Vault

Taassori, Meysam; Shafiee, Ali; Balasubramonian, Rajeev

doi:10.1145/3296957.3177155

Cited by 23 publications

(4 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In all our experiments for SECRET-GWAS, except for the EPC sensitivity test in Figure 3c, we did not trigger EPC paging. Recent work shows that increasing the scalability of the EPC is possible [35,36], and Intel has developed new approaches to increase EPC memory in SGX [28] that have recently been added to Azure's cloud offerings. Therefore, we believe that GWAS will be able to support even larger datasets with several million patients as the pace of EPC technology improves.…”

Section: Epc Memory Scalingmentioning

confidence: 99%

“…SGX, for instance, only provides 128-256 MB of EPC [28]. If an application's working data set size exceeds EPC size, then it triggers EPC paging -an expensive process where encrypted pages are moved back and forth between non-enclave and enclave memory, slowing down programs by 5x on average [35]. Datasets used in population-scale GWAS can be several GBs, which do not directly fit within the EPC.…”

Section: Challengesmentioning

confidence: 99%

See 1 more Smart Citation

SECRET-GWAS: Confidential Computing for Population-Scale GWAS

Rosenblum,

Dong,

Narayanasamy

2024

Preprint

View full text Add to dashboard Cite

Genomic data from a single institution lacks global diversity representation, especially for rare variants and diseases. Confidential computing can enable collaborative GWAS without compromising privacy or accuracy, however, due to limited secure memory space and performance overheads previous solutions fail to support widely used regression methods. We present SECRET-GWAS: a rapid, privacy-preserving, population-scale, collaborative GWAS tool. We discuss several system optimizations, including streaming, batching, data parallelization, and reducing trusted hardware overheads to efficiently scale linear and logistic regression to over a thousand processor cores on an Intel SGX-based cloud platform. In addition, we protect SECRET-GWAS against several hardware side-channel attacks, including Spectre, using data-oblivious code transformations and optimized speculative load hardening. SECRET-GWAS is an open-source tool and works with the widely used Hail genomic analysis framework. Our experiments on Azure's Confidential Computing platform demonstrate that SECRET-GWAS enables multivariate linear and logistic regression GWAS queries on population-scale datasets (one million patients, four million SNPs, 12 covariates) from ten independent sources in just 4.5 and 29 minutes, respectively.

show abstract

Section: Epc Memory Scalingmentioning

confidence: 99%

Section: Challengesmentioning

confidence: 99%

SECRET-GWAS: Confidential Computing for Population-Scale GWAS

Rosenblum,

Dong,

Narayanasamy

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Therefore, it may not suit the performancesensitive middlebox applications. To help grow EPC in the future, a recent study proposes to refine the underlying data structure for integrity checking [84]. Whether a large EPC can overcome SGX's current performance issue without enlarging the attack surface remains an open problem.…”

Section: Related Workmentioning

confidence: 99%

LightBox

Duan

Wang

Yuan

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks.We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed. CCS CONCEPTS• Networks → Middle boxes / network appliances; Network privacy and anonymity; • Security and privacy → Domainspecific security and privacy architectures.

show abstract

“…A typical memory encryption scheme (as MEE) consists of MACs/hash functions and Authenticated Encryptions (AEs) composed in a tree for providing replay protection in addition to confidentiality and authenticity [Gue16a, HJ06, RCPS07, IMO + 22]. This type of memory encryption has been extensively studied from the system architecture viewpoint, e.g., [YEP + 06, SNR + 18a, TSB18a,Ava22]. The latency of the cryptographic core inside a memory encryption scheme directly impacts the memory read/write latency, hence it is a critical factor in determining the overall TEE performance.…”

Section: Introductionmentioning

confidence: 99%

Gleeok: A Family of Low-Latency PRFs and its Applications to Authenticated Encryption

Anand,

Banik,

Caforio

et al. 2024

TCHES

View full text Add to dashboard Cite

In this paper, we propose a new family of low-latency pseudorandom functions (PRFs), dubbed Gleeok.Gleeok utilizes three 128-bit branches to achieve a 256-bit key size while maintaining low latency. The first two branches are specifically designed to defend against statistical attacks, especially for differential attacks, while the third branch provides resilience against algebraic attacks. This unique design enables Gleeok to offer ultralow latency while supporting 256-bit keys, setting it apart from existing ciphers dedicated to low-latency requirements. In addition, we propose wide-block variants having three 256-bit branches. We also present an application of Gleeok to short-input authenticated encryption which is crucial for memory encryption and various realtime communication applications. Furthermore, we present comprehensive hardware implementation results that establish the capabilities of Gleeok and demonstrate its competitiveness against related schemes in the literature. In particular, Gleeok achieves a minimum latency of roughly 360 ps with the NanGate 15 nm cell library and is thus on par with related low-latency schemes that only feature 128-bit keys while maintaining minimal overhead when equipped in an authenticated mode of operation.

show abstract

Vault

Cited by 23 publications

References 35 publications

SECRET-GWAS: Confidential Computing for Population-Scale GWAS

SECRET-GWAS: Confidential Computing for Population-Scale GWAS

LightBox

Gleeok: A Family of Low-Latency PRFs and its Applications to Authenticated Encryption

Contact Info

Product

Resources

About