Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data

@inproceedings{Hunt2016RyoanAD,
  title={Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data},
  author={Tyler Hunt and Zhiting Zhu and Yuanzhong Xu and Simon Peter and Emmett Witchel},
  booktitle={OSDI},
  year={2016}
}
Users of modern data-processing services such as tax preparation or genomic screening are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret data while it is processed by services that the data owner does not trust. Accomplishing this goal in a distributed setting is difficult, because the user has no control over the service providers or the computational platform. Confining code to prevent it from leaking secrets is notoriously difficult, but Ryoan… 
ObliDB: Oblivious Query Processing for Secure Databases
TLDR
ObliDB is introduced, an oblivious database engine design that is the first system to provide obliviousness for general database read workloads over multiple access methods and supports a broad range of queries, including aggregation, joins, insertions, deletions and point queries.
A Tale of Two Trees: One Writes, and Other Reads
TLDR
T3 is presented, a trusted hardware-secured Bitcoin full client that supports efficient oblivious search/update for Bitcoin SPV clients without sacrificing the privacy of the clients, and proposes a two-tree ORAM construction that overcomes the concurrency limitation associated with traditional ORAMs.
Secure Tera-scale Data Crunching with a Small TCB
TLDR
LAST-GT is general and applicable to many scenarios such as computational genomics and databases, as it is shown in the experimental evaluation based on an implementation of LAST-GT on a secure hypervisor.
Sharing without Showing: Building Secure Collaborative Systems
TLDR
This dissertation presents four systems that utilize hardware enclaves as well as advanced cryptographic techniques for secure computation on workloads that range from SQL analytics to machine learning that are orders of magnitude faster compared to prior work or the more straightforward ways of integrating cryptography into systems.
Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves
TLDR
This paper explores the components of the Trusted Computing Base in hardware-supported enclaves, provides a taxonomy and gives an extensive understanding of trade-offs during secure enclave development, and proposes an alternative approach for remote secret-code execution of private algorithms.
PrivacyScope: Automatic Analysis of Private Data Leakage in TEE-Protected Applications
TLDR
PrivacyScope, a static code analyzer designed to detect leakage of private data by an application code running in a TEE, is presented and the nonreversibility property is formally defined based on the noninterference property.
Stockade: Hardware Hardening for Distributed Trusted Sandboxes
TLDR
This paper proposes an extended TEE model called STOCKADE, which supports distributed sandboxes hardened by hardware and proposes new three key techniques that allows hardware-protected memory sharing between a pair of enclaves for efficient protected communication without software-based encryption.
NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-Side SGX
TLDR
NEXUS is a stackable filesystem that leverages trusted hardware to provide confidentiality and integrity for user files stored on untrusted platforms and avoids the key revocation and file re-encryption overheads associated with other cryptographic approaches to access control.
Mitigating Leakage from Data Dependent Communications in Decentralized Computing using Differential Privacy
TLDR
A general execution model to control the data-dependence of communications in user-side decentralized computations is defined, in which differential privacy guarantees for communication patterns in global execution plans can be analyzed by combining guarantees obtained on local clusters of nodes.
DOVE: A Data-Oblivious Virtual Environment
TLDR
This paper argues that it is possible to address the problem of side-channel vulnerabilities in the R language by instrumenting a complex programming environment to produce a Data-Oblivious Transcript (DOT) that is explicitly designed to support computation that excludes side channels, and provides an illustrative design and implementation of DOVE.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 128 REFERENCES
VC3: Trustworthy Data Analytics in the Cloud Using SGX
We present VC3, the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of
ROTE: Rollback Protection for Trusted Execution
TLDR
A model that captures adversarial ability to schedule enclave execution is constructed and it is shown that the solution achieves a strong security property: the only way to violate integrity is to reset all participating platforms to their initial state.
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs
TLDR
T-SGX is implemented as a compiler-level scheme to automatically transform a normal enclave program into a secured enclave program without requiring manual source code modification or annotation, and is an order of magnitude faster than the state-of-the-art mitigation schemes.
CryptDB: protecting confidentiality with encrypted query processing
TLDR
The evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL.
GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation
TLDR
This paper presents a new, co-designed compiler and architecture called GhostRider for supporting privacy preserving computation in the cloud, and formalized the approach and proved it enjoys MTO.
Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud
TLDR
This paper presents a novel covert channel attack that is capable of high-bandwidth and reliable data transmission in the cloud and designs and implements a robust communication protocol and demonstrates realistic covert channel attacks on various virtualized x86 systems.
Komodo: Using verification to disentangle secure-enclave hardware from software
TLDR
Komodo illustrates an alternative approach to attested, on-demand, user-mode, concurrent isolated execution and aims to achieve security equivalent to or better than SGX while enabling deployment of new enclave features independently of CPU upgrades.
Shielding Applications from an Untrusted Cloud with Haven
TLDR
The notion of shielded execution is introduced, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator’s OS, VM, and firmware).
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems
TLDR
A virtual-machine-based system called Overshadow is introduced that protects the privacy and integrity of application data, even in the event of a total OS compromise, and is used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system.
Information flow control for standard OS abstractions
TLDR
Flume is presented, a new DIFC model that applies at the granularity of operating system processes and standard OS abstractions (e.g., pipes and file descriptors), designed for simplicity of mechanism, to ease DIFC's use in existing applications, and to allow safe interaction between conventional and DIFC-aware processes.
...
1
2
3
4
5
...