Notes about <VC3: Trustworthy Data Analytics in the Cloud using SGX>

Introduction

Typically, cloud users
hope for the following security guarantees:
I Confidentiality and integrity for both code and data; i. e.,
the guarantee that they are not changed by attackers and
that they remain secret.
II Verifiability of execution of the code over the data; i. e.,
the guarantee that their distributed computation globally
ran to completion and was not tampered with.

We present Verifiable Confidential Cloud Computing (VC3),
a MapReduce framework that achieves the security guarantees
(I and II) formulated above, with good performance.

Our threat model accounts for powerful adversaries that may control
the whole cloud provider’s software and hardware infrastructure,
except for the certified physical processors involved in
the computation.

Denial-of-service, side-channels, and trafficanalysis
attacks are outside the scope of this work.

• To keep the TCB small in our design, users simply write the usual map and reduce functions in C++, encrypt them, bind them to a small amount of code that implements our cryptographic protocols, and finally upload the code to the cloud.
  On each worker node, the cloud operating system loads the code into a secure region within the address space of a process and makes use of the security mechanisms of SGX processors to make the region inaccessible to the operating system and the
  hypervisor.
  Subsequently, the code inside the region runs our key exchange protocol, decrypts the map and reduce functions, and runs the distributed computation that processes the data.

  • The second challenge is to guarantee integrity for the whole
    distributed computation, since the processors guarantee only
    integrity of memory regions on individual computers.

  • The final challenge is to protect the code running in the
    isolated memory regions from attacks due to unsafe memory
    accesses.

Background

Cryptographic Assumptions

• EDigest(C) : for the SGX digest of an enclave’s initial content C. We refer to C as the code identity of an enclave. Intuitively, EDigest provides collision resistance;
• ESigp[C]{text}: for a quote from a QE with identity P that jointly signs H(text) and the EDigest(C) on behalf of an enclave with code identity C.