HasTEE+ : Confidential Cloud Computing and Analytics with Haskell

TL;DR

The paper tackles the challenge of confidential cloud computing by addressing memory-safety risks and bespoke attestation in TEEs with HasTEE+, a Haskell-embedded DSL. HasTEE+ provides a tierless programming model, a general remote attestation architecture via a monitoring server, and dynamic information-flow control to prevent both explicit and implicit leaks. It demonstrates a confidential data-analytics pattern in a data-clean-room, using labeled data and privilege-based declassification to enable secure multi-party analytics. Performance evaluations show overheads mainly from remote attestation, with overall overheads deemed practical for security-critical applications and adaptable to multiple TEEs beyond SGX.

Abstract

Confidential computing is a security paradigm that enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs). By integrating TEEs with a Remote Attestation protocol, confidential computing allows a third party to establish the integrity of an \textit{enclave} hosted within an untrusted cloud. However, TEE solutions, such as Intel SGX and ARM TrustZone, offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. Moreover, the toolchains involve complex multi-project hierarchies and the deployment of hand-written attestation protocols for verifying \textit{enclave} integrity. We address the above with HasTEE+, a domain-specific language (DSL) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety. HasTEE+ assists in multi-tier cloud application development by (1) introducing a \textit{tierless} programming model for expressing distributed client-server interactions as a single program, (2) integrating a general remote-attestation architecture that removes the necessity to write application-specific cross-cutting attestation code, and (3) employing a dynamic information flow control mechanism to prevent explicit as well as implicit data leaks. We demonstrate the practicality of HasTEE+ through a case study on confidential data analytics, presenting a data-sharing pattern applicable to mutually distrustful participants and providing overall performance metrics.

Figures (7)

• Figure 1: HasTEE$^+$ APIs for loading data and computations on the TEE and invoking the TEE (parameterized types simplified and typeclass constraints omitted for brevity).
• Figure 2: HasTEE$^+$'s partitioning uses multiple compilations to create binaries that can dynamically dispatch the code for only one concerned monad based on a string identifier
• Figure 3: HasTEE$^+$'s remote attestation infrastructure abstracts over Intel's RA-TLS protocol and supports establishing the identity of the client and the server
• Figure 4: Core HasTEE$^+$ APIs for Information Flow Control
• Figure 5: A Data Clean Room (DCR) pattern with $m$ data providers ($P$) and $n$ analytics consumers ($C$). $P$ labels its data as $D_P$ and sends it to the DCR, which loads $C$'s public key $pubK_C$ as well as privilege$pr_P$ using a closure. The functions $enc$ and $dec$ handle encryption and decryption, and analytics refers to any general query.