Open AccessMitigating Network Side Channel Leakage for Stream Processing Systems in Trusted Execution Environments
Author(s) -
Muhammad Bilal,
Hassan Alsibyani,
Marco Canini
Publication year - 2018
Publication title -
king abdullah university of science and technology repository (king abdullah university of science and technology)
Language(s) - English
Resource type - Conference proceedings
DOI - 10.1145/3210284.3210286
Subject(s) - computer science , guard (computer science) , cloud computing , confidentiality , side channel attack , computer security , trusted computing , information leakage , computer network , software , operating system , distributed computing , cryptography , programming language
A crucial concern regarding cloud computing is the confidentiality of sensitive data being processed in the cloud. Trusted Execution Environments (TEEs), such as Intel Software Guard extensions (SGX), allow applications to run securely on an untrusted platform. However, using TEEs alone for stream processing is not enough to ensure privacy as network communication patterns may leak information about the data. This paper introduces two techniques -- anycast and multicast --for mitigating leakage at inter-stage communications in streaming applications according to a user-selected mitigation level. These techniques aim to achieve network data obliviousness, i.e., communication patterns should not depend on the data. We implement these techniques in an SGX-based stream processing system. We evaluate the latency and throughput overheads, and the data obliviousness using three benchmark applications. The results show that anycast scales better with input load and mitigation level, and provides better data obliviousness than multicast.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom