StreamBox-TZ: Secure Stream Analytics at the Edge with TrustZone

While it is compelling to process large streams of IoT data on the cloud edge, doing so exposes the data to a sophisticated, vulnerable software stack on the edge and hence security threats. To this end, we advocate isolating the data and its computations in a trusted execution environment (TEE) on the edge, shielding them from the remaining edge software stack which we deem untrusted. This approach faces two major challenges: (1) executing high-throughput, low-delay stream analytics in a single TEE, which is constrained by a low trusted computing base (TCB) and limited physical memory; (2) verifying execution of stream analytics as the execution involves untrusted software components on the edge. In response, we present StreamBox-TZ (SBT), a stream analytics engine for an edge platform that offers strong data security, verifiable results, and good performance. SBT contributes a data plane designed and optimized for a TEE based on ARM TrustZone. It supports continuous remote attestation for analytics correctness and result freshness while incurring low overhead. SBT only adds 42.5 KB executable to the TCB (16% of the entire TCB). On an octa core ARMv8 platform, it delivers the state-of-the-art performance by processing input events up to 140 MB/sec (12M events/sec) with sub-second delay. The overhead incurred by SBT's security mechanism is less than 25%.

[1]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[2]  Sylvia Ratnasamy,et al.  SafeBricks: Shielding Network Functions in the Cloud , 2018, NSDI.

[3]  Xiaopei Wu,et al.  Edge computing enabled smart firefighting: opportunities and challenges , 2017, HotWeb.

[4]  Ali Ghodsi,et al.  Drizzle: Fast and Adaptable Stream Processing at Scale , 2017, SOSP.

[5]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[6]  David M. Eyers,et al.  Glamdring: Automatic Application Partitioning for Intel SGX , 2017, USENIX ATC.

[7]  Babak Falsafi,et al.  The mondrian data engine , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[8]  Valerio Schiavoni,et al.  SecureStreams: A Reactive Middleware Framework for Secure Data Stream Processing , 2017, DEBS.

[9]  Wenyuan Xu,et al.  WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[10]  Trent Jaeger,et al.  TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone , 2017, MobiSys.

[11]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[12]  Ranveer Chandra,et al.  FarmBeats: An IoT Platform for Data-Driven Agriculture , 2017, NSDI.

[13]  Dongsu Han,et al.  Enhancing Security and Privacy of Tor's Ecosystem by Using Trusted Execution Environments , 2017, NSDI.

[14]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[15]  Shin-Yeh Tsai StreamBox : Modern Stream Processing on a Multicore Machine , 2017 .

[16]  Hongyu Miao,et al.  StreamBox: Modern Stream Processing on a Multicore Machine , 2017, USENIX Annual Technical Conference.

[17]  Internet of Things: A Data-Driven Future for Manufacturing , 2017 .

[18]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[19]  Christof Fetzer,et al.  SecureKeeper: Confidential ZooKeeper using Intel SGX , 2016, Middleware.

[20]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[21]  Patrick Th. Eugster,et al.  STYX: Stream Processing with Trustworthy Cloud-based Execution , 2016, SoCC.

[22]  Ada Gavrilovska,et al.  Fast, Scalable and Secure Onloading of Edge Functions Using AirBox , 2016, 2016 IEEE/ACM Symposium on Edge Computing (SEC).

[23]  Schahram Dustdar,et al.  A Middleware Infrastructure for Utility-Based Provisioning of IoT Cloud Systems , 2016, 2016 IEEE/ACM Symposium on Edge Computing (SEC).

[24]  Vladimir Vlassov,et al.  SpanEdge: Towards Unifying Stream Processing over Central and Near-the-Edge Data Centers , 2016, 2016 IEEE/ACM Symposium on Edge Computing (SEC).

[25]  Liviu Iftode,et al.  Regulating ARM TrustZone Devices in Restricted Spaces , 2016, MobiSys.

[26]  Alexander L. Wolf,et al.  SABER: Window-Based Hybrid Stream Processing for Heterogeneous Architectures , 2016, SIGMOD Conference.

[27]  Weisong Shi,et al.  Edge Computing: Vision and Challenges , 2016, IEEE Internet of Things Journal.

[28]  Ahmad-Reza Sadeghi,et al.  C-FLAT: Control-Flow Attestation for Embedded Systems Software , 2016, CCS.

[29]  Ning Zhang,et al.  CaSE: Cache-Assisted Secure Execution on ARM Processors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[30]  Tulika Mitra,et al.  Automated Partitioning of Android Applications for Trusted Execution Environments , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[31]  Wei Lin,et al.  StreamScope: Continuous Reliable Distributed Processing of Big Data Streams , 2016, NSDI.

[32]  David E. Culler,et al.  BTrDB: Optimizing Storage System Design for Timeseries Processing , 2016, FAST.

[33]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[34]  Feifan Chen,et al.  Cross-platform data integrity and confidentiality with graduated access control , 2016 .

[35]  Xiangyu Zhang,et al.  ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting , 2016, NDSS.

[36]  David E. Culler,et al.  DISTIL: Design and implementation of a scalable synchrophasor data processing system , 2015, 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[37]  Craig Chambers,et al.  The Dataflow Model: A Practical Approach to Balancing Correctness, Latency, and Cost in Massive-Scale, Unbounded, Out-of-Order Data Processing , 2015, Proc. VLDB Endow..

[38]  Holger Ziekow,et al.  The DEBS 2015 grand challenge , 2015, DEBS.

[39]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[40]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[41]  Zhuo Chen,et al.  Edge Analytics in the Internet of Things , 2015, IEEE Pervasive Computing.

[42]  Alec Wolman,et al.  Protecting Data on Smartphones and Tablets from Memory Attacks , 2015, ASPLOS.

[43]  Lu Fang,et al.  FACADE: A Compiler and Runtime for (Almost) Object-Bounded Big Data Applications , 2015, ASPLOS.

[44]  John C. Platt,et al.  Trill: A High-Performance Incremental Query Processor for Diverse Analytics , 2014, Proceedings of the VLDB Endowment.

[45]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[46]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[47]  Mahadev Satyanarayanan,et al.  Towards wearable cognitive assistance , 2014, MobiSys.

[48]  Holger Ziekow,et al.  The DEBS 2014 grand challenge , 2014, DEBS '14.

[49]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[50]  Scott Shenker,et al.  Discretized streams: fault-tolerant streaming computation at scale , 2013, SOSP.

[51]  M. Abadi,et al.  Naiad: a timely dataflow system , 2013, SOSP.

[52]  Gustavo Alonso,et al.  Multi-Core, Main-Memory Joins: Sort vs. Hash Revisited , 2013, Proc. VLDB Endow..

[53]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[54]  Yuanyuan Zhou,et al.  Bug characteristics in open source software , 2013, Empirical Software Engineering.

[55]  Vitaly Shmatikov,et al.  A Scanner Darkly: Protecting User Privacy from Perceptual Applications , 2013, 2013 IEEE Symposium on Security and Privacy.

[56]  Zhengping Qian,et al.  TimeStream: reliable stream computation in the cloud , 2013, EuroSys '13.

[57]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[58]  Nesime Tatbul,et al.  Ariadne: managing fine-grained provenance on data streams , 2013, DEBS '13.

[59]  A. Shipley SECURITY IN THE INTERNET OF THINGS Lessons from the Past for the Connected Future , 2013 .

[60]  Alec Wolman,et al.  Software abstractions for trusted sensors , 2012, MobiSys '12.

[61]  Alfons Kemper,et al.  Massively Parallel Sort-Merge Joins in Main Memory Multi-Core Database Systems , 2012, Proc. VLDB Endow..

[62]  Landon P. Cox,et al.  YouProve: authenticity and fidelity in mobile sensing , 2011, SenSys.

[63]  Xiao Ma,et al.  An empirical study on configuration errors in commercial and open source systems , 2011, SOSP.

[64]  Xi Wang,et al.  Linux kernel vulnerabilities: state-of-the-art defenses and open problems , 2011, APSys.

[65]  Sen Hu,et al.  Efficient system-enforced deterministic parallelism , 2010, OSDI.

[66]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[67]  Alec Wolman,et al.  I am a sensor, and I approve this message , 2010, HotMobile '10.

[68]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[69]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[70]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[71]  Sorin Lerner,et al.  RELAY: static race detection on millions of lines of code , 2007, ESEC-FSE '07.

[72]  Zinaida Benenson,et al.  Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks , 2006, SPC.

[73]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[74]  Michael Stonebraker,et al.  C-Store: A Column-oriented DBMS , 2005, VLDB.

[75]  David Maier,et al.  Semantics of Data Streams and Operators , 2005, ICDT.

[76]  Jennifer Widom,et al.  The CQL continuous query language: semantic foundations and query execution , 2006, The VLDB Journal.

[77]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[78]  Frederick Reiss,et al.  TelegraphCQ: continuous dataflow processing , 2003, SIGMOD '03.

[79]  Theodore Johnson,et al.  Gigascope: a stream database for network applications , 2003, SIGMOD '03.

[80]  William Thies,et al.  StreamIt: A Language for Streaming Applications , 2002, CC.

[81]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[82]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.