ObliDC: An SGX-based Oblivious Distributed Computing Framework with Formal Proof

被引:8
作者
Wu, Pengfei [1 ]
Shen, Qingni [1 ]
Deng, Robert. H. [2 ]
Liu, Ximeng [3 ]
Zhang, Yinghui [4 ]
Wu, Zhonghai [1 ]
机构
[1] Peking Univ, Beijing, Peoples R China
[2] Singapore Management Univ, Singapore, Singapore
[3] Fuzhou Univ, Fuzhou, Peoples R China
[4] Xian Univ Posts & Telecommun, Xian, Peoples R China
来源
PROCEEDINGS OF THE 2019 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS '19) | 2019年
基金
中国国家自然科学基金;
关键词
oblivious computation; Intel SGX; distributed computing systems; formal proof;
D O I
10.1145/3321705.3329822
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Data privacy is becoming one of the most critical concerns in cloud computing. Several proposals based on Intel SGX such as VC3 [1] and M2R [2] have been introduced in the literature to protect data privacy during job execution in the cloud. However, a comprehensive formal proof of their security guarantees is still lacking. In this paper, we propose ObliDC, a general UC-secure SGX-based oblivious distributed computing framework. First, we model the life-cycle of a distributed computing job as data-flow graphs. Under the assumption of malicious, adaptive adversaries in the cloud, we then formally define data privacy of a distributed computing job by introducing a notion named ODC-privacy, which encompasses both semantic security (to protect data confidentiality during computation and transmission) and oblivious traffic (to prevent data leakage from traffic analysis). ObliDC is composed of four two-party protocols - job deployment, job initialization, job execution, and results return, which allow for modular construction of concrete privacy-preserving job protocols in different distributed computing frameworks. Finally, inspired by a formal abstraction for trusted processors proposed by R. Pass et al. [3], we formally prove the security of ObliDC under the universal composability (UC) framework.
引用
收藏
页码:86 / 99
页数:14
相关论文
共 34 条
  • [1] Anati Ittai, 2013, INT WORKSH HARDW ARC, V13
  • [2] [Anonymous], 2012, NDSS 2012
  • [3] [Anonymous], 2018, Intel Software Guard Extensions Remote Attestation End-to-End Example
  • [4] [Anonymous], 2015, US FEDERAL COMPUTING
  • [5] [Anonymous], 2010, HOTCLOUD
  • [6] [Anonymous], 2008, ADV ENCRYPTION STAND
  • [7] [Anonymous], 2018, MICROSOFT DRYAD
  • [8] [Anonymous], 2015, CISCO GLOBAL CLOUD S
  • [9] [Anonymous], 2016, IACR CRYPTOL EPRINT
  • [10] Baumann Andrew, 2015, USENIX OSDI, P267