Flare: A Fast, Secure, and Memory-Efficient Distributed Analytics Framework-Reference-Cited by-同舟云学术

Flare: A Fast, Secure, and Memory-Efficient Distributed Analytics Framework

Published:2023-02 Issue:6 Volume:16 Page:1439-1452
ISSN:2150-8097
Container-title:Proceedings of the VLDB Endowment
language:en
Short-container-title:Proc. VLDB Endow.

Author:

Li Xiang¹,Li Fabing²,Gao Mingyu³

Affiliation:

1. Tsinghua University

2. Xi'an Jiaotong University

3. Tsinghua University, Shanghai Artificial Intelligence Lab, Shanghai Qi Zhi Institute

Abstract

As big data processing in the cloud becomes prevalent today, data privacy on such public platforms raises critical concerns. Hardware-based trusted execution environments (TEEs) provide promising and practical platforms for low-cost privacy-preserving data processing. However, using TEEs to enhance the security of data analytics frameworks like Apache Spark involves challenging issues when separating various framework components into trusted and untrusted domains, demanding meticulous considerations for programmability, performance, and security. Based on Intel SGX, we build Flare, a fast, secure, and memory-efficient data analytics framework with a familiar user programming interface and useful functionalities similar to Apache Spark. Flare ensures confidentiality and integrity by keeping sensitive data and computations encrypted and authenticated. It also supports oblivious processing to protect against access pattern side channels. The main innovations of Flare include a novel abstraction paradigm of shadow operators and shadow tasks to minimize trusted components and reduce domain switch overheads, memory-efficient data processing with proper granularities for different operators, and adaptive parallelization based on memory allocation intensity for better scalability. Flare outperforms the state-of-the-art secure framework by 3.0× to 176.1×, and is also 2.8× to 28.3× faster than a monolithic libOS-based integration approach.

Publisher

Association for Computing Machinery (ACM)

Subject

General Earth and Planetary Sciences,Water Science and Technology,Geography, Planning and Development

Link

https://dl.acm.org/doi/pdf/10.14778/3583140.3583158

Reference87 articles.

1. Tiago Alves . 2004. TrustZone: Integrated Hardware and Software Security. White paper ( 2004 ). Tiago Alves. 2004. TrustZone: Integrated Hardware and Software Security. White paper (2004).

2. Ittai Anati , Shay Gueron , Simon Johnson , and Vincent Scarlata . 2013 . Innovative Technology for CPU Based Attestation and Sealing . In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.

3. Sergei Arnautov , Bohdan Trach , Franz Gregor , Thomas Knauth , Andre Martin , Christian Priebe , Joshua Lind , Divya Muthukumaran , Dan O'Keeffe , Mark L. Still-well, David Goltzsche , Dave Eyers , Rüdiger Kapitza , Peter Pietzuch , and Christof Fetzer . 2016 . SCONE: Secure Linux Containers with Intel SGX . In Proceedings of 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 689--703 . Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Still-well, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 689--703.

4. Maurice Bailleu , Dimitra Giantsidi , Vasilis Gavrielatos , Do Le Quoc , Vijay Nagarajan , and Pramod Bhatotia . 2021 . Avocado: A Secure In-Memory Distributed Storage System . In Proceedings of the 2021 USENIX Annual Technical Conference (USENIX ATC). 65--79 . Maurice Bailleu, Dimitra Giantsidi, Vasilis Gavrielatos, Do Le Quoc, Vijay Nagarajan, and Pramod Bhatotia. 2021. Avocado: A Secure In-Memory Distributed Storage System. In Proceedings of the 2021 USENIX Annual Technical Conference (USENIX ATC). 65--79.

5. TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality;Bajaj Sumeet;IEEE Transactions on Knowledge and Data Engineering (TKDE),2013

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Demystifying the QoS and QoE of Edge-hosted Video Streaming Applications in the Wild with SNESet;Proceedings of the ACM on Management of Data;2023-12-08

2. Preemptive Switch Memory Usage to Accelerate Training Jobs with Shared In-Network Aggregation;2023 IEEE 31st International Conference on Network Protocols (ICNP);2023-10-10

3. SODA: A Set of Fast Oblivious Algorithms in Distributed Secure Data Analytics;Proceedings of the VLDB Endowment;2023-03