Prototyping SGX-MR: efficient access-pattern protection for SGX-based confidential data-intensive applications
Title: Prototyping SGX-MR: efficient access-pattern protection for SGX-based confidential data-intensive applications
Mentor: Dr. Keke Chen
Summary: Intel SGX has been a popular trusted execution environment for protecting the integrity and confidentiality of cloud or edge applications. However, the secured program has to interact with the encrypted data in the unprotected memory area in data-intensive applications – the access pattern may leak important information to adversaries. Researchers have been experimenting with Oblivious RAM (ORAM) to address the privacy of access patterns, which is a powerful but expensive low-level primitive that provides application-agnostic protection for any I/O operations. We find that some application-specific access patterns, such as sequential block I/O, do not provide additional information to adversaries. Others, such as sorting, can be replaced with specific oblivious versions that are more efficient than ORAM. The challenge is that developers may need to look into all the details of application-specific access patterns to design efficient solutions, which is inconvenient. We have proposed the lightweight SGX-MR approach to regulating the dataflow of data-intensive SGX applications using the MapReduce framework and simplifying application development. With this framework, we only need to examine the stages of data access, identify the access patterns that need protection, and design corresponding efficient protection methods.
This REU study aims to develop a prototype system for SGX-MR. Based on the prototype system, we will perform in-depth analysis and further improve access-pattern protection, performance, and functionality of SGX-MR. Students will gain privacy and security-focused research and development experience, including secure computation with trusted execution environment, cryptographic algorithms, side-channel attacks, data visualization, and design and implementation of the client-side user interface.
Student Research and Development Activities: The REU fellows will perform the following major tasks: • Survey state-of-the-art in access-pattern based side-channel attacks on SGX application • Develop and evaluate candidate solutions for the research problem. • Implement application modules using cryptographic algorithms • Implement client-side user interface to perform interactive analysis