Prototyping SGX-MR: efficient access-pattern protection for SGX-based confidential data-intensive applications

From REU@MU
Jump to: navigation, search

Title: Prototyping SGX-MR: efficient access-pattern protection for SGX-based confidential data-intensive applications

Mentor: Dr. Keke Chen

Summary: Intel SGX has been a popular trusted execution environment for protecting the integrity and confidentiality of cloud or edge applications. However, the secured program has to interact with the encrypted data in the unprotected memory area in data-intensive applications – the access pattern may leak important information to adversaries. Researchers have been experimenting with Oblivious RAM (ORAM) to address the privacy of access patterns, which is a powerful but expensive low-level primitive that provides application-agnostic protection for any I/O operations. We find that some application-specific access patterns, such as sequential block I/O, do not provide additional information to adversaries. Others, such as sorting, can be replaced with specific oblivious versions that are more efficient than ORAM. The challenge is that developers may need to look into all the details of application-specific access patterns to design efficient solutions, which is inconvenient. We have proposed the lightweight SGX-MR approach to regulating the dataflow of data-intensive SGX applications using the MapReduce framework and simplifying application development. With this framework, we only need to examine the stages of data access, identify the access patterns that need protection, and design corresponding efficient protection methods.

This REU study aims to develop a prototype system for SGX-MR. Based on the prototype system, we will perform in-depth analysis and further improve access-pattern protection, performance, and functionality of SGX-MR. Students will gain privacy and security-focused research and development experience, including secure computation with trusted execution environment, cryptographic algorithms, side-channel attacks, data visualization, and design and implementation of the client-side user interface.

Student Research and Development Activities: The REU fellows will perform the following major tasks: • Survey state-of-the-art in access-pattern based side-channel attacks on SGX application • Develop and evaluate candidate solutions for the research problem. • Implement application modules using cryptographic algorithms • Implement client-side user interface to perform interactive analysis



Milestones and Goals

Week Description
Week 1: Orientation
  • Familiarize with Marquette, project and mentor
  • Set milestones and goals for the project duration
  • Attend Data Science bootcamp
  • Familiarize myself with related technologies
Week 2: Prepare development environment
  • Setup Linux test environment
  • Familiarize myself with code of SGX-MR
  • Begin investigating Message Queueing systems
Week 3: Implement logging
  • Implement logging capabilities server side
  • Begin work on message queueing and client side capabilities
Week 4: Continue development
  • Continue work on client side functionality
  • Begin GUI development for client side functionality
Week 5: Continue development
  • Continue work on messaging systems
  • Prepare and give presentation over work so far
Week 6: Continue development
  • Continue working towards an efficient client-server messaging system
Week 7: Finish preliminary development
  • Finish basic demo system
  • Prepare to improve on the basic system
Week 8: Explore improvements
  • Continue to improve demo system
  • Explore best ways to display the strengths of the SGX-MR system
Week 9: Begin wrap up
  • Start work to refine functionality instead of adding new functionality
  • Begin preparing end-of-summer presentations
Week 10: Presenting Research
  • Finish and present project