Biblio

Filters: Author is Xu, Yuanzhong  [Clear All Filters]
2019-03-11
Hunt, Tyler, Zhu, Zhiting, Xu, Yuanzhong, Peter, Simon, Witchel, Emmett.  2018.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. ACM Trans. Comput. Syst.. 35:13:1–13:32.
Users of modern data-processing services such as tax preparation or genomic screening are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret data while it is processed by services that the data owner does not trust. Accomplishing this goal in a distributed setting is difficult, because the user has no control over the service providers or the computational platform. Confining code to prevent it from leaking secrets is notoriously difficult, but Ryoan benefits from new hardware and a request-oriented data model. Ryoan provides a distributed sandbox, leveraging hardware enclaves (e.g., Intel’s software guard extensions (SGX) [40]) to protect sandbox instances from potentially malicious computing platforms. The protected sandbox instances confine untrusted data-processing modules to prevent leakage of the user’s input data. Ryoan is designed for a request-oriented data model, where confined modules only process input once and do not persist state about the input. We present the design and prototype implementation of Ryoan and evaluate it on a series of challenging problems including email filtering, health analysis, image processing and machine translation.
2017-11-13
Hunt, Tyler, Zhu, Zhiting, Xu, Yuanzhong, Peter, Simon, Witchel, Emmett.  2016.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation. :533–549.

Users of modern data-processing services such as tax preparation or genomic screening are forced to trust them with data that the users wish to keep secret. Ryoan protects secret data while it is processed by services that the data owner does not trust. Accomplishing this goal in a distributed setting is difficult because the user has no control over the service providers or the computational platform. Confining code to prevent it from leaking secrets is notoriously difficult, but Ryoan benefits from new hardware and a request-oriented data model. Ryoan provides a distributed sandbox, leveraging hardware enclaves (e.g., Intel's software guard extensions (SGX) [15]) to protect sandbox instances from potentially malicious computing platforms. The protected sandbox instances confine untrusted data-processing modules to prevent leakage of the user's input data. Ryoan is designed for a request-oriented data model, where confined modules only process input once and do not persist state about the input. We present the design and prototype implementation of Ryoan and evaluate it on a series of challenging problems including email filtering, heath analysis, image processing and machine translation.

2017-09-26
Kwon, Youngjin, Dunn, Alan M., Lee, Michael Z., Hofmann, Owen S., Xu, Yuanzhong, Witchel, Emmett.  2016.  Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services. Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems. :277–290.

Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of replacing them. By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents. We extensively evaluate Sego's performance on real workloads and implement a kernel fault injector to validate Sego's file system-agnostic crash consistency and recovery protocol.

2017-08-22
Kwon, Youngjin, Dunn, Alan M., Lee, Michael Z., Hofmann, Owen S., Xu, Yuanzhong, Witchel, Emmett.  2016.  Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services. Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems. :277–290.

Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of replacing them. By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents. We extensively evaluate Sego's performance on real workloads and implement a kernel fault injector to validate Sego's file system-agnostic crash consistency and recovery protocol.