TEE-MR: Developer-friendly data oblivious programming for trusted execution environments

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-09-19 DOI:10.1016/j.cose.2024.104119

A.K.M. Mubashwir Alam , Keke Chen

{"title":"TEE-MR: Developer-friendly data oblivious programming for trusted execution environments","authors":"A.K.M. Mubashwir Alam , Keke Chen","doi":"10.1016/j.cose.2024.104119","DOIUrl":null,"url":null,"abstract":"<div><div>Trusted execution environments (TEEs) enable efficient protection of integrity and confidentiality for applications running on untrusted platforms. They have been deployed in cloud servers to attract users who have concerns on exporting data and computation. However, recent studies show that TEEs’ side channels, including memory, cache, and micro-architectural features, are still vulnerable to adversarial exploitation. As many such attacks utilize program access patterns to infer secret information, data oblivious programs have been considered a practical defensive solution. However, they are often difficult to develop and optimize via either manual or automated approaches. We present the <em>oblivious TEE with MapReduce</em> (TEE-MR) approach that uses application frameworks, an approach between fully manual and fully automated, to hide the details of access-pattern protection to significantly minimize developers’ efforts. We have implemented the approach with the MapReduce application framework for data-intensive applications. It can regulate application dataflows and hide application-agnostic access-pattern protection measures from developers. Compared to manual composition approaches, it demands much less effort for developers to identify access patterns and to write code. Our approach is also easy to implement, less complicated than fully automated approaches, for which we have not seen a working prototype yet. Our experimental results show that TEE-MR-based applications have good performance, comparable to those carefully developed with time-consuming manual composition approaches.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104119"},"PeriodicalIF":4.8000,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004243","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Trusted execution environments (TEEs) enable efficient protection of integrity and confidentiality for applications running on untrusted platforms. They have been deployed in cloud servers to attract users who have concerns on exporting data and computation. However, recent studies show that TEEs’ side channels, including memory, cache, and micro-architectural features, are still vulnerable to adversarial exploitation. As many such attacks utilize program access patterns to infer secret information, data oblivious programs have been considered a practical defensive solution. However, they are often difficult to develop and optimize via either manual or automated approaches. We present the oblivious TEE with MapReduce (TEE-MR) approach that uses application frameworks, an approach between fully manual and fully automated, to hide the details of access-pattern protection to significantly minimize developers’ efforts. We have implemented the approach with the MapReduce application framework for data-intensive applications. It can regulate application dataflows and hide application-agnostic access-pattern protection measures from developers. Compared to manual composition approaches, it demands much less effort for developers to identify access patterns and to write code. Our approach is also easy to implement, less complicated than fully automated approaches, for which we have not seen a working prototype yet. Our experimental results show that TEE-MR-based applications have good performance, comparable to those carefully developed with time-consuming manual composition approaches.

查看原文本刊更多论文

TEE-MR：面向可信执行环境的开发人员友好型数据遗忘编程

可信执行环境（TEE）可有效保护在不受信任平台上运行的应用程序的完整性和保密性。它们已被部署到云服务器中，以吸引对数据和计算输出有顾虑的用户。然而，最近的研究表明，TEEs 的侧信道（包括内存、高速缓存和微体系结构特性）仍然容易被敌方利用。由于许多此类攻击利用程序访问模式来推断秘密信息，数据遗忘程序被认为是一种实用的防御解决方案。然而，这些程序通常很难通过手动或自动方法进行开发和优化。我们提出了使用 MapReduce 的遗忘 TEE（TEE-MR）方法，该方法使用应用程序框架（一种介于全手工和全自动之间的方法）来隐藏访问模式保护的细节，从而大大减少开发人员的工作量。我们利用适用于数据密集型应用的 MapReduce 应用框架实施了该方法。它可以规范应用数据流，并向开发人员隐藏与应用无关的访问模式保护措施。与手动组成方法相比，它大大减少了开发人员识别访问模式和编写代码的工作量。我们的方法也很容易实现，没有全自动方法那么复杂，我们还没有看到全自动方法的工作原型。我们的实验结果表明，基于 TEE-MR 的应用程序具有良好的性能，可与那些采用费时的人工组合方法精心开发的应用程序相媲美。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.