SecDAF：一个高效安全的多源数据分析框架

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

Future Generation Computer Systems-The International Journal of Escience Pub Date : 2025-07-22 DOI:10.1016/j.future.2025.108020

Wenjia Zhao, Saiyu Qi, Yong Qi

{"title":"SecDAF：一个高效安全的多源数据分析框架","authors":"Wenjia Zhao, Saiyu Qi, Yong Qi","doi":"10.1016/j.future.2025.108020","DOIUrl":null,"url":null,"abstract":"<div><div>Multi-source data analysis promises valuable insights but encounters challenges in preserving data privacy. While cryptography facilitates secure multi-party computation, its performance overhead hinders practicality. Recent advancements in trusted execution environments — Intel Software Guard Extension (SGX), present a promising alternative due to its efficiency. However, existing SGX-based methods exhibit limitations: (1) Unrealistic assumption of code security. They presume the data analysis code itself is secure, which is often not guaranteed. (2) Performance bottlenecks for large datasets. Heavy reliance on data encryption/decryption significantly impacts performance. (3) Steep learning curve for data analysts. Analysts need prior knowledge of SGX to develop secure programs. To overcome these limitations, this paper presents SecDAF, a secure and efficient framework for multi-source data analysis. SecDAF introduces ReE-Fuse, a novel mechanism that combines reusable enclaves with a fuse-threshold security policy, enabling secure execution across diverse analysis tasks without requiring repeated code audits. By integrating this mechanism with homomorphic encryption via a lightweight protocol, SecDAF ensures strong privacy guarantees while significantly reducing cryptographic overhead. Additionally, SecDAF provides Python APIs that allow analysts to implement secure computations without prior knowledge of SGX internals. Experimental results show that SecDAF achieves over 2×performance improvement compared to a state-of-the-art secure multi-party computation approach, while also enhancing usability and security assurance.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"174 ","pages":"Article 108020"},"PeriodicalIF":6.2000,"publicationDate":"2025-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SecDAF: An efficient secure multi-source data analysis framework\",\"authors\":\"Wenjia Zhao, Saiyu Qi, Yong Qi\",\"doi\":\"10.1016/j.future.2025.108020\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Multi-source data analysis promises valuable insights but encounters challenges in preserving data privacy. While cryptography facilitates secure multi-party computation, its performance overhead hinders practicality. Recent advancements in trusted execution environments — Intel Software Guard Extension (SGX), present a promising alternative due to its efficiency. However, existing SGX-based methods exhibit limitations: (1) Unrealistic assumption of code security. They presume the data analysis code itself is secure, which is often not guaranteed. (2) Performance bottlenecks for large datasets. Heavy reliance on data encryption/decryption significantly impacts performance. (3) Steep learning curve for data analysts. Analysts need prior knowledge of SGX to develop secure programs. To overcome these limitations, this paper presents SecDAF, a secure and efficient framework for multi-source data analysis. SecDAF introduces ReE-Fuse, a novel mechanism that combines reusable enclaves with a fuse-threshold security policy, enabling secure execution across diverse analysis tasks without requiring repeated code audits. By integrating this mechanism with homomorphic encryption via a lightweight protocol, SecDAF ensures strong privacy guarantees while significantly reducing cryptographic overhead. Additionally, SecDAF provides Python APIs that allow analysts to implement secure computations without prior knowledge of SGX internals. Experimental results show that SecDAF achieves over 2×performance improvement compared to a state-of-the-art secure multi-party computation approach, while also enhancing usability and security assurance.</div></div>\",\"PeriodicalId\":55132,\"journal\":{\"name\":\"Future Generation Computer Systems-The International Journal of Escience\",\"volume\":\"174 \",\"pages\":\"Article 108020\"},\"PeriodicalIF\":6.2000,\"publicationDate\":\"2025-07-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Future Generation Computer Systems-The International Journal of Escience\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167739X25003152\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X25003152","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

多源数据分析有望提供有价值的见解，但在保护数据隐私方面面临挑战。虽然密码学促进了安全的多方计算，但其性能开销阻碍了实用性。可信执行环境的最新进展——英特尔软件保护扩展（SGX），由于其效率，提供了一个有希望的替代方案。然而，现有的基于sgx的方法显示出局限性：(1)不切实际的代码安全性假设。他们假定数据分析代码本身是安全的，而这通常是无法保证的。(2)大数据集的性能瓶颈。严重依赖数据加密/解密会严重影响性能。(3)数据分析师学习曲线陡峭。分析师需要事先了解新交所，才能开发出安全的程序。为了克服这些限制，本文提出了一种安全高效的多源数据分析框架SecDAF。SecDAF引入了ReE-Fuse，这是一种将可重用飞地与融合阈值安全策略相结合的新机制，可以在不需要重复代码审计的情况下安全地执行各种分析任务。通过轻量级协议将此机制与同态加密集成，SecDAF确保了强大的隐私保证，同时显著降低了加密开销。此外，SecDAF提供Python api，允许分析师在不事先了解SGX内部的情况下实现安全计算。实验结果表明，与最先进的安全多方计算方法相比，SecDAF实现了2×performance以上的改进，同时增强了可用性和安全性保证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SecDAF: An efficient secure multi-source data analysis framework

Multi-source data analysis promises valuable insights but encounters challenges in preserving data privacy. While cryptography facilitates secure multi-party computation, its performance overhead hinders practicality. Recent advancements in trusted execution environments — Intel Software Guard Extension (SGX), present a promising alternative due to its efficiency. However, existing SGX-based methods exhibit limitations: (1) Unrealistic assumption of code security. They presume the data analysis code itself is secure, which is often not guaranteed. (2) Performance bottlenecks for large datasets. Heavy reliance on data encryption/decryption significantly impacts performance. (3) Steep learning curve for data analysts. Analysts need prior knowledge of SGX to develop secure programs. To overcome these limitations, this paper presents SecDAF, a secure and efficient framework for multi-source data analysis. SecDAF introduces ReE-Fuse, a novel mechanism that combines reusable enclaves with a fuse-threshold security policy, enabling secure execution across diverse analysis tasks without requiring repeated code audits. By integrating this mechanism with homomorphic encryption via a lightweight protocol, SecDAF ensures strong privacy guarantees while significantly reducing cryptographic overhead. Additionally, SecDAF provides Python APIs that allow analysts to implement secure computations without prior knowledge of SGX internals. Experimental results show that SecDAF achieves over 2×performance improvement compared to a state-of-the-art secure multi-party computation approach, while also enhancing usability and security assurance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.