Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Sharing without Showing: Secure Cloud Analytics with Trusted Execution Environments

Marcus Birgersson, Cyrille Artho, Musard Balliu

TL;DR

The paper tackles secure cloud analytics where data from multiple mutually distrusting users must be aggregated with permission, without online participation during computation. It leverages Trusted Execution Environments, specifically Intel SGX via Open Enclave, to perform confidential computations on decrypted data while keeping inputs encrypted at rest and ensuring result confidentiality through a hard-coded recipient key and remote attestation. The authors present a four-component architecture (Users, Middleware, TEE, Recipient) and a detailed execution protocol that enables dynamic user inclusion without re-encrypting prior data. Their prototype demonstrates several core analytics tasks (sum, histogram, SVM classification, and least-squares fit) with an average overhead of $1.62$ compared to plaintext, validating practicality for IoT-style workloads and a taxi-distribution use case. Overall, the work provides a comprehensive design, security analysis, and empirical evaluation showing TEEs as a viable framework for secure, scalable multi-user cloud analytics.

Abstract

Many applications benefit from computations over the data of multiple users while preserving confidentiality. We present a solution where multiple mutually distrusting users' data can be aggregated with an acceptable overhead, while allowing users to be added to the system at any time without re-encrypting data. Our solution to this problem is to use a Trusted Execution Environment (Intel SGX) for the computation, while the confidential data is encrypted with the data owner's key and can be stored anywhere, without trust in the service provider. We do not require the user to be online during the computation phase and do not require a trusted party to store data in plain text. Still, the computation can only be carried out if the data owner explicitly has given permission. Experiments using common functions such as the sum, least square fit, histogram, and SVM classification, exhibit an average overhead of $1.6 \times$. In addition to these performance experiments, we present a use case for computing the distributions of taxis in a city without revealing the position of any other taxi to the other parties.

Sharing without Showing: Secure Cloud Analytics with Trusted Execution Environments

TL;DR

The paper tackles secure cloud analytics where data from multiple mutually distrusting users must be aggregated with permission, without online participation during computation. It leverages Trusted Execution Environments, specifically Intel SGX via Open Enclave, to perform confidential computations on decrypted data while keeping inputs encrypted at rest and ensuring result confidentiality through a hard-coded recipient key and remote attestation. The authors present a four-component architecture (Users, Middleware, TEE, Recipient) and a detailed execution protocol that enables dynamic user inclusion without re-encrypting prior data. Their prototype demonstrates several core analytics tasks (sum, histogram, SVM classification, and least-squares fit) with an average overhead of compared to plaintext, validating practicality for IoT-style workloads and a taxi-distribution use case. Overall, the work provides a comprehensive design, security analysis, and empirical evaluation showing TEEs as a viable framework for secure, scalable multi-user cloud analytics.

Abstract

Many applications benefit from computations over the data of multiple users while preserving confidentiality. We present a solution where multiple mutually distrusting users' data can be aggregated with an acceptable overhead, while allowing users to be added to the system at any time without re-encrypting data. Our solution to this problem is to use a Trusted Execution Environment (Intel SGX) for the computation, while the confidential data is encrypted with the data owner's key and can be stored anywhere, without trust in the service provider. We do not require the user to be online during the computation phase and do not require a trusted party to store data in plain text. Still, the computation can only be carried out if the data owner explicitly has given permission. Experiments using common functions such as the sum, least square fit, histogram, and SVM classification, exhibit an average overhead of . In addition to these performance experiments, we present a use case for computing the distributions of taxis in a city without revealing the position of any other taxi to the other parties.

Paper Structure

This paper contains 50 sections, 3 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and Motivation
  3. IoT data privacy
  4. Trusted Execution Environments
  5. Architecture
  6. Overview
  7. Users
  8. Middleware
  9. Trusted execution environment
  10. Recipient
  11. Execution protocol
  12. Threat analysis
  13. Threat model
  14. Security properties
  15. Fulfillment of requirements
  16. ...and 35 more sections

Figures (3)

  • Figure 1: Overview of the attestation process. The recipient of the computation compiles and deploys the code on the TEE. The source code is also made available to the users. Each user can inspect and compile the code and by remote attestation verify that the compiled code running on the TEE matches the inspected source code.
  • Figure 2: Overview of the confidential computing architecture. The architecture shows the flow of how data moves between users and the middleware, between the middleware and the TEE, and finally to the recipient. Note that decryption keys provided by the users to the TEE are sent using a separate channel directly between the user and the TEE.
  • Figure 3: Sequence diagram showing the execution protocol.