Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data

Hunt Tyler; Zhu Zhiting; Xu Yuanzhong; Peter Simon; Witchel Emmett

首页> 外文期刊>ACM transactions on computer systems >Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data

【24h】

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data

机译：Ryoan：用于秘密数据的不可信计算的分布式沙箱

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Users of modern data-processing services such as tax preparation or genomic screening are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret data while it is processed by services that the data owner does not trust. Accomplishing this goal in a distributed setting is difficult, because the user has no control over the service providers or the computational platform. Confining code to prevent it from leaking secrets is notoriously difficult, but Ryoan benefits from new hardware and a request-oriented data model.Ryoan provides a distributed sandbox, leveraging hardware enclaves (e. g., Intel's software guard extensions (SGX) [40]) to protect sandbox instances from potentially malicious computing platforms. The protected sandbox instances confine untrusted data-processing modules to prevent leakage of the user's input data. Ryoan is designed for a request-oriented data model, where confined modules only process input once and do not persist state about the input. We present the design and prototype implementation of Ryoan and evaluate it on a series of challenging problems including email filtering, health analysis, image processing and machine translation.

机译：诸如税务准备或基因组筛选之类的现代数据处理服务的用户被迫以他们希望保密的数据信任他们。当数据所有者不信任的服务处理秘密数据时，Ryoan1会对其进行保护。由于用户无法控制服务提供商或计算平台，因此很难在分布式环境中实现此目标。限制代码以防止其泄露是非常困难的，但是Ryoan受益于新硬件和面向请求的数据模型。Ryoan提供了一个分布式沙箱，利用了硬件区域（例如，英特尔的软件防护扩展（SGX）[40]）保护沙盒实例免受潜在的恶意计算平台的侵害。受保护的沙箱实例限制了不受信任的数据处理模块，以防止用户输入数据泄漏。 Ryoan专为面向请求的数据模型而设计，其中受限模块仅处理输入一次，并且不保留输入状态。我们介绍Ryoan的设计和原型实现，并针对一系列具有挑战性的问题（包括电子邮件过滤，运行状况分析，图像处理和机器翻译）进行评估。

著录项

来源
《ACM transactions on computer systems》 |2018年第4期|13.1-13.32|共32页
作者
Hunt Tyler; Zhu Zhiting; Xu Yuanzhong; Peter Simon; Witchel Emmett;
展开▼
作者单位

Google, 1600 Amphitheatre Pkwy, Mountain View, CA 94043 USA;

Univ Texas Austin, Comp Sci Dept, 2317 Speedway,Stop D9500, Austin, TX 78712 USA;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Intel SGX; enclaves; sandboxing; untrusted OS; private computation;

机译：英特尔SGX;飞地;沙盒;不受信任的操作系统;私有计算;

相似文献

外文文献
中文文献
专利

1. Entrusting Private Computation and Data to Untrusted Networks [J] . Brun, Y., Medvidovic, IEEE transactions on dependable and secure computing . 2013,第4期

机译：将私有计算和数据委托给不受信任的网络
2. Privacy-Preserving Analysis of Distributed Biomedical Data: Designing Efficient and Secure Multiparty Computations Using Distributed Statistical Learning Theory [J] . Fida K Dankar, Nisha Madathil, Samar K Dankar, JMIR Medical Informatics . 2019,第2期

机译：分布式生物医学数据的隐私保留分析：使用分布式统计学习理论设计高效和安全的多征计算
3. Distributed Privacy Preserving Clustering via Homomorphic Secret Sharing and Its Application to (Vertically) Partitioned Spatio-Temporal Data [J] . Can Yildizli, Thomas Brochmann Pedersen, Yucel Saygin International Journal of Data Warehousing and Mining . 2011,第1期

机译：同态秘密共享的分布式隐私保护聚类及其在（垂直）分区时空数据中的应用
4. ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries [C] . Liang Deng, Qingkai Zeng, Yao Liu IFIP TC 11 International conference on information security and privacy . 2015

机译：ISboxing：针对x86不受信任的库的基于指令替换的数据沙箱
5. D4: An integrated architecture of data mining, a data warehouse, distributed databases and distributed computation. [D] . Chen, Shiuhlon. 1997

机译：D4：数据挖掘，数据仓库，分布式数据库和分布式计算的集成架构。
6. Distributing the future: The weak justifications for keeping human genomic databases secret and the challenges and opportunities in reverse engineering them [O] . Misha Angrist, Robert Cook-Deegan 2014

机译：分配未来：保持人类基因组数据库秘密的微不足道的理由以及对它们进行逆向工程的挑战和机遇
7. Entrusting Private Computation and Data to Untrusted Networks [O] . Yuriy Brun, Nenad Medvidovic 2013

机译：将私有计算和数据委托给不受信任的网络

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data

摘要

著录项

相似文献

相关主题

期刊订阅