Related papers: TEE-based Key-Value Stores: a Survey

TEE-based Key-Value Stores: a Survey

URL: http://arxiv.org/abs/2501.03118v1
Date: Mon, 06 Jan 2025 16:26:44 GMT
Title: TEE-based Key-Value Stores: a Survey
Authors: Aghiles Ait Messaoud, Sonia Ben Mokhtar, Anthony Simonet-Boulogne,
Abstract summary: Key-Value Stores (KVSs) store data as key-value pairs and have gained popularity due to their simplicity, scalability, and fast retrieval capabilities.<n> storing sensitive data in KVSs requires strong security properties to prevent data leakage and unauthorized tampering.<n>This paper examines the state of the art in TEE-based confidential KVSs and highlights common design strategies used in KVSs to leverage TEE security features.
Score: 1.1060425537315088
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Key-Value Stores (KVSs) are No-SQL databases that store data as key-value pairs and have gained popularity due to their simplicity, scalability, and fast retrieval capabilities. However, storing sensitive data in KVSs requires strong security properties to prevent data leakage and unauthorized tampering. While software (SW)-based encryption techniques are commonly used to maintain data confidentiality and integrity, they suffer from several drawbacks. They strongly assume trust in the hosting system stack and do not secure data during processing unless using performance-heavy techniques (e.g., homomorphic encryption). Alternatively, Trusted Execution Environments (TEEs) provide a solution that enforces the confidentiality and integrity of code and data at the CPU level, allowing users to build trusted applications in an untrusted environment. They also secure data in use by providing an encapsulated processing environment called enclave. Nevertheless, TEEs come with their own set of drawbacks, including performance issues due to memory size limitations and CPU context switching. This paper examines the state of the art in TEE-based confidential KVSs and highlights common design strategies used in KVSs to leverage TEE security features while overcoming their inherent limitations. This work aims to provide a comprehensive understanding of the use of TEEs in KVSs and to identify research directions for future work.

Related papers

PWC-MoE: Privacy-Aware Wireless Collaborative Mixture of Experts [59.5243730853157]
Large language models (LLMs) hosted on cloud servers alleviate the computational and storage burdens on local devices but raise privacy concerns.<n>Small language models (SLMs) running locally enhance privacy but suffer from limited performance on complex tasks.<n>We propose a privacy-aware wireless collaborative mixture of experts (PWC-MoE) framework to balance computational cost, performance, and privacy protection under bandwidth constraints.
arXiv Detail & Related papers (2025-05-13T16:27:07Z)
Building a Privacy Web with SPIDEr -- Secure Pipeline for Information De-Identification with End-to-End Encryption [3.8909411486426033]
SPIDEr is an end-to-end encrypted data de-identification pipeline.<n>It supports suppression, pseudonymisation, generalisation, and aggregation.<n>We present our design of the control flows for end-to-end secure execution of de-identification operations within a TEE.
arXiv Detail & Related papers (2024-12-12T12:24:12Z)
TRUST: A Toolkit for TEE-Assisted Secure Outsourced Computation over Integers [30.72930396939045]
We propose a toolkit for TEE-assisted (Trusted Execution Environment) SOC over integers, named TRUST.<n>In terms of system architecture, TRUST falls in a single TEE-equipped cloud server only through seamlessly integrating the computation of REE (Rich Execution Environment) and TEE.<n>We present textttSEAT, secure data trading based on TRUST.
arXiv Detail & Related papers (2024-12-02T03:19:29Z)
HOPE: Homomorphic Order-Preserving Encryption for Outsourced Databases -- A Stateless Approach [1.1701842638497677]
Homomorphic OPE (HOPE) is a new OPE scheme that eliminates client-side storage and avoids additional client-server interaction during query execution. We provide a formal cryptographic analysis of HOPE, proving its security under the widely accepted IND-OCPA model.
arXiv Detail & Related papers (2024-11-26T00:38:46Z)
Enc2DB: A Hybrid and Adaptive Encrypted Query Processing Framework [47.11111145443189]
We introduce Enc2DB, a novel secure database system following a hybrid strategy on and openGauss. We present a micro-benchmarking test and self-adaptive mode switch strategy that can choose the best execution path (cryptography or TEE) to answer a given query. We also design and implement a ciphertext index compatible with native cost model and querys to accelerate query processing.
arXiv Detail & Related papers (2024-04-10T08:11:12Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
Blockchain-based Zero Trust on the Edge [5.323279718522213]
This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security. The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities. We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
arXiv Detail & Related papers (2023-11-28T12:43:21Z)
Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z)
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
Reinforcement Learning on Encrypted Data [58.39270571778521]
We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces. Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
arXiv Detail & Related papers (2021-09-16T21:59:37Z)
BeeTrace: A Unified Platform for Secure Contact Tracing that Breaks Data Silos [73.84437456144994]
Contact tracing is an important method to control the spread of an infectious disease such as COVID-19. Current solutions do not utilize the huge volume of data stored in business databases and individual digital devices. We propose BeeTrace, a unified platform that breaks data silos and deploys state-of-the-art cryptographic protocols to guarantee privacy goals.
arXiv Detail & Related papers (2020-07-05T10:33:45Z)

This list is automatically generated from the titles and abstracts of the papers in this site.