denominada Software Guard Extensions (SGX) a partir da sexta geração da família x86, propondo-se como uma plataforma padrão de TEE nos processadores Intel.Com o SGX, possibilita-se o isolamento da aplicação no momento de sua execução, utilizando-se estruturas a nível de hardware denominadas de enclaves. Estes são implementados para garantir a integridade e privacidade das informações durante todo o processamento, até mesmo em eventuais comprometimentos do sistema operacional ou do hipervisor. A proposta traz implicações diretas ao paradigma de computação nas nuvens (i.e., cloud computing), possibilitando ofertar garantias de integridade e privacidadeàs aplicações em níveis n...

show abstract

VC3: Trustworthy Data Analytics in the Cloud Using SGX

Cited by 485 publications

References 50 publications

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute

Content an Insight to Security Paradigm for BigData on Cloud: Current Trend and Research

Avaliação do Intel Software Guard Extensions via Emulação

Contact Info

Product

Resources

About