Many systems run rich data analytics on sensitive data in the cloud, but are prone to data breaches. A recent hardware enclave architecture promises data confidentiality and secure execution of arbitrary computations, yet still suffers from leakage due to memory and network accesses patterns.
We propose Opaque, a distributed data analytics platform supporting a wide range of queries while protecting the data. Even a compromised operating system sees only encrypted data and Opaque also protects against leakage from memory and network accesses outside of the enclave (a property called obliviousness). To accomplish this goal, Opaque introduces new distributed oblivious relational operators that hide access patterns, and new query planning techniques to optimize these new operators. Opaque is implemented on Spark SQL with few changes to the underlying system. Opaque provides data encryption, authentication and computation verification with a performance ranging from 52% faster to 3.3x slower than vanilla Spark SQL; obliviousness comes with a 1.6–46x overhead. At the same time, Opaque provides an improvement of three orders of magnitude over state-of-the-art oblivious protocols.
Joint work with W. Zheng, A. Dave, J. G. Beekman, J. E. Gonzalez, and I. Stoica
Raluca Ada Popa is an assistant professor of computer science at UC Berkeley working in computer security, systems, and applied cryptography. She is a co-director of the RISELab at UC Berkeley, as well as a co-founder and CTO of a cybersecurity startup called PreVeil. Raluca developed practical systems that protect data confidentiality by computing over encrypted data (such as CryptDB and Mylar), as well as designed new encryption schemes that underlie these systems. Raluca has received her PhD in computer science as well as her Masters and two BS degrees, in computer science and in mathematics, from MIT. She is the recipient of an Intel Early Career Faculty Honor award, George M. Sprowls Award for best MIT CS doctoral thesis, a Google PhD Fellowship, a Johnson award for best CS Masters of Engineering thesis from MIT, and a CRA Outstanding undergraduate award from the ACM.
Joint event with the Stanford Platform Lab.