Mitigating network side channel leakage for stream processing systems in trusted execution environments

Muhammad Bilal*, Hassan Alsibyani, Marco Canini

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

A crucial concern regarding cloud computing is the confidentiality of sensitive data being processed in the cloud. Trusted Execution Environments (TEEs), such as Intel Software Guard eXtensions (SGX), allow applications to run securely on an untrusted platform. However, using TEEs alone for stream processing is not enough to ensure privacy as network communication patterns may leak information about the data. This paper introduces two techniques - anycast and multicast - for mitigating leakage at inter-stage communications in streaming applications according to a user-selected mitigation level. These techniques aim to achieve network data obliviousness, i.e., communication patterns should not depend on the data. We implement these techniques in an SGX-based stream processing system. We evaluate the latency and throughput overheads, and the data obliviousness using three benchmark applications. The results show that anycast scales better with input load and mitigation level, and provides better data obliviousness than multicast.

Original languageEnglish (US)
Title of host publicationDEBS 2018 - Proceedings of the 12th ACM International Conference on Distributed and Event-Based Systems
PublisherAssociation for Computing Machinery (ACM)
Pages16-27
Number of pages12
ISBN (Electronic)9781450357821
DOIs
StatePublished - Jun 25 2018
Event12th ACM International Conference on Distributed and Event-Based Systems, DEBS 2018 - Hamilton, New Zealand
Duration: Jun 25 2018Jun 26 2018

Publication series

NameDEBS 2018 - Proceedings of the 12th ACM International Conference on Distributed and Event-Based Systems

Conference

Conference12th ACM International Conference on Distributed and Event-Based Systems, DEBS 2018
Country/TerritoryNew Zealand
CityHamilton
Period06/25/1806/26/18

Bibliographical note

Publisher Copyright:
© 2018 Copyright held by the owner/author(s).

Keywords

  • Intel SGX
  • Network data obliviousness
  • Stream processing

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Networks and Communications
  • Software
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Mitigating network side channel leakage for stream processing systems in trusted execution environments'. Together they form a unique fingerprint.

Cite this