Mitigating Network Side Channel Leakage for Stream Processing Systems in Trusted Execution Environments

Type
Conference Paper

Authors
Bilal, Muhammad
Alsibyani, Hassan
Canini, Marco

KAUST Department
Computer Science Program
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division

Online Publication Date
2018-06-20

Print Publication Date
2018

Date
2018-06-20

Abstract
A crucial concern regarding cloud computing is the confidentiality of sensitive data being processed in the cloud. Trusted Execution Environments (TEEs), such as Intel Software Guard extensions (SGX), allow applications to run securely on an untrusted platform. However, using TEEs alone for stream processing is not enough to ensure privacy as network communication patterns may leak information about the data.

This paper introduces two techniques -- anycast and multicast --for mitigating leakage at inter-stage communications in streaming applications according to a user-selected mitigation level. These techniques aim to achieve network data obliviousness, i.e., communication patterns should not depend on the data. We implement these techniques in an SGX-based stream processing system. We evaluate the latency and throughput overheads, and the data obliviousness using three benchmark applications. The results show that anycast scales better with input load and mitigation level, and provides better data obliviousness than multicast.

Citation
Bilal M, Alsibyani H, Canini M (2018) Mitigating Network Side Channel Leakage for Stream Processing Systems in Trusted Execution Environments. Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems - DEBS ’18. Available: http://dx.doi.org/10.1145/3210284.3210286.

Acknowledgements
We thank the anonymous reviewers for their useful feedback. We would like to thank Taesoo Kim for helpful comments and discussions. Muhammad Bilal was supported by a fellowship from the Erasmus Mundus Joint Doctorate in Distributed Computing (EMJD-DC) program funded by the European Commission (EACEA) (FPA 2012-0030).

Publisher
Association for Computing Machinery (ACM)

Journal
Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems - DEBS '18

DOI
10.1145/3210284.3210286

Additional Links
https://dl.acm.org/citation.cfm?doid=3210284.3210286

Permanent link to this record

Version History

Now showing 1 - 1 of 1
VersionDateSummary
1*
2018-09-03 13:22:29
* Selected version