TEE-MR: Developer-friendly data oblivious programming for trusted execution environments

Trusted execution environments (TEEs) enable efficient protection of integrity and confidentiality for applications running on untrusted platforms. They have been deployed in cloud servers to attract users who have concerns on exporting data and computation. However, recent studies show that TEEs' side channels, including memory, cache, and micro-architectural features, are still vulnerable to adversarial exploitation. As many such attacks utilize program access patterns to infer secret information, data oblivious programs have been considered a practical defensive solution. However, they are often difficult to develop and optimize via either manual or automated approaches. We present the oblivious TEE with MapReduce (TEE-MR) approach that uses application frameworks, an approach between fully manual and fully automated, to hide the details of access-pattern protection to significantly minimize developers' efforts. We have implemented the approach with the MapReduce application framework for data-intensive applications. It can regulate application dataflows and hide application-agnostic access-pattern protection measures from developers. Compared to manual composition approaches, it demands much less effort for developers to identify access patterns and to write code. Our approach is also easy to implement, less complicated than fully automated approaches, for which we have not seen a working prototype yet. Our experimental results show that TEE-MR-based applications have good performance, comparable to those carefully developed with time-consuming manual composition approaches.