Secure, easy-to-use and high-performance distributed data-intensive computing using trusted execution environment

Abstract

The cloud computing paradigm fosters data mining and AI algorithms running on the increasingly generated sensitive user data, greatly improving user experience and enabling new applications. For high performance, clouds typically make use of the distributed computing paradigm and hardware accelerators to provide high computing capacities. However, the privacy of user data is often ignored, causing great catastrophes (e.g., money losses and identity threats) when the clouds are under attack from insiders or external attackers.

To preserve privacy while maintaining high performance, Trusted Execution Environment (TEE) is becoming a promising technique. TEE provides an isolated execution environment that cannot be seen or tampered with even by privileged attackers such as cloud administrators. Unfortunately, three major challenges arise when trying to protect distributed data-intensive applications (e.g., data analytics) within TEE: programmability difficulties, performance hazards and security vulnerabilities. Specifically, it is tedious and error-prone to write TEE applications as OS is excluded from the TCB, and these TEE applications exhibit high performance overhead when processing a tremendous amount of data. Worse, running distributed data-intensive applications within TEE can exhibit several security vulnerabilities (e.g., memory attacks and information leakages) as TEE protects only a single process. This thesis first explores programming methods and abstractions to ease the development of secure and high-performance TEE applications, by capturing the performance and security characteristics of both TEE and distributed data-intensive computing. The thesis then showcases the system design based on the new programming methods and abstractions. First, the thesis presents a TEE-agnostic annotation approach for annotating TEE code and presents a complete system URANUS for executing only the annotated functions and their dependencies automatically within TEE. Second, CRONUS extends TEE execution from CPU to diverse domain-specific accelerators, with a new mEnclave abstraction for encapsulating computation within accelerators and presenting a microTEE architecture for isolating diverse (mutually untrusted) accelerators. The third work enables the execution of untrusted code within TEE by a new distributed information flow tracking abstraction and presents KAKUTE for enabling fine-grained access control for distributed analytics. The final system LAPA contains a trusted synchronization primitive for fast distributed DNN training with privacy guarantees.