research-article

Public Access

SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors

Authors:

Murat Kantarcioglu,

Latifur KhanAuthors Info & Claims

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Pages 1211 - 1228

https://doi.org/10.1145/3133956.3134095

Published: 30 October 2017 Publication History

Abstract

Recently, using secure processors for trusted computing in cloud has attracted a lot of attention. Over the past few years, efficient and secure data analytic tools (e.g., map-reduce framework, machine learning models, and SQL querying) that can be executed over encrypted data using the trusted hardware have been developed. However, these prior efforts do not provide a simple, secure and high level language based framework that is suitable for enabling generic data analytics for non-security experts who do not have concepts such as "oblivious execution". In this paper, we thus provide such a framework that allows data scientists to perform the data analytic tasks with secure processors using a Python/Matlab-like high level language. Our framework automatically compiles programs written in our language to optimal execution code by managing issues such as optimal data block sizes for I/O, vectorized computations to simplify much of the data processing, and optimal ordering of operations for certain tasks. Furthermore, many language constructs such as if-statements are removed so that a non-expert user is less likely to create a piece of code that may reveal sensitive information while allowing oblivious data processing (i.e., hiding access patterns). Using these design choices, we provide guarantees for efficient and secure data analytics. We show that our framework can be used to run the existing big data benchmark queries over encrypted data using the Intel SGX efficiently. Our empirical results indicate that our proposed framework is orders of magnitude faster than the general oblivious execution alternatives.

Supplemental Material

MP4 File

Download
2902.25 MB

References

[1]

Rakesh Agrawal, Dmitri Asonov, Murat Kantarcioglu, and Yaping Li 2006. Sovereign joins 22nd International Conference on Data Engineering (ICDE'06). IEEE, 26--26.

[2]

Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, Vol. Vol. 13.

[3]

Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, and Ramarathnam Venkatesan. 2013. Orthogonal Security with Cipherbase. In CIDR. Citeseer.

[4]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, et almbox. 2016. SCONE: Secure linux containers with Intel SGX. In 12th USENIX Symp. Operating Systems Design and Implementation.

[5]

Sumit Bajaj and Radu Sion 2014. TrustedDB: A trusted hardware-based database with privacy and data confidentiality. Knowledge and Data Engineering, IEEE Transactions on, Vol. 26, 3 (2014), 752--765.

Digital Library

[6]

Manuel Barbosa, Bernardo Portela, Guillaume Scerri, and Bogdan Warinschi 2016. Foundations of hardware-based attested computation and application to SGX Security and Privacy (EuroS&P), 2016 IEEE European Symposium on. IEEE, 245--260.

[7]

Kenneth E Batcher. 1968. Sorting networks and their applications. In Proceedings of the April 30--May 2, 1968, spring joint computer conference. ACM, 307--314.

Digital Library

[8]

Erick Bauman and Zhiqiang Lin 2016. A Case for Protecting Computer Games With SGX. In Proceedings of the 1st Workshop on System Software for Trusted Execution (SysTEX'16). Trento, Italy.

Digital Library

[9]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS), Vol. 33, 3 (2015), 8.

Digital Library

[10]

Laszlo A. Belady. 1966. A study of replacement algorithms for a virtual-storage computer. IBM Systems journal, Vol. 5, 2 (1966), 78--101.

Digital Library

[11]

Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza 2016. SecureKeeper: Confidential ZooKeeper using Intel SGX Proceedings of the 16th Annual Middleware Conference (Middleware).

[12]

Ernie Brickell and Jiangtao Li 2011. Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. International Journal of Information Privacy, Security and Integrity 2, Vol. 1, 1 (2011), 3--33.

[13]

Swarup Chandra, Vishal Karande, Zhiqiang Lin, Latifur Khan, Murat Kantarcioglu, and Bhavani Thuraisingham 2017. Securing Data Analytics on SGX With Randomization. Proceedings of the 22nd European Symposium on Research in Computer Security. Oslo, Norway.

[14]

Victor Costan and Srinivas Devadas. Intel sgx explained. bibinfotypeTechnical Report. bibinfoinstitutionCryptology ePrint Archive, Report 2016/086, 20 16. http://eprint. iacr. org.

[15]

Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang. 2015. M2r: Enabling stronger privacy in mapreduce computation 24th USENIX Security Symposium (USENIX Security 15). 447--462.

[16]

Morris Dworkin. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800--38d.pdf. shownoteAccessed 5/16/2017.

[17]

Ramez Elmasri. 2008. Fundamentals of database systems. Pearson Education India.

[18]

Kelwin Fernandes, Pedro Vinagre, and Paulo Cortez. 2015. A Proactive Intelligent Decision Support System for Predicting the Popularity of Online News. Progress in Artificial Intelligence. Springer, 535--546.

[19]

Yangchun Fu, Erick Bauman, Raul Quinonez, and Zhiqiang Lin 2017. SGX-LAPD: Thwarting Controlled Side Channel Attacks via Enclave Verifiable Page Faults Proceedings of the 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'17). Atlanta, Georgia. USA.

[20]

Debayan Gupta, Benjamin Mood, Joan Feigenbaum, Kevin Butler, and Patrick Traynor. Using Intel Software Guard Extensions for Efficient Two-Party Secure Function Evaluation Proceedings of the 2016 FC Workshop on Encrypted Computing and Applied Homomorphic Cryptography.

[21]

Charles L Hamblin. 1962. Translation to and from Polish Notation. Comput. J. Vol. 5, 3 (1962), 210--213.

[22]

Franz E Hohn. 2013. Elementary matrix algebra. Courier Corporation.

[23]

Intel. Product Change Notification - 114074 - 00. https://qdms.intel.com/dm/i.aspx/5A160770-FC47--47A0-BF8A-062540456F0A/PCN114074-00.pdf. shownoteAccessed 5/16/2017.

[24]

Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation. NDSS, Vol. Vol. 20. 12.

[25]

John King and Roger Magoulas 2016. 2016 Data Science Salary Survey. http://www.oreilly.com/data/free/2016-data-science-salary-survey.csp. (September 2016).

[26]

Vishal Krandle, Erick Bauman, Zhiqiang Lin, and Latifur Khan 2017. Securing System Logs with SGX. In Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security. Abu Dhabi, UAE.

[27]

Tze Leung Lai, Herbert Robbins, and Ching Zong Wei. 1978. Strong consistency of least squares estimates in multiple regression. Proceedings of the National Academy of Sciences of the United States of America, Vol. 75, 7 (1978), 3034.

[28]

Jure Leskovec, Daniel Huttenlocher, and Jon Kleinberg. 2010. Signed networks in social media. In Proceedings of the SIGCHI conference on human factors in computing systems. ACM, 1361--1370.

Digital Library

[29]

Jure Leskovec, Jon Kleinberg, and Christos Faloutsos. 2007. Graph evolution: Densification and shrinking diameters. ACM Transactions on Knowledge Discovery from Data (TKDD), Vol. 1, 1 (2007), 2.

Digital Library

[30]

Jure Leskovec, Kevin J Lang, Anirban Dasgupta, and Michael W Mahoney 2009. Community structure in large networks: Natural cluster sizes and the absence of large well-defined clusters. Internet Mathematics, Vol. 6, 1 (2009), 29--123.

[31]

Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, and Elaine Shi 2015. Oblivm: A programming framework for secure computation Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 359--376.

[32]

Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, and Carlos Rozas 2016. Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave Proceedings of the Hardware and Architectural Support for Security and Privacy 2016. ACM, 10.

[33]

Christopher Meek, Bo Thiesson, and David Heckerman. 2002. The Learning-Curve Sampling Method Applied to Model-Based Clustering. Journal of Machine Learning Research Vol. 2 (2002), 397.

Digital Library

[34]

Muhammad Naveed, Seny Kamara, and Charles V Wright. 2015. Inference attacks on property-preserving encrypted databases Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 644--655.

[35]

John Neter, Michael H Kutner, Christopher J Nachtsheim, and William Wasserman 1996. Applied linear statistical models. Vol. Vol. 4. Irwin Chicago.

[36]

Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa 2016. Oblivious Multi-Party Machine Learning on Trusted Processors 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 619--636. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/ohrimenko

[37]

Lawrence Page, Sergey Brin, Rajeev Motwani, and Terry Winograd 1999. The PageRank citation ranking: Bringing order to the web. bibinfotypeTechnical Report. bibinfoinstitutionStanford InfoLab.

[38]

Rafael Pass, Elaine Shi, and Florian Tramer 2016. Formal Abstractions for Attested Execution Secure Processors. Cryptology ePrint Archive, Report 2016/1027. (2016). shownotehttp://eprint.iacr.org/2016/1027.

[39]

Ashay Rane, Calvin Lin, and Mohit Tiwari 2015. Raccoon: closing digital side-channels through obfuscated execution 24th USENIX Security Symposium (USENIX Security 15). 431--446.

[40]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 38--54.

[41]

George AF Seber and Alan J Lee 2012. Linear regression analysis. Vol. Vol. 936. John Wiley & Sons.

[42]

Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA.

[43]

Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas 2013. Path ORAM: An Extremely Simple Oblivious RAM Protocol CCS. 299--310. https://doi.org/10.1145/2508859.2516660

Digital Library

[44]

Stephen Tu, M Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich 2013. Processing analytical queries over encrypted data. Proceedings of the VLDB Endowment, Vol. Vol. 6. VLDB Endowment, 289--300.

Digital Library

[45]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP '15). IEEE Computer Society, Washington, DC, USA, 640--656. https://doi.org/10.1109/SP.2015.45

Digital Library

[46]

Wenting Zheng, Ankur Dave, Jethro Beekman, Raluca Ada Popa, Joseph Gonzalez, and Ion Stoica. 2017. Opaque: A Data Analytics Platform with Strong Security 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17). USENIX Association, Boston, MA. https://www.usenix.org/conference/nsdi17/technical-sessions/presentation/zheng

[47]

Rakesh Agrawal, Dmitri Asonov, Murat Kantarcioglu, and Yaping Li 2006. Sovereign joins 22nd International Conference on Data Engineering (ICDE'06). IEEE, 26--26.

[48]

Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, Vol. Vol. 13.

[49]

Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravishankar Ramamurthy, and Ramarathnam Venkatesan. 2013. Orthogonal Security with Cipherbase. In CIDR. Citeseer.

[50]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, et almbox. 2016. SCONE: Secure linux containers with Intel SGX. In 12th USENIX Symp. Operating Systems Design and Implementation.

[51]

Sumit Bajaj and Radu Sion 2014. TrustedDB: A trusted hardware-based database with privacy and data confidentiality. Knowledge and Data Engineering, IEEE Transactions on, Vol. 26, 3 (2014), 752--765.

Digital Library

[52]

Manuel Barbosa, Bernardo Portela, Guillaume Scerri, and Bogdan Warinschi 2016. Foundations of hardware-based attested computation and application to SGX Security and Privacy (EuroS&P), 2016 IEEE European Symposium on. IEEE, 245--260.

[53]

Kenneth E Batcher. 1968. Sorting networks and their applications. In Proceedings of the April 30--May 2, 1968, spring joint computer conference. ACM, 307--314.

Digital Library

[54]

Erick Bauman and Zhiqiang Lin 2016. A Case for Protecting Computer Games With SGX. In Proceedings of the 1st Workshop on System Software for Trusted Execution (SysTEX'16). Trento, Italy.

Digital Library

[55]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS), Vol. 33, 3 (2015), 8.

Digital Library

[56]

Laszlo A. Belady. 1966. A study of replacement algorithms for a virtual-storage computer. IBM Systems journal, Vol. 5, 2 (1966), 78--101.

Digital Library

[57]

Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza 2016. SecureKeeper: Confidential ZooKeeper using Intel SGX Proceedings of the 16th Annual Middleware Conference (Middleware).

[58]

Ernie Brickell and Jiangtao Li 2011. Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. International Journal of Information Privacy, Security and Integrity 2, Vol. 1, 1 (2011), 3--33.

[59]

Swarup Chandra, Vishal Karande, Zhiqiang Lin, Latifur Khan, Murat Kantarcioglu, and Bhavani Thuraisingham 2017. Securing Data Analytics on SGX With Randomization. Proceedings of the 22nd European Symposium on Research in Computer Security. Oslo, Norway.

[60]

Victor Costan and Srinivas Devadas. Intel sgx explained. bibinfotypeTechnical Report. bibinfoinstitutionCryptology ePrint Archive, Report 2016/086, 20 16. http://eprint. iacr. org.

[61]

Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang. 2015. M2r: Enabling stronger privacy in mapreduce computation 24th USENIX Security Symposium (USENIX Security 15). 447--462.

[62]

Morris Dworkin. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800--38d.pdf. shownoteAccessed 5/16/2017.

[63]

Ramez Elmasri. 2008. Fundamentals of database systems. Pearson Education India.

[64]

Kelwin Fernandes, Pedro Vinagre, and Paulo Cortez. 2015. A Proactive Intelligent Decision Support System for Predicting the Popularity of Online News. Progress in Artificial Intelligence. Springer, 535--546.

[65]

Yangchun Fu, Erick Bauman, Raul Quinonez, and Zhiqiang Lin 2017. SGX-LAPD: Thwarting Controlled Side Channel Attacks via Enclave Verifiable Page Faults Proceedings of the 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'17). Atlanta, Georgia. USA.

[66]

Debayan Gupta, Benjamin Mood, Joan Feigenbaum, Kevin Butler, and Patrick Traynor. Using Intel Software Guard Extensions for Efficient Two-Party Secure Function Evaluation Proceedings of the 2016 FC Workshop on Encrypted Computing and Applied Homomorphic Cryptography.

[67]

Charles L Hamblin. 1962. Translation to and from Polish Notation. Comput. J. Vol. 5, 3 (1962), 210--213.

[68]

Franz E Hohn. 2013. Elementary matrix algebra. Courier Corporation.

[69]

Intel. Product Change Notification - 114074 - 00. https://qdms.intel.com/dm/i.aspx/5A160770-FC47--47A0-BF8A-062540456F0A/PCN114074-00.pdf. shownoteAccessed 5/16/2017.

[70]

Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation. NDSS, Vol. Vol. 20. 12.

[71]

John King and Roger Magoulas 2016. 2016 Data Science Salary Survey. http://www.oreilly.com/data/free/2016-data-science-salary-survey.csp. (September 2016).

[72]

Vishal Krandle, Erick Bauman, Zhiqiang Lin, and Latifur Khan 2017. Securing System Logs with SGX. In Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security. Abu Dhabi, UAE.

[73]

Tze Leung Lai, Herbert Robbins, and Ching Zong Wei. 1978. Strong consistency of least squares estimates in multiple regression. Proceedings of the National Academy of Sciences of the United States of America, Vol. 75, 7 (1978), 3034.

[74]

Jure Leskovec, Daniel Huttenlocher, and Jon Kleinberg. 2010. Signed networks in social media. In Proceedings of the SIGCHI conference on human factors in computing systems. ACM, 1361--1370.

Digital Library

[75]

Jure Leskovec, Jon Kleinberg, and Christos Faloutsos. 2007. Graph evolution: Densification and shrinking diameters. ACM Transactions on Knowledge Discovery from Data (TKDD), Vol. 1, 1 (2007), 2.

Digital Library

[76]

Jure Leskovec, Kevin J Lang, Anirban Dasgupta, and Michael W Mahoney 2009. Community structure in large networks: Natural cluster sizes and the absence of large well-defined clusters. Internet Mathematics, Vol. 6, 1 (2009), 29--123.

[77]

Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, and Elaine Shi 2015. Oblivm: A programming framework for secure computation Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 359--376.

[78]

Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, and Carlos Rozas 2016. Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave Proceedings of the Hardware and Architectural Support for Security and Privacy 2016. ACM, 10.

[79]

Christopher Meek, Bo Thiesson, and David Heckerman. 2002. The Learning-Curve Sampling Method Applied to Model-Based Clustering. Journal of Machine Learning Research Vol. 2 (2002), 397.

Digital Library

[80]

Muhammad Naveed, Seny Kamara, and Charles V Wright. 2015. Inference attacks on property-preserving encrypted databases Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 644--655.

[81]

John Neter, Michael H Kutner, Christopher J Nachtsheim, and William Wasserman 1996. Applied linear statistical models. Vol. Vol. 4. Irwin Chicago.

[82]

Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa 2016. Oblivious Multi-Party Machine Learning on Trusted Processors 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 619--636. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/ohrimenko

[83]

Lawrence Page, Sergey Brin, Rajeev Motwani, and Terry Winograd 1999. The PageRank citation ranking: Bringing order to the web. bibinfotypeTechnical Report. bibinfoinstitutionStanford InfoLab.

[84]

Rafael Pass, Elaine Shi, and Florian Tramer 2016. Formal Abstractions for Attested Execution Secure Processors. Cryptology ePrint Archive, Report 2016/1027. (2016). shownotehttp://eprint.iacr.org/2016/1027.

[85]

Ashay Rane, Calvin Lin, and Mohit Tiwari 2015. Raccoon: closing digital side-channels through obfuscated execution 24th USENIX Security Symposium (USENIX Security 15). 431--446.

[86]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 38--54.

[87]

George AF Seber and Alan J Lee 2012. Linear regression analysis. Vol. Vol. 936. John Wiley & Sons.

[88]

Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA.

[89]

Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas 2013. Path ORAM: An Extremely Simple Oblivious RAM Protocol CCS. 299--310. https://doi.org/10.1145/2508859.2516660

Digital Library

[90]

Stephen Tu, M Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich 2013. Processing analytical queries over encrypted data. Proceedings of the VLDB Endowment, Vol. Vol. 6. VLDB Endowment, 289--300.

Digital Library

[91]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP '15). IEEE Computer Society, Washington, DC, USA, 640--656. https://doi.org/10.1109/SP.2015.45

Digital Library

[92]

Wenting Zheng, Ankur Dave, Jethro Beekman, Raluca Ada Popa, Joseph Gonzalez, and Ion Stoica. 2017. Opaque: A Data Analytics Platform with Strong Security 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17). USENIX Association, Boston, MA. https://www.usenix.org/conference/nsdi17/technical-sessions/presentation/zhengendthebibliography

Cited By

Mosier NNemati HMitchell JTrippel C(2024)Serberus: Protecting Cryptographic Code from Spectres at Compile-Time2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00048(4200-4219)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00048
Islam MZamani MHamlen KKhan LKantarcioglu M(2024)Ensuring End-to-End IoT Data Security and Privacy Through Cloud-Enhanced Confidential ComputingData and Applications Security and Privacy XXXVIII10.1007/978-3-031-65172-4_5(71-91)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-65172-4_5
Chen SLin ZZhang YCalandrino JTroncoso C(2023)Controlled data races in enclavesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620465(4069-4086)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620465
Show More Cited By

Index Terms

SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors
1. Security and privacy
  1. Database and storage security
    1. Management and querying of encrypted data

Recommendations

Practical hybrid confidentiality-based analytics framework with Intel SGX
Abstract
Massive cloud infrastructure capabilities, including efficient, scalable, and elastic computing resources, have led to a widespread adoption of Internet of Things (IoT) cloud-enabled services. This involves giving complete control to ...
Highlights
- The paper proposes a hybrid confidentiality-based analytic framework in the cloud.
Vizard: A Metadata-hiding Data Analytic System with End-to-End Policy Controls
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Owner-centric control is a widely adopted method for easing owners' concerns over data abuses and motivating them to share their data out to gain collective knowledge. However, while many control enforcement techniques have been proposed, privacy ...
Secure and Private Function Evaluation with Intel SGX
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

Secure function evaluation (SFE) allows two parties to jointly evaluate a publicly known function without revealing their respective inputs. SFE can be realized via well-known cryptographic protocols, such as Yao's garbled circuits (GC) and the protocol ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

October 2017

2682 pages

ISBN:9781450349468

DOI:10.1145/3133956

General Chair:
Bhavani Thuraisingham
The University of Texas at Dallas, USA
,
Program Chairs:
David Evans
University of Virginia
,
Tal Malkin
Columbia University
,
Dongyan Xu
Purdue University

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

October 30 - November 3, 2017

Texas, Dallas, USA

Acceptance Rates

CCS '17 Paper Acceptance Rate 151 of 836 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

46
Total Citations
View Citations
1,099
Total Downloads

Downloads (Last 12 months)147
Downloads (Last 6 weeks)18

Reflects downloads up to 30 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mosier NNemati HMitchell JTrippel C(2024)Serberus: Protecting Cryptographic Code from Spectres at Compile-Time2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00048(4200-4219)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00048
Islam MZamani MHamlen KKhan LKantarcioglu M(2024)Ensuring End-to-End IoT Data Security and Privacy Through Cloud-Enhanced Confidential ComputingData and Applications Security and Privacy XXXVIII10.1007/978-3-031-65172-4_5(71-91)Online publication date: 13-Jul-2024
https://doi.org/10.1007/978-3-031-65172-4_5
Chen SLin ZZhang YCalandrino JTroncoso C(2023)Controlled data races in enclavesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620465(4069-4086)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620465
Alam AChen K(2023)TEE-Graph: efficient privacy and ownership protection for cloud-based graph spectral analysisFrontiers in Big Data10.3389/fdata.2023.12964696Online publication date: 30-Nov-2023
https://doi.org/10.3389/fdata.2023.1296469
Li XSun NLuo YGao M(2023)SODA: A Set of Fast Oblivious Algorithms in Distributed Secure Data AnalyticsProceedings of the VLDB Endowment10.14778/3587136.358714216:7(1671-1684)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.14778/3587136.3587142
Li XLi FGao M(2023)Flare: A Fast, Secure, and Memory-Efficient Distributed Analytics FrameworkProceedings of the VLDB Endowment10.14778/3583140.358315816:6(1439-1452)Online publication date: 1-Feb-2023
https://dl.acm.org/doi/10.14778/3583140.3583158
Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Wang YZhang ZHe NZhong ZGuo SBao QLi DGuo YChen XMeng WJensen CCremers CKirda E(2023)SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic ExecutionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623213(2710-2724)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623213
Brito CFerreira PPortela BOliveira RPaulo JHong JLanperne MPark JCerny TShahriar H(2023)SOTERIA: Preserving Privacy in Distributed Machine LearningProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3578591(135-142)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1145/3555776.3578591
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents