SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications

by   A K M Mubashwir Alam, et al.

Intel SGX has been a popular trusted execution environment (TEE) for protecting the integrity and confidentiality of applications running on untrusted platforms such as cloud. However, the access patterns of SGX-based programs can still be observed by adversaries, which may leak important information for successful attacks. Researchers have been experimenting with Oblivious RAM (ORAM) to address the privacy of access patterns. ORAM is a powerful low-level primitive that provides application-agnostic protection for any I/O operations, however, at a high cost. We find that some application-specific access patterns, such as sequential block I/O, do not provide additional information to adversaries. Others, such as sorting, can be replaced with specific oblivious algorithms that are more efficient than ORAM. The challenge is that developers may need to look into all the details of application-specific access patterns to design suitable solutions, which is time-consuming and error-prone. In this paper, we present the lightweight SGX based MapReduce (SGX-MR) approach that regulates the dataflow of data-intensive SGX applications for easier application-level access-pattern analysis and protection. It uses the MapReduce framework to cover a large class of data-intensive applications, and the entire framework can be implemented with a small memory footprint. With this framework, we have examined the stages of data processing, identified the access patterns that need protection, and designed corresponding efficient protection methods. Our experiments show that SGX-MR based applications are much more efficient than ORAM-based implementations.


page 1

page 11


SGX-MR-Prot: Efficient and Developer-Friendly Access-Pattern Protection in Trusted Execution Environments

Trusted Execution Environments, such as Intel SGX, use hardware supports...

MapVisual: A Visualization Tool for Memory Access Patterns

Memory bandwidth is strongly correlated to the complexity of the memory ...

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Data hosted in a cloud environment can be subject to attacks from a high...

Machine Learning-based Ransomware Detection Using Low-level Memory Access Patterns Obtained From Live-forensic Hypervisor

Since modern anti-virus software mainly depends on a signature-based sta...

Pyronia: Redesigning Least Privilege and Isolation for the Age of IoT

Third-party modules play a critical role in IoT applications, which gene...

AdaptMemBench: Application-Specific MemorySubsystem Benchmarking

Optimizing scientific applications to take full advan-tage of modern mem...

Hide and Seek (HaS): A Lightweight Framework for Prompt Privacy Protection

Numerous companies have started offering services based on large languag...

Please sign up or login with your details

Forgot password? Click here to reset