research-article

ObliDC: An SGX-based Oblivious Distributed Computing Framework with Formal Proof

Authors:

Robert H. Deng,

Zhonghai WuAuthors Info & Claims

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Pages 86 - 99

https://doi.org/10.1145/3321705.3329822

Published: 02 July 2019 Publication History

Abstract

Data privacy is becoming one of the most critical concerns in cloud computing. Several proposals based on Intel SGX such as VC3 [1] and M2R [2] have been introduced in the literature to protect data privacy during job execution in the cloud. However, a comprehensive formal proof of their security guarantees is still lacking. In this paper, we propose ObliDC, a general UC-secure SGX-based oblivious distributed computing framework. First, we model the life-cycle of a distributed computing job as data-flow graphs. Under the assumption of malicious, adaptive adversaries in the cloud, we then formally define data privacy of a distributed computing job by introducing a notion named ODC-privacy, which encompasses both semantic security (to protect data confidentiality during computation and transmission) and oblivious traffic (to prevent data leakage from traffic analysis). ObliDC is composed of four two-party protocols -- job deployment, job initialization, job execution, and results return, which allow for modular construction of concrete privacy-preserving job protocols in different distributed computing frameworks. Finally, inspired by a formal abstraction for trusted processors proposed by R. Pass et al. [3], we formally prove the security of ObliDC under the universal composability (UC) framework.

References

[1]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. Vc3: Trustworthy data analytics in the cloud using sgx. In IEEE S&P, pages 38--54. IEEE, 2015.

Digital Library

[2]

Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang. M2r: Enabling stronger privacy in mapreduce computation. In USENIX Security, pages 447--462, 2015.

Digital Library

[3]

Rafael Pass, Elaine Shi, and Florian Tramer. Formal abstractions for attested execution secure processors. In EuroCrypt, pages 260--289. Springer, 2017.

[4]

Jeffrey Dean and Sanjay Ghemawat. Mapreduce: simplified data processing on large clusters. Communications of the ACM, 51(1):107--113, 2008.

Digital Library

[5]

Matei Zaharia, Mosharaf Chowdhury, Michael J Franklin, Scott Shenker, and Ion Stoica. Spark: Cluster computing with working sets. USENIX HotCloud, 10(10--10):95, 2010.

Digital Library

[6]

Apache storm, 2018. https://storm.apache.org/index.html.

[7]

U.s. federal cloud computing market forecast 2015--2020, 2015. http://www.marketresearchmedia.com/?p=145.

[8]

Cisco global cloud statistic: Forcasting and methods, 2015--2020, 2015. https://www.cisco.com/c/dam/m/zh_cn/solutions/service-provider/sp_gciwhitepaper_whitepaper_cn.pdf.

[9]

The cloud computing and distributed systems (clouds) laboratory, 2014. http://www.cloudbus.org/.

[10]

Mobile & cloud computing laboratory (mobile & cloud lab), 2014. http://mc.cs.ut.ee/.

[11]

Advanced encryption standard (aes), 2008. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.

[12]

Ronald L Rivest, Adi Shamir, and Leonard Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120--126, 1978.

Digital Library

[13]

Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS, 2012.

[14]

Olga Ohrimenko, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Markulf Kohlweiss, and Divya Sharma. Observing and preventing leakage in mapreduce. In CCS, pages 1570--1581. ACM, 2015.

Digital Library

[15]

Craig Gentry et al. Fully homomorphic encryption using ideal lattices. In STOC, volume 9, pages 169--178, 2009.

Digital Library

[16]

Nigel P Smart and Frederik Vercauteren. Fully homomorphic encryption with relatively small key and ciphertext sizes. In PKC, pages 420--443. Springer, 2010.

Digital Library

[17]

Wenting Zheng, Ankur Dave, Jethro Beekman, Raluca Ada Popa, Joseph Gonzalez, and Ion Stoica. Opaque: A data analytics platform with strong security. In USENIX NSDI, 2017.

[18]

Andrew Baumann, Marcus Peinado, and Galen Hunt. Shielding applications from an untrusted cloud with haven. In USENIX OSDI, pages 267--283, 2015.

Digital Library

[19]

Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Relations among notions of security for public-key encryption schemes. In CRYPTO, pages 26--45. Springer, 1998.

Digital Library

[20]

Howard Karloff, Siddharth Suri, and Sergei Vassilvitskii. A model of computation for mapreduce. In SODA, pages 938--948. SIAM, 2010.

Digital Library

[21]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. Vc3: Trustworthy data analytics in the cloud. Technical Report, 2014.

[22]

Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, pages 136--145. IEEE, 2001.

Digital Library

[23]

Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13(1):143--202, 2000.

Digital Library

[24]

Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. Innovative technology for cpu based attestation and sealing. In International Workshop on Hardware and Architectural Support for Security and Privacy, volume 13. ACM, 2013.

[25]

Victor Costan and Srinivas Devadas. Intel sgx explained. IACR Cryptology ePrint Archive, 2016(086):1--118, 2016.

[26]

Intel software guard extensions sdk for linux os (version 2.1), 2018. https://downłoad.01.org/intel-sgx/linux-2.1/docs/Intel_SGX_Developer_Reference_Linux_2.1_Open_Source.pdf.

[27]

Ran Canetti, Yevgeniy Dodis, Rafael Pass, and Shabsi Walfish. Universally composable security with global setup. In TCC, pages 61--85. Springer, 2007.

Digital Library

[28]

Yehida Lindell. Secure multiparty computation for privacy preserving data mining. The Journal of Privacy and Confidentiality, 1(1):59--98, 2005.

[29]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE S&P, pages 640--656. IEEE, 2015.

Digital Library

[30]

Mihir Bellare and Chanathip Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In AsiaCrypt, pages 531--545. Springer, 2000.

Digital Library

[31]

David McGrew and John Viega. The galois/counter mode of operation (gcm). Submission to NIST Modes of Operation Process, 20, 2004.

[32]

Microsoft dryad, 2018. https://www.microsoft.com/en-us/research/project/dryad/.

[33]

Apache tez, 2018. http://tez.apache.org/.

[34]

Marek Klonowski and Miroslaw Kutylowski. Provable anonymity for networks of mixes. In International Workshop on Information Hiding, pages 26--38. Springer, 2005.

Digital Library

[35]

Olga Ohrimenko, Michael T Goodrich, Roberto Tamassia, and Eli Upfal. The melbourne shuffle: Improving oblivious storage in the cloud. In International Colloquium on Automata, Languages, and Programming (ICALP), pages 556--567. Springer, 2014.

[36]

Florian Tramer, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, and Elaine Shi. Sealed-glass proofs: Using transparent enclaves to prove and sell knowledge. In IEEE EuroS&P, pages 19--34. IEEE, 2017.

[37]

Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, and Sanjit A Seshia. A formal foundation for secure remote execution of enclaves. In CCS, pages 2435--2450. ACM, 2017.

Digital Library

[38]

Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, and Dongsu Han. Enhancing security and privacy of tor's ecosystem by using trusted execution environments. In USENIX NSDI, pages 145--161, 2017.

Digital Library

Cited By

Li XSun NLuo YGao M(2023)SODA: A Set of Fast Oblivious Algorithms in Distributed Secure Data AnalyticsProceedings of the VLDB Endowment10.14778/3587136.358714216:7(1671-1684)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.14778/3587136.3587142
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Wu PNing JHuang XLiu J(2023)Differentially Oblivious Two-Party Pattern Matching With Sublinear Round ComplexityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.320675820:5(4101-4117)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3206758
Show More Cited By

Recommendations

Secure and Private Function Evaluation with Intel SGX
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

Secure function evaluation (SFE) allows two parties to jointly evaluate a publicly known function without revealing their respective inputs. SFE can be realized via well-known cryptographic protocols, such as Yao's garbled circuits (GC) and the protocol ...
A Formal Framework for ASTRAL Intralevel Proof Obligations

ASTRAL is a formal specification language for real-time systems. It is intended to support formal software development, and therefore has been formally defined. This paper focuses on how to formally prove the mathematical correctness of ASTRAL ...
Receipt-free universally-verifiable voting with everlasting privacy
CRYPTO'06: Proceedings of the 26th annual international conference on Advances in Cryptology

We present the first universally verifiable voting scheme that can be based on a general assumption (existence of a non-interactive commitment scheme). Our scheme is also the first receipt-free scheme to give “everlasting privacy” for votes: even a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

July 2019

708 pages

ISBN:9781450367523

DOI:10.1145/3321705

General Chairs:
Steven Galbraith
University of Auckland, New Zealand
,
Giovanni Russello
University of Auckland, New Zealand
,
Willy Susilo
University of Wollongong, Australia
,
Program Chairs:
Dieter Gollmann
Hamburg University of Technology, Germany & Nanyang Technological University, Singapore
,
Engin Kirda
Northeastern University, USA
,
Zhenkai Liang
National University of Singapore, Singapore

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 July 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

Asia CCS '19

Sponsor:

SIGSAC

Asia CCS '19: ACM Asia Conference on Computer and Communications Security

July 9 - 12, 2019

Auckland, New Zealand

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
374
Total Downloads

Downloads (Last 12 months)55
Downloads (Last 6 weeks)5

Reflects downloads up to 18 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li XSun NLuo YGao M(2023)SODA: A Set of Fast Oblivious Algorithms in Distributed Secure Data AnalyticsProceedings of the VLDB Endowment10.14778/3587136.358714216:7(1671-1684)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.14778/3587136.3587142
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Wu PNing JHuang XLiu J(2023)Differentially Oblivious Two-Party Pattern Matching With Sublinear Round ComplexityIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.320675820:5(4101-4117)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3206758
Feng EDu DXia YChen H(2023)Efficient Distributed Secure Memory with Migratable Merkle Tree2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071130(347-360)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10071130
Jiang QChang EQi YQi SWu PWang J(2022)Rphx: Result Pattern Hiding Conjunctive Query Over Private Compressed Index Using Intel SGXIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.314487717(1053-1068)Online publication date: 2022
https://doi.org/10.1109/TIFS.2022.3144877
Wu PLi QNing JHuang XWu W(2022)Differentially Oblivious Data Analysis With Intel SGX: Design, Optimization, and EvaluationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.310631719:6(3741-3758)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3106317
Wu PNing JLuo WHuang XHe D(2021)Exploring Dynamic Task Loading in SGX-based Distributed ComputingIEEE Transactions on Services Computing10.1109/TSC.2021.3123511(1-1)Online publication date: 2021
https://doi.org/10.1109/TSC.2021.3123511
Bhatotia PKohlweiss MMartinico LTselekounis Y(2021)Steel: Composable Hardware-Based Stateful and Randomised Functional EncryptionPublic-Key Cryptography – PKC 202110.1007/978-3-030-75248-4_25(709-736)Online publication date: 1-May-2021
https://doi.org/10.1007/978-3-030-75248-4_25

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents