Introducing SECURESTREAMS: Scalable Middleware for Reactive and Secure Data Stream Processing

Havet, Aurélien; Schiavoni, Valerio; Felber, Pascal; Rouvoy, Romain

doi:10.1109/ic2e.2017.50

Cited by 11 publications

(14 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A few works exploit specialized hardware features for increased security. For instance, Havet et al [65] propose SecureStreams, combining a high-level datalow programming model with low-level Intel Software Guard Extensions (SGX) to guarantee stream privacy and integrity. Park et al [135] consider analytics on untrusted, resource-constrained Edge devices and present StreamBox-TZ, which ofers strong data security and veriiable results by isolating computation in ARM-based Trusted Execution Environments.…”

Section: Security Guaranteesmentioning

confidence: 99%

Runtime Adaptation of Data Stream Processing Systems: The State of the Art

et al. 2022

View full text Add to dashboard Cite

Data Stream Processing (DSP) has emerged over the years as the reference paradigm for the analysis of continuous and fast information flows, which have often to be processed with low-latency requirements to extract insights and knowledge from raw data. Dealing with unbounded data flows, DSP applications are typically long-running and, thus, likely experience varying workloads and working conditions over time. To keep a consistent service level in face of such variability, a lot of effort has been spent studying strategies for run-time adaptation of DSP systems and applications. In this survey, we review the most relevant approaches from the literature, presenting a taxonomy to characterize the state of the art along several key dimensions. Our analysis allows us to identify current research trends as well as open challenges that will motivate further investigations in this field.

show abstract

Section: Security Guaranteesmentioning

confidence: 99%

Runtime Adaptation of Data Stream Processing Systems: The State of the Art

et al. 2022

View full text Add to dashboard Cite

show abstract

“…CaSE [44] is a cache-assisted secure execution framework for the TRUSTZONE to defend against multiple attacks. Others [28,36,41] have implemented frameworks for TEEs to securely process data streams that could benefit from KEVLAR-TZ. However, while such projects have implemented full-fledged frameworks, KEVLAR-TZ provides a lean and resource-efficient cache with an easy-to-use API for applications that need fast access to persistent data.…”

Section: Related Workmentioning

confidence: 99%

KEVLAR-TZ: A Secure Cache for ARM TrustZone

Benedito¹,

Delgado-Gonzalo²,

Schiavoni³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KEVLAR-TZ, an application-level trusted cache designed to leverage ARM TRUSTZONE, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KEVLAR-TZ exposes a REST-based interface with connection endpoints inside the TRUSTZONE enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KEVLAR-TZ on top of the OP-TEE framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TRUSTZONE. KEVLAR-TZ is available as open-source at https://github.com/mqttz/kevlar-tz/.

show abstract

“…SGX for Data Protection: Current work in SGX-enabled computation has focused on many different areas, from securing ZooKeeper data [9]; to managing transactions, or enterprise rights management privately [18]; to segregating linux containers [6]. Secure-Stream [17] is a system that explores the use of Intel's SGX as a way to execute Map-Reduce streaming applications. Further, VC3 [31] builds a Map-Reduce engine on top of SGX hardware that allows for attestation of code and data on a powerful adversary.…”

Section: Sgxmentioning

confidence: 99%

Behind Enemy Lines

Thoma

Lee

Labrinidis

2019

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

Data Stream Processing Systems (DSPSs) execute long-running, continuous queries over transient streaming data, often making use of outsourced, third-party computational platforms. However, thirdparty outsourcing can lead to unwanted violations of data providers' access controls or privacy policies, as data potentially flows through untrusted infrastructure. To address these types of violations, data providers can elect to use stream processing techniques based upon computation-enabling encryption. Unfortunately, this class of solutions can leak information about underlying plaintext values, reduce the possible set of queries that can be executed, and come with detrimental performance overheads. To alleviate the concerns with cryptographically-enforced access controls in DSPSs, we have developed Sanctuary, a DSPS that makes use of Intel's Software Guard Extensions (SGX) to protect data being processed on untrusted infrastructure. We show that Sanctuary can execute arbitrary queries while leaking no more information than an idealized Trusted Infrastructure system. At the same time, an extensive evaluation shows that the overheads associated with stream processing in Sanctuary are comparable to its computationenabling encryption counterparts for many queries.

show abstract

Introducing SECURESTREAMS: Scalable Middleware for Reactive and Secure Data Stream Processing

Cited by 11 publications

References 4 publications

Runtime Adaptation of Data Stream Processing Systems: The State of the Art

Runtime Adaptation of Data Stream Processing Systems: The State of the Art

KEVLAR-TZ: A Secure Cache for ARM TrustZone

Behind Enemy Lines

Contact Info

Product

Resources

About