13
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Secure Content-Based Routing Using Intel Software Guard Extensions

      Preprint
      , , ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Content-based routing (CBR) is a powerful model that supports scalable asynchronous communication among large sets of geographically distributed nodes. Yet, preserving privacy represents a major limitation for the wide adoption of CBR, notably when the routers are located in public clouds. Indeed, a CBR router must see the content of the messages sent by data producers, as well as the filters (or subscriptions) registered by data consumers. This represents a major deterrent for companies for which data is a key asset, as for instance in the case of financial markets or to conduct sensitive business-to-business transactions. While there exists some techniques for privacy-preserving computation, they are either prohibitively slow or too limited to be usable in real systems. In this paper, we follow a different strategy by taking advantage of trusted hardware extensions that have just been introduced in off-the-shelf processors and provide a trusted execution environment. We exploit Intel's new software guard extensions (SGX) to implement a CBR engine in a secure enclave. Thanks to the hardware-based trusted execution environment (TEE), the compute-intensive CBR operations can operate on decrypted data shielded by the enclave and leverage efficient matching algorithms. Extensive experimental evaluation shows that SGX adds only limited overhead to insecure plaintext matching outside secure enclaves while providing much better performance and more powerful filtering capabilities than alternative software-only solutions. To the best of our knowledge, this work is the first to demonstrate the practical benefits of SGX for privacy-preserving CBR.

          Related collections

          Most cited references15

          • Record: found
          • Abstract: not found
          • Conference Proceedings: not found

          How to generate and exchange secrets

          Andrew Yao (1986)
            Bookmark
            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            VC3: Trustworthy Data Analytics in the Cloud Using SGX

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              Design and evaluation of a wide-area event notification service

                Bookmark

                Author and article information

                Journal
                2017-01-17
                Article
                10.1145/2988336.2988346
                1701.04612
                f2ffbb80-60f8-4f2a-9a58-98c03699f7e1

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                History
                Custom metadata
                Middleware '16 Trento, Italy - 10 pages
                cs.DC

                Networking & Internet architecture
                Networking & Internet architecture

                Comments

                Comment on this article