704 research outputs found
SGX-MR-Prot: Efficient and Developer-Friendly Access-Pattern Protection in Trusted Execution Environments
Trusted Execution Environments, such as Intel SGX, use hardware supports to
ensure the confidentiality and integrity of applications against a compromised
cloud system. However, side channels like access patterns remain for
adversaries to exploit and obtain sensitive information. Common approaches use
oblivious programs or primitives, such as ORAM, to make access patterns
oblivious to input data, which are challenging to develop. This demonstration
shows a prototype SGX-MR-Prot for efficiently protecting access patterns of
SGX-based data-intensive applications and minimizing developers' efforts.
SGX-MR-Prot uses the MapReduce framework to regulate application dataflows to
reduce the cost of access-pattern protection and hide the data oblivious
details from SGX developers. This demonstration will allow users to intuitively
understand the unique contributions of the framework-based protection approach
via interactive exploration and visualization.Comment: arXiv admin note: text overlap with arXiv:2009.0351
Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment
With the evolution of computer systems, the amount of sensitive data to be
stored as well as the number of threats on these data grow up, making the data
confidentiality increasingly important to computer users. Currently, with
devices always connected to the Internet, the use of cloud data storage
services has become practical and common, allowing quick access to such data
wherever the user is. Such practicality brings with it a concern, precisely the
confidentiality of the data which is delivered to third parties for storage. In
the home environment, disk encryption tools have gained special attention from
users, being used on personal computers and also having native options in some
smartphone operating systems. The present work uses the data sealing, feature
provided by the Intel Software Guard Extensions (Intel SGX) technology, for
file encryption. A virtual file system is created in which applications can
store their data, keeping the security guarantees provided by the Intel SGX
technology, before send the data to a storage provider. This way, even if the
storage provider is compromised, the data are safe. To validate the proposal,
the Cryptomator software, which is a free client-side encryption tool for cloud
files, was integrated with an Intel SGX application (enclave) for data sealing.
The results demonstrate that the solution is feasible, in terms of performance
and security, and can be expanded and refined for practical use and integration
with cloud synchronization services
Glimmers: Resolving the Privacy/Trust Quagmire
Many successful services rely on trustworthy contributions from users. To
establish that trust, such services often require access to privacy-sensitive
information from users, thus creating a conflict between privacy and trust.
Although it is likely impractical to expect both absolute privacy and
trustworthiness at the same time, we argue that the current state of things,
where individual privacy is usually sacrificed at the altar of trustworthy
services, can be improved with a pragmatic , which allows
services to validate user contributions in a trustworthy way without forfeiting
user privacy. We describe how trustworthy hardware such as Intel's SGX can be
used client-side -- in contrast to much recent work exploring SGX in cloud
services -- to realize the Glimmer architecture, and demonstrate how this
realization is able to resolve the tension between privacy and trust in a
variety of cases
- …