Enhancing Network Data Obliviousness in Trusted Execution Environment-based Stream Processing Systems

Handle URI:
http://hdl.handle.net/10754/627880
Title:
Enhancing Network Data Obliviousness in Trusted Execution Environment-based Stream Processing Systems
Authors:
Alsibyani, Hassan M. ( 0000-0002-2717-6052 )
Abstract:
Cloud computing usage is increasing and a common concern is the privacy and security of the data and computation. Third party cloud environments are not considered fit for processing private information because the data will be revealed to the cloud provider. However, Trusted Execution Environments (TEEs), such as Intel SGX, provide a way for applications to run privately and securely on untrusted platforms. Nonetheless, using a TEE by itself for stream processing systems is not sufficient since network communication patterns may leak properties of the data under processing. This work addresses leaky topology structures and suggests mitigation techniques for each of these. We create specific metrics to evaluate leaks occurring from the network patterns; the metrics measure information leaked when the stream processing system is running. We consider routing techniques for inter-stage communication in a streaming application to mitigate this data leakage. We consider a dynamic policy to change the mitigation technique depending on how much information is currently leaking. Additionally, we consider techniques to hide irregularities resulting from a filtering stage in a topology. We also consider leakages resulting from applications containing cycles. For each of the techniques, we explore their effectiveness in terms of the advantage they provide in overcoming the network leakage. The techniques are tested partly using simulations and some were implemented in a prototype SGX-based stream processing system.
Advisors:
Canini, Marco ( 0000-0002-5051-4283 )
Committee Member:
Kalnis, Panos ( 0000-0002-5060-1360 ) ; Keyes, David Elliot ( 0000-0002-4052-7224 )
KAUST Department:
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
Program:
Computer Science
Issue Date:
15-May-2018
Type:
Thesis
Appears in Collections:
Theses

Full metadata record

DC FieldValue Language
dc.contributor.advisorCanini, Marcoen
dc.contributor.authorAlsibyani, Hassan M.en
dc.date.accessioned2018-05-16T05:23:27Z-
dc.date.available2018-05-16T05:23:27Z-
dc.date.issued2018-05-15-
dc.identifier.urihttp://hdl.handle.net/10754/627880-
dc.description.abstractCloud computing usage is increasing and a common concern is the privacy and security of the data and computation. Third party cloud environments are not considered fit for processing private information because the data will be revealed to the cloud provider. However, Trusted Execution Environments (TEEs), such as Intel SGX, provide a way for applications to run privately and securely on untrusted platforms. Nonetheless, using a TEE by itself for stream processing systems is not sufficient since network communication patterns may leak properties of the data under processing. This work addresses leaky topology structures and suggests mitigation techniques for each of these. We create specific metrics to evaluate leaks occurring from the network patterns; the metrics measure information leaked when the stream processing system is running. We consider routing techniques for inter-stage communication in a streaming application to mitigate this data leakage. We consider a dynamic policy to change the mitigation technique depending on how much information is currently leaking. Additionally, we consider techniques to hide irregularities resulting from a filtering stage in a topology. We also consider leakages resulting from applications containing cycles. For each of the techniques, we explore their effectiveness in terms of the advantage they provide in overcoming the network leakage. The techniques are tested partly using simulations and some were implemented in a prototype SGX-based stream processing system.en
dc.language.isoenen
dc.subjectsystemsen
dc.subjectsecurityen
dc.subjectside-channel attacksen
dc.titleEnhancing Network Data Obliviousness in Trusted Execution Environment-based Stream Processing Systemsen
dc.typeThesisen
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Divisionen
thesis.degree.grantorKing Abdullah University of Science and Technologyen
dc.contributor.committeememberKalnis, Panosen
dc.contributor.committeememberKeyes, David Ellioten
thesis.degree.disciplineComputer Scienceen
thesis.degree.nameMaster of Scienceen
dc.person.id133678en
All Items in KAUST are protected by copyright, with all rights reserved, unless otherwise indicated.