Ryoan

ACM Transactions on Computer Systems (TOCS) Pub Date : 2018-12-16 DOI:10.1145/3231594

T. Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, E. Witchel

{"title":"Ryoan","authors":"T. Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, E. Witchel","doi":"10.1145/3231594","DOIUrl":null,"url":null,"abstract":"Users of modern data-processing services such as tax preparation or genomic screening are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret data while it is processed by services that the data owner does not trust. Accomplishing this goal in a distributed setting is difficult, because the user has no control over the service providers or the computational platform. Confining code to prevent it from leaking secrets is notoriously difficult, but Ryoan benefits from new hardware and a request-oriented data model. Ryoan provides a distributed sandbox, leveraging hardware enclaves (e.g., Intel’s software guard extensions (SGX) [40]) to protect sandbox instances from potentially malicious computing platforms. The protected sandbox instances confine untrusted data-processing modules to prevent leakage of the user’s input data. Ryoan is designed for a request-oriented data model, where confined modules only process input once and do not persist state about the input. We present the design and prototype implementation of Ryoan and evaluate it on a series of challenging problems including email filtering, health analysis, image processing and machine translation.","PeriodicalId":318554,"journal":{"name":"ACM Transactions on Computer Systems (TOCS)","volume":"123 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Computer Systems (TOCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3231594","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Users of modern data-processing services such as tax preparation or genomic screening are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret data while it is processed by services that the data owner does not trust. Accomplishing this goal in a distributed setting is difficult, because the user has no control over the service providers or the computational platform. Confining code to prevent it from leaking secrets is notoriously difficult, but Ryoan benefits from new hardware and a request-oriented data model. Ryoan provides a distributed sandbox, leveraging hardware enclaves (e.g., Intel’s software guard extensions (SGX) [40]) to protect sandbox instances from potentially malicious computing platforms. The protected sandbox instances confine untrusted data-processing modules to prevent leakage of the user’s input data. Ryoan is designed for a request-oriented data model, where confined modules only process input once and do not persist state about the input. We present the design and prototype implementation of Ryoan and evaluate it on a series of challenging problems including email filtering, health analysis, image processing and machine translation.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Ryoan

使用现代数据处理服务(如报税或基因组筛选)的用户被迫将用户希望保密的数据委托给他们。当数据由数据所有者不信任的服务处理时，Ryoan1保护秘密数据。在分布式设置中实现这一目标是困难的，因为用户无法控制服务提供者或计算平台。限制代码以防止其泄露机密是出了名的困难，但是ryan受益于新的硬件和面向请求的数据模型。Ryoan提供了一个分布式沙箱，利用硬件飞地(例如，英特尔的软件防护扩展(SGX)[40])来保护沙箱实例免受潜在恶意计算平台的攻击。受保护的沙箱实例限制了不受信任的数据处理模块，以防止用户输入数据的泄漏。ryan是为面向请求的数据模型设计的，在这种模型中，受限制的模块只处理一次输入，并且不保存有关输入的状态。我们介绍了Ryoan的设计和原型实现，并在一系列具有挑战性的问题上对其进行了评估，包括电子邮件过滤、健康分析、图像处理和机器翻译。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ACM Transactions on Computer Systems (TOCS)

自引率

0.00%

发文量