141 research outputs found
Strongly Secure and Efficient Data Shuffle On Hardware Enclaves
Mitigating memory-access attacks on the Intel SGX architecture is an
important and open research problem. A natural notion of the mitigation is
cache-miss obliviousness which requires the cache-misses emitted during an
enclave execution are oblivious to sensitive data. This work realizes the
cache-miss obliviousness for the computation of data shuffling. The proposed
approach is to software-engineer the oblivious algorithm of Melbourne shuffle
on the Intel SGX/TSX architecture, where the Transaction Synchronization
eXtension (TSX) is (ab)used to detect the occurrence of cache misses. In the
system building, we propose software techniques to prefetch memory data prior
to the TSX transaction to defend the physical bus-tapping attacks. Our
evaluation based on real implementation shows that our system achieves superior
performance and lower transaction abort rate than the related work in the
existing literature.Comment: Systex'1
Protecting Global Properties of Datasets with Distribution Privacy Mechanisms
We consider the problem of ensuring confidentiality of dataset properties
aggregated over many records of a dataset. Such properties can encode sensitive
information, such as trade secrets or demographic data, while involving a
notion of data protection different to the privacy of individual records
typically discussed in the literature. In this work, we demonstrate how a
distribution privacy framework can be applied to formalize such data
confidentiality. We extend the Wasserstein Mechanism from Pufferfish privacy
and the Gaussian Mechanism from attribute privacy to this framework, then
analyze their underlying data assumptions and how they can be relaxed. We then
empirically evaluate the privacy-utility tradeoffs of these mechanisms and
apply them against a practical property inference attack which targets global
properties of datasets. The results show that our mechanisms can indeed reduce
the effectiveness of the attack while providing utility substantially greater
than a crude group differential privacy baseline. Our work thus provides
groundwork for theoretical mechanisms for protecting global properties of
datasets along with their evaluation in practice
- …