56 research outputs found
Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms
The deployment of large-scale distributed systems, e.g., publish-subscribe
platforms, that operate over sensitive data using the infrastructure of public
cloud providers, is nowadays heavily hindered by the surging lack of trust
toward the cloud operators. Although purely software-based solutions exist to
protect the confidentiality of data and the processing itself, such as
homomorphic encryption schemes, their performance is far from being practical
under real-world workloads.
The performance trade-offs of two novel hardware-assisted memory protection
mechanisms, namely AMD SEV and Intel SGX - currently available on the market to
tackle this problem, are described in this practical experience.
Specifically, we implement and evaluate a publish/subscribe use-case and
evaluate the impact of the memory protection mechanisms and the resulting
performance. This paper reports on the experience gained while building this
system, in particular when having to cope with the technical limitations
imposed by SEV and SGX.
Several trade-offs that provide valuable insights in terms of latency,
throughput, processing time and energy requirements are exhibited by means of
micro- and macro-benchmarks.Comment: European Commission Project: LEGaTO - Low Energy Toolset for
Heterogeneous Computing (EC-H2020-780681
CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions
By regularly querying Web search engines, users (unconsciously) disclose
large amounts of their personal data as part of their search queries, among
which some might reveal sensitive information (e.g. health issues, sexual,
political or religious preferences). Several solutions exist to allow users
querying search engines while improving privacy protection. However, these
solutions suffer from a number of limitations: some are subject to user
re-identification attacks, while others lack scalability or are unable to
provide accurate results. This paper presents CYCLOSA, a secure, scalable and
accurate private Web search solution. CYCLOSA improves security by relying on
trusted execution environments (TEEs) as provided by Intel SGX. Further,
CYCLOSA proposes a novel adaptive privacy protection solution that reduces the
risk of user re- identification. CYCLOSA sends fake queries to the search
engine and dynamically adapts their count according to the sensitivity of the
user query. In addition, CYCLOSA meets scalability as it is fully
decentralized, spreading the load for distributing fake queries among other
nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real
query and the fake queries separately, in contrast to other existing solutions
that mix fake and real query results
SGX-Aware Container Orchestration for Heterogeneous Clusters
Containers are becoming the de facto standard to package and deploy
applications and micro-services in the cloud. Several cloud providers (e.g.,
Amazon, Google, Microsoft) begin to offer native support on their
infrastructure by integrating container orchestration tools within their cloud
offering. At the same time, the security guarantees that containers offer to
applications remain questionable. Customers still need to trust their cloud
provider with respect to data and code integrity. The recent introduction by
Intel of Software Guard Extensions (SGX) into the mass market offers an
alternative to developers, who can now execute their code in a hardware-secured
environment without trusting the cloud provider.
This paper provides insights regarding the support of SGX inside Kubernetes,
an industry-standard container orchestrator. We present our contributions
across the whole stack supporting execution of SGX-enabled containers. We
provide details regarding the architecture of the scheduler and its monitoring
framework, the underlying operating system support and the required kernel
driver extensions. We evaluate our complete implementation on a private cluster
using the real-world Google Borg traces. Our experiments highlight the
performance trade-offs that will be encountered when deploying SGX-enabled
micro-services in the cloud.Comment: Presented in the 38th IEEE International Conference on Distributed
Computing Systems (ICDCS 2018
SecureStreams: A Reactive Middleware Framework for Secure Data Stream Processing
The growing adoption of distributed data processing frameworks in a wide
diversity of application domains challenges end-to-end integration of
properties like security, in particular when considering deployments in the
context of large-scale clusters or multi-tenant Cloud infrastructures. This
paper therefore introduces SecureStreams, a reactive middleware framework to
deploy and process secure streams at scale. Its design combines the high-level
reactive dataflow programming paradigm with Intel's low-level software guard
extensions (SGX) in order to guarantee privacy and integrity of the processed
data. The experimental results of SecureStreams are promising: while offering a
fluent scripting language based on Lua, our middleware delivers high processing
throughput, thus enabling developers to implement secure processing pipelines
in just few lines of code.Comment: Barcelona, Spain, June 19-23, 2017, 10 page
- …