Practical and Efficient in-Enclave Verification of Privacy Compliance - PubMed Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2021 Jun:2021:413-425.
doi: 10.1109/dsn48987.2021.00052. Epub 2021 Aug 6.

Practical and Efficient in-Enclave Verification of Privacy Compliance

Weijie Liu  1 Wenhao Wang  2 Hongbo Chen  1 XiaoFeng Wang  1 Yaosong Lu  2 Kai Chen  2 Xinyu Wang  3 Qintao Shen  2 Yi Chen  4 Haixu Tang  1
Affiliations

Practical and Efficient in-Enclave Verification of Privacy Compliance

Weijie Liu et al. Proc (Int Conf Dependable Syst Netw). 2021 Jun.

Abstract

A trusted execution environment (TEE) such as Intel Software Guard Extension (SGX) runs attestation to prove to a data owner the integrity of the initial state of an enclave, including the program to operate on her data. For this purpose, the data-processing program is supposed to be open to the owner or a trusted third party, so its functionality can be evaluated before trust being established. In the real world, however, increasingly there are application scenarios in which the program itself needs to be protected (e.g., proprietary algorithm). So its compliance with privacy policies as expected by the data owner should be verified without exposing its code. To this end, this paper presents Deflection, a new model for TEE-based delegated and flexible in-enclave code verification. Given that the conventional solutions do not work well under the resource-limited and TCB-frugal TEE, we come up with a new design inspired by Proof-Carrying Code. Our design strategically moves most of the workload to the code generator, which is responsible for producing easy-to-check code, while keeping the consumer simple. Also, the whole consumer can be made public and verified through a conventional attestation. We implemented this model on Intel SGX and demonstrate that it introduces a very small part of TCB. We also thoroughly evaluated its performance on micro- and macro- benchmarks and real-world applications, showing that the design only incurs a small overhead when enforcing several categories of security policies.

Keywords: Confidential Computing; Enclave Shielding Runtime; Intel SGX; Proof-Carrying Code.

PubMed Disclaimer

Figures

Fig. 1:
Fig. 1:
The Deflection model
Fig. 2:
Fig. 2:
System overview
Fig. 3:
Fig. 3:
Detailed framework and workflow
Fig. 4:
Fig. 4:
Workflow of flexible code generation
Fig. 5:
Fig. 5:
Store instruction instrumentation
Fig. 6:
Fig. 6:
Detailed workflow of the dynamic loader
Fig. 7:
Fig. 7:
Sequence alignment
Fig. 8:
Fig. 8:
Sequence generation
Fig. 9:
Fig. 9:
Credit scoring
Fig. 10:
Fig. 10:
Performance on HTTPS server
Fig. 11:
Fig. 11:
Performance comparison
See this image and copyright information in PMC

Similar articles

See all similar articles

References

    1. McKeen F, Alexandrovich I, Berenzon A, Rozas CV, Shafi H,Shanbhogue V, and Savagaonkar UR, “Innovative Instructions and Software Model for Isolated Execution.” HASP, vol. 10, no. 1, 2013
    1. Russinovich M, “Introducing Azure Confidential Computing,” Seattle, WA: Microsoft, 2017.
    1. “Google. Asylo,” 2019. [Online]. Available: https://asylo.dev/
    1. “Confidential Computing Consortium,” 2019. [Online]. Available: https://confidentialcomputing.io
    1. Zhang Z, Ding X, Tsudik G, Cui J, and Li Z, “Presence Attestation: The Missing Link in Dynamic Trust Bootstrapping,” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 89–102.

LinkOut - more resources