ABSTRACT
Data Stream Processing Systems (DSPSs) execute long-running, continuous queries over transient streaming data, often making use of outsourced, third-party computational platforms. However, third-party outsourcing can lead to unwanted violations of data providers' access controls or privacy policies, as data potentially flows through untrusted infrastructure. To address these types of violations, data providers can elect to use stream processing techniques based upon computation-enabling encryption. Unfortunately, this class of solutions can leak information about underlying plaintext values, reduce the possible set of queries that can be executed, and come with detrimental performance overheads. To alleviate the concerns with cryptographically-enforced access controls in DSPSs, we have developed \system, a DSPS that makes use of Intel's Software Guard Extensions (SGX) to protect data being processed on untrusted infrastructure. We show that \system can execute arbitrary queries while leaking no more information than an idealized \baseline system. At the same time, an extensive evaluation shows that the overheads associated with stream processing in \system are comparable to its computation-enabling encryption counterparts for many queries.
- Daniel Abadi et al. 2003. Aurora: a new model and architecture for data stream management. VLDB 12, 2 (2003), 120--139. Google ScholarDigital Library
- D.J. Abadi et al. 2005. The design of the borealis stream processing engine. In CIDR.Google Scholar
- Dinh Tien Tuan Anh and Anwitaman Datta. 2014. Streamforce: outsourcing access control enforcement for stream data to the clouds. In ACM CODASPY. Google ScholarDigital Library
- Arvind Arasu et al. 2004. Stream: The stanford data stream management system. Book chapter (2004).Google Scholar
- Arvind Arasu et al. 2006. The CQL continuous query language: semantic foundations and query execution. The VLDB Journal 15, 2 (2006), 121--142. Google ScholarDigital Library
- Sergei Arnautov et al. 2016. SCONE: Secure linux containers with Intel SGX. In 12th USENIX OSDI. Google ScholarDigital Library
- Nathan Backman, Rodrigo Fonseca, and U?gur Çetintemel. 2012. Managing parallelism for stream processing in the cloud. In HOTCDP. ACM, 1--5. Google ScholarDigital Library
- Alexandra Boldyreva et al. 2009. Order-preserving symmetric encryption. In Eurocrypt. Springer, 224--241.Google Scholar
- Stefan Brenner et al. 2016. SecureKeeper: Confidential ZooKeeper using Intel SGX. In Middleware. Google ScholarDigital Library
- Paris Carbone et al. 2015. Apache flink: Stream and batch processing in a single engine. Data Engineering (2015), 28.Google Scholar
- Barbara Carminati et al. 2007. Enforcing access control over data streams. In ACM SACMAT. 21--30. Google ScholarDigital Library
- Barbara Carminati et al. 2007. Specifying access control policies on data streams. In DASFAA. Springer, 410--421. Google ScholarDigital Library
- Barbara Carminati et al. 2010. A framework to enforce access control over data streams. ACM TISSEC 13, 3 (2010), 28. Google ScholarDigital Library
- Debs Grand Challenge. 2014. DEBS Grand Challenge. http://dl.acm.org/citation. cfm?id=2772598. (2014).Google Scholar
- Andreas Chatzistergiou and StratisDViglas. 2014. Fast heuristics for near-optimal task allocation in data stream processing over clusters. In CIKM. ACM. Google ScholarDigital Library
- Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016 (2016), 86.Google Scholar
- Aurélien Havet et al. 2017. SecureStreams: A Reactive Middleware Framework for Secure Data Stream Processing. In DEBS. ACM, 124--133. Google ScholarDigital Library
- Matthew Hoekstra et al. 2013. Using innovative instructions to create trustworthy software solutions.. In HASP@ ISCA. 11. Google ScholarDigital Library
- Yuanqiang Huang et al. 2011. Operator placement with QoS constraints for distributed stream processing. In CNSM. IEEE, 1--7. Google ScholarDigital Library
- Paul Kocher, Daniel Genkin, et al. 2018. Spectre attacks: Exploiting speculative execution. arXiv preprint arXiv:1801.01203 (2018).Google Scholar
- Sanjeev Kulkarni et al. 2015. Twitter Heron: Stream Processing at Scale. In SIGMOD. ACM, 239--250. Google ScholarDigital Library
- Wolfgang Lindner and Jörg Meier. 2006. Securing the borealis data stream engine. In IEEE IDEAS. 137--147. Google ScholarDigital Library
- Rima Nehme et al. 2008. A security punctuation framework for enforcing access control on streaming data. In ICDE. 406--415. Google ScholarDigital Library
- Rimma V Nehme et al. 2013. FENCE: Continuous access control enforcement in dynamic data stream environments. In ACM CODASPY. 243--254. Google ScholarDigital Library
- Wee Siong Ng et al. 2012. Privacy preservation in streaming data collection. In ICPADS. 810--815. Google ScholarDigital Library
- Pascal Paillier. 1999. Public Key Cryptosystems Based on Composite Degree Residuosity Classes. Advances in Cryptography - EURPCRYPT'99 1562 (1999). Google ScholarDigital Library
- Peter Pietzuch et al. 2006. Network-aware operator placement for streamprocessing systems. In ICDE. IEEE, 49--49. Google ScholarDigital Library
- Raluca Popa et al. 2011. Cryptdb: protecting confidentiality with encrypted query processing. In ACM SOSP. 85--100. Google ScholarDigital Library
- Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. EnclaveDB: A Secure Database using SGX. In EnclaveDB: A Secure Database using SGX. IEEE, 0.Google Scholar
- Stamatia Rizou et al. 2010. Solving the multi-operator placement problem in large-scale operator networks. In ICCCN. IEEE, 1--6.Google Scholar
- Felix Schuster, Manuel Costa, et al. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In SP. IEEE, 38--54. Google ScholarDigital Library
- Fahad Shaon, Murat Kantarcioglu, et al. 2017. SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors. In SIGSAC. ACM, 1211--1228. Google ScholarDigital Library
- Utkarsh Srivastava, Kamesh Munagala, and Jennifer Widom. 2005. Operator placement for in-network stream query processing. In SIGMOD. ACM, 250--258. Google ScholarDigital Library
- StormProject. 2014. Storm: Distributed and Fault-Tolerant Realtime Computation. http://storm.incubator.apache.org/documentation/Home.html. (2014).Google Scholar
- Cory Thoma et al. 2016. PolyStream: Cryptographically Enforced Access Controls for Outsourced Data Stream Processing. In SACMAT, Vol. 21. 12. Google ScholarDigital Library
- Jo Van Bulck, Marina Minkin, et al. 2018. Foreshadow: Extracting the Keys to the Intel {SGX} Kingdom with Transient Out-of-Order Execution. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 991--1008. Google ScholarDigital Library
- Wenting Zheng, Ankur Dave, Jethro G Beekman, et al. 2017. Opaque: An Oblivious and Encrypted Distributed Analytics Platform.. In NSDI. 283--298. Google ScholarDigital Library
Index Terms
- Behind Enemy Lines: Exploring Trusted Data Stream Processing on Untrusted Systems
Recommendations
Efficient approximation and privacy preservation algorithms for real time online evolving data streams
AbstractBecause of the processing of continuous unstructured large streams of data, mining real-time streaming data is a more challenging research issue than mining static data. The privacy issue persists when sensitive data is included in streaming data. ...
SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity
As low-cost RFIDs become more and more popular, it is imperative to design ultra-lightweight RFID authentication protocols to resist all possible attacks and threats. However, all the previous ultra-lightweight authentication schemes are vulnerable to ...
An extensible test framework for the Microsoft StreamInsight query processor
DBTest '10: Proceedings of the Third International Workshop on Testing Database SystemsMicrosoft StreamInsight (StreamInsight, for brevity) is a platform for developing and deploying streaming applications. StreamInsight adopts a deterministic stream model that leverages a temporal algebra as the underlying basis for processing long-...
Comments