Performance principles for trusted computing with intel SGX

Accepted manuscript version of the following article Gjerdrum, A.T., Pettersen, R., Johansen, H.D. & Johansen, D. (2018). Performance principles for trusted computing with intel SGX. Communications in Computer and Information Science, 864. © Springer International Publishing AG, part of Springer Nature 2018. Published version available at https://doi.org/10.1007/978-3-319-94959-8_1.Cloud providers offering Software-as-a-Service (SaaS) are increasingly being trusted by customers to store sensitive data. Companies often monetize such personal data through curation and analysis, providing customers with personalized application experiences and targeted advertisements. Personal data is often accompanied by strict privacy and security policies, requiring data processing to be governed by non-trivial enforcement mechanisms. Moreover, to offset the cost of hosting the potentially large amounts of data privately, SaaS companies even employ Infrastructure-as-a-Service (IaaS) cloud providers not under the direct supervision of the administrative entity responsible for the data. Intel Software Guard Extensions (SGX) is a recent trusted computing technology that can mitigate some of these privacy and security concerns through the remote attestation of computations, establishing trust on hardware residing outside the administrative domain. This paper investigates and demonstrates the added cost of using SGX, and further argues that great care must be taken when designing system software in order to avoid the performance penalty incurred by trusted computing. We describe these costs and present eight specific principles that application authors should follow to increase the performance of their trusted computing systems

Javza : a runtime supporting dynamic app configuration and integration in asymmetric systems

The advent of cloud computing alongside with pervasive form factors such as smart devices, introduces a new meaning to asymmetric system models. These new clients act as a presentational layer alleviating much of the computational and storage concerns to cloud services. The application platforms associated with these creates new opportunities for third party developers to provide domain specific applications (apps) to smart devices. Restricted interaction surfaces on smart device introduce new challenges to how apps are managed on these. Moreover, for security purposes as well as strict resource requirements, apps running in these environments are commonly subject to very strict isolation. We conjure that there are benefits with allowing automatic configuration apps onto a client system. Furthermore, we suggest that integration between apps residing at the same host, as well as different hosts, is beneficial to system functionality. By enabling this we could alleviate much of the interaction necessary for users and reduce the time consumed in using such smart devices. The concrete asymmetric system explored in this thesis is the Windows 8 app platform. This platform poses several hindrances to our conjecture. For security reasons, automatic configuration of apps onto a client system is prohibited. Apps run inside a sandboxed environment where they are isolated from the system and other apps. Access to resources is prohibited unless explicitly allowed by the user. As a consequence, communication between apps is forbidden. This is further complicated by the fact that apps in this environment are suspended when not in use. This thesis introduces Javza, a runtime to support dynamic app configuration and integration in Windows 8. Javza provides support for automatic installment of apps based on simplified contextual information. Furthermore, it provides app integration by allowing apps to share data, both within the same and across different systems. We present and evaluate the associated performance costs of deploying Javza inside a Windows 8 environment. We further evaluate the applicability of Javza by implementing a specific use case involving collaborative search. Lastly we discuss some of the security implications associated with our design, and some future improvements in Windows 8 to support our conjecture

Diggi: A Distributed Serverless Runtime for Developing Trusted Cloud Services

Cloud computing offers the convenience of outsourcing storage and processing power to a public shared environment. Physical infrastructure is managed by the cloud provider, allowing hosted services to be deployed without any upfront investment. Cloud infrastructure may additionally manage deployment, migration, scalability, and fault tolerance, transparently from the hosted service. Serverless computing, and more specifically Functions-as-a-Service, is a natural continuation of this trend, narrowing the computational scope down to individually deployable cloud functions, which are scalable and billable on demand. Contemporary cloud services require that sensitive data such as user identifiable information be protected from unauthorized access. However, a conventional cloud security threat models assumes that the underlying public cloud infrastructure can be trusted. Physical attacks on server hardware conducted by an unfaithful employee may compromise the entire software stack. Moreover, a compromised operating system or hypervisor may directly inspect information in less privileged execution contexts. Dedicated hardware such as Trusted Execution Environments (TEE) mitigate such attacks by enabling privileged application containers, protected from inspection by the untrusted underlying system. Intel SGX introduces one such hardware system implementing support for hosting secure segments of code and data (enclaves) on commodity x86-64 platforms. Enclaves may be attested remotely, however the attestation evidence is limited to the enclave’s initial state. SGX is considered feature rich compared to similar TEEs, however, the threat model of SGX leads to some architectural intrinsics which may impact the runtime performance. This thesis present the design and implementation of Diggi; an efficient trusted cloud function runtime implemented in SGX. Diggi enables the development of secure applications, composed of multiple persistent and accountable cloud functions which may be jointly authenticated through co-attestation. We demonstrate that the design of Diggi is practical, and additionally, that it reduces the overhead of SGX compared with standard runtime execution techniques. We further demonstrate the applicability of Diggi by implementing two pseudo- real application workloads demonstrating a database management system and a machine learning inference pipeline on top of the Diggi runtime

PMData: a sports logging dataset

publishedVersio

PMData: a sports logging dataset

In this paper, we present PMData: a dataset that combines traditional lifelogging data with sports-activity data. Our dataset enables the development of novel data analysis and machine-learning applications where, for instance, additional sports data is used to predict and analyze everyday developments, like a person's weight and sleep patterns; and applications where traditional lifelog data is used in a sports context to predict athletes' performance. PMData combines input from Fitbit Versa 2 smartwatch wristbands, the PMSys sports logging smartphone application, and Google forms. Logging data has been collected from 16 persons for five months. Our initial experiments show that novel analyses are possible, but there is still room for improvement