Personal Database Security and Trusted Execution Environments:
A Tutorial at the Crossroads
Nicolas Anciaux, Luc Bouganim, Philippe Pucheral, Iulian Sandu Popa, Guillaume Scerri
PETRUS team, INRIA Saclay Île de France & University of Versailles (David Lab)
Time: Aug 29, 2017, Thursday, 4:00 PM — 5:30 PM
Location: Room Sacramento / San Francisco
ABSTRACT
Smart disclosure initiatives and new regulations such as GDPR in the EU increase the interest for Personal Data Management Systems (PDMS) being provided to individuals to preserve their entire digital life. Consequently, the thorny issue of data security becomes more and more prominent, but highly differs from traditional privacy issues in outsourced corporate databases. Concurrently, the emergence of Trusted Execution Environments (TEE) changes the game in privacy-preserving data management with novel security models. This tutorial offers a global perspective of the current state of work at the confluence of these two rapidly growing areas. The goal is threefold: (1) review and categorize PDMS solutions and identify existing privacy threats and countermeasures; (2) review new security models capitalizing on TEEs and related privacy-preserving data management solutions relevant to the personal context; (3) discuss new challenges at the intersection of PDMS security and TEE-based data management.
Slides
We provide the preliminary versions of slides here. Separated slides for each part can be found in the following sections. The final version will be updated after the tutorial.
Introduction
Pertinent references
- S. Abiteboul, and A. Marian. Personal information management systems. EDBT Tutorial, 2015.
- T. Allard, N. Anciaux, L. Bouganim, Y. Guo, L. L. Folgoc, B. Nguyen, P. Pucheral, I. Ray, and S. Yin. Secure personal data servers: a vision paper. PVLDB, 3(1), 25-35, 2010.
- N. Anciaux, P. Bonnet, L. Bouganim, B. Nguyen, I. S. Popa, and P. Pucheral. Trusted cells: A sea change for personal data services. CIDR, 2013.
- N. Anciaux, P. Bonnet, L. Bouganim, B. Nguyen, P. Pucheral, I. S. Popa, and G. Scerri. Personal data management systems: The security and functionality standpoint. Inf. Syst., 80:13–35, 2019.
- A. Arasu, K. Eguro, R. Kaushik, and R. Ramamurthy. Querying encrypted data. In SIGMOD Conference, 1259–1261, 2014.
- S. Bajaj and R. Sion. TrustedDB: A trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng., 26(3):752–765, 2014.
- Y.-A. de Montjoye, E. Shmueli, S. S. Wang, and A. S. Pentland. OpenPDS: Protecting the privacy of metadata through safeanswers. PloS one, 9(7):1–9, 2014.
- T. T. A. Dinh, P. Saxena, E. Chang, B. C. Ooi, and C. Zhang. M2R: enabling stronger privacy in mapreduce computation. In USENIX Security Symp., 447–462, 2015.
- European Parliament. General Data Protection Regulation. Law. (27 April 2016).
- B. Fuhry, R. Bahmani, F. Brasser, F. Hahn, F. Kerschbaum, and A. Sadeghi. Hardidx: Practical and secure index with SGX in a malicious environment. Journal of Computer Security, 26(5):677–706, 2018.
- H. Haddadi, H. Howard, A. Chaudhry, J. Crowcroft, A. Madhavapeddy, and R. Mortier. Personal data: thinking inside the box. Aarhus conf. on critical alternatives, 2015.
- R. Mortier, H. Haddadi, T. Henderson, D. McAuley, and J. Crowcroft. Human-data interaction: The human face of the data-driven society. CoRR, abs/1412.6159, 2014.
- C. Priebe, K. Vaswani, and M. Costa. EnclaveDB: A secure database using SGX. In S&P, 264–278, 2018.
- F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: trustworthy data analytics in the cloud using SGX. In S&P, 38–54, 2015.
- F. Tramèr, F. Zhang, H. Lin, J. Hubaux, A. Juels, and E. Shi. Sealed-glass proofs: Using transparent enclaves to prove and sell knowledge. In EuroS&P, 19–34, 2017.
- J. R. Zhao, R. Mortier, J. Crowcroft, and L. Wang. Privacy-preserving machine learning based data analytics on edge devices. In AIES, 341–346,2018.
- Cozy Cloud. Your digital home. https://cozy.io/en
- Inrupt.com. https://tinyurl.com/TBL-inrupt.
- Mydex. https://mydex.org
- Digi.me Private Sharing. https://digi.me/
- Meeco.me. https://meeco.me
- Bitsabout.me. https://bitsabout.me
- Perkeeporg. https://perkeep.org
- CloudLocker. www.cloudlocker.eu
- My Cloud Home. https://mycloud.com
- The MesInfos project. mesinfos.fing.org/english
- Blue Button. Find Your Health Data. www.healthit.gov/topic/health-it-initiatives/blue-button
- Midata. The midata project. https://www.midata.coop
Part I. Personal Data Management Systems
[Part1]
Pertinent references
- S. Abiteboul, and A. Marian. Personal information management systems. EDBT Tutorial, 2015.
- T. Allard, N. Anciaux, L. Bouganim, Y. Guo, L. L. Folgoc, B. Nguyen, P. Pucheral, I. Ray, and S. Yin. Secure personal data servers: a vision paper. PVLDB, 3(1), 25-35, 2010.
- N. Anciaux, P. Bonnet, L. Bouganim, B. Nguyen, I. S. Popa, and P. Pucheral. Trusted cells: A sea change for personal data services. CIDR, 2013.
- A. P. K. Dalskov and C. Orlandi. Can you trust your encrypted cloud? An assessment of spideroakone’s security. In AsiaCCS, 343–355, 2018.
- Y.-A. de Montjoye, E. Shmueli, S. S. Wang, and A. S. Pentland. OpenPDS: Protecting the privacy of metadata through safeanswers. PloS one, 9(7):1–9, 2014.
- H. Haddadi, H. Howard, A. Chaudhry, J. Crowcroft, A. Madhavapeddy, and R. Mortier. Personal data: thinking inside the box. Aarhus conf. on critical alternatives, 2015.
- D. Koll, D. Lechler, and X. Fu. Socialgate: Managing large-scale social data on home gateways. In ICNP, 1–6, 2017.
- S. Lallali, N. Anciaux, I. S. Popa, and P. Pucheral. Supporting secure keyword search in the personal cloud. Inf. Syst., 72:1–26, 2017.
- R. Mortier, H. Haddadi, T. Henderson, D. McAuley, and J. Crowcroft. Human-data interaction: The human face of the data-driven society. CoRR, abs/1412.6159, 2014.
- C. Priebe, K. Vaswani, and M. Costa. EnclaveDB: A secure database using SGX. In S&P, 264–278, 2018.
- D. H. T. That, I. S. Popa, K. Zeitouni, and C. Borcea. PAMPAS: privacy-aware mobile participatory sensing using secure probes. In SSDBM, 4:1–4:12, 2016.
- Q. To, B. Nguyen, and P. Pucheral. Private and scalable execution of SQL aggregates on a secure decentralized architecture. ACM TODS., 41(3):16:1–16:43, 2016.
- J. R. Zhao, R. Mortier, J. Crowcroft, and L. Wang. Privacy-preserving machine learning based data analytics on edge devices. In AIES, 341–346,2018.
- Cozy Cloud. Your digital home. https://cozy.io/en
- Inrupt.com. https://tinyurl.com/TBL-inrupt.
- Mydex. https://mydex.org
- Digi.me Private Sharing. https://digi.me/
- Meeco.me. https://meeco.me
- Bitsabout.me. https://bitsabout.me
- Perkeeporg. https://perkeep.org
- CloudLocker. www.cloudlocker.eu
- My Cloud Home. https://mycloud.com
Part II. TEE-based Data Management
[Part2]
Pertinent references
- A. Arasu, K. Eguro, M. Joglekar, R. Kaushik, D. Kossmann, and R. Ramamurthy. Transaction processing on confidential data using cipherbase. In ICDE, 435–446, 2015.
- A. Arasu, K. Eguro, R. Kaushik, and R. Ramamurthy. Querying encrypted data. In SIGMOD Conference, 1259–1261, 2014.
- S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O’Keeffe, M. Stillwell, D. Goltzsche, D. M. Eyers, R. Kapitza, P. R. Pietzuch, and C. Fetzer. SCONE: secure linux containers with intel SGX. In OSDI, 689–703, 2016.
- S. Bajaj and R. Sion. TrustedDB: A trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng., 26(3):752–765, 2014.
- T. T. A. Dinh, P. Saxena, E. Chang, B. C. Ooi, and C. Zhang. M2R: enabling stronger privacy in mapreduce computation. In USENIX Security Symp., 447–462, 2015.
- S. Eskandarian and M. Zaharia. An oblivious general-purpose SQL database for the cloud. CoRR, abs/1710.00458, 2017.
- B. Fuhry, R. Bahmani, F. Brasser, F. Hahn, F. Kerschbaum, and A. Sadeghi. Hardidx: Practical and secure index with SGX in a malicious environment. Journal of Computer Security, 26(5):677–706, 2018.
- T. Hunt, Z. Zhu, Y. Xu, S. Peter, and E. Witchel. Ryoan: A distributed sandbox for untrusted computation on secret data. ACM Trans. Comput. Syst., 35(4):13:1–13:32, 2018.
- P. Mishra, R. Poddar, J. Chen, A. Chiesa, and R. A. Popa. Oblix: An efficient oblivious search index. In S&P, 279–296, 2018.
- O. Ohrimenko, F. Schuster, C. Fournet, A. Mehta, S. Nowozin, K. Vaswani, and M. Costa. Oblivious multi-party machine learning on trusted processors. In USENIX Security Symposium, 619–636, 2016.
- R. Pires, D. Gavril, P. Felber, E. Onica, and M. Pasin. A lightweight mapreduce framework for secure processing with SGX. In CCGrid, 1100–1107, 2017.
- C. Priebe, K. Vaswani, and M. Costa. EnclaveDB: A secure database using SGX. In S&P, 264–278, 2018.
- F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: trustworthy data analytics in the cloud using SGX. In S&P, 38–54, 2015.
- M. Shih, S. Lee, T. Kim, and M. Peinado. T-SGX: eradicating controlled-channel attacks against enclave programs. In NDSS, 2017.
- Y. Tang, J. Chen, K. Li, J. Xu, and Q. Zhang. Authenticated key-value stores with hardware enclaves. CoRR, abs/1904.12068, 2019.
- W. Wang, G. Chen, X. Pan, Y. Zhang, X. Wang, V. Bindschaedler, H. Tang, and C. A. Gunter. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In CCS, 2421–2434, 2017.
Part III. Reference Architecture and Challenges
[Part3]
Pertinent references
- N. Anciaux, P. Bonnet, L. Bouganim, B. Nguyen, I. S. Popa, and P. Pucheral. Trusted cells: A sea change for personal data services. CIDR, 2013.
- N. Anciaux, P. Bonnet, L. Bouganim, B. Nguyen, P. Pucheral, I. S. Popa, and G. Scerri. Personal data management systems: The security and functionality standpoint. Inf. Syst., 80:13–35, 2019.
- E. Birrell, A. T. Gjerdrum, R. van Renesse, H. D. Johansen, D. Johansen, and F. B. Schneider. SGX enforcement of use-based privacy. In WPES@CCS, 155–167, 2018.
- R. Ladjel, N. Anciaux, P. Pucheral and G. Scerri. Trustworthy Distributed Computations on Personal Data Using Trusted Execution Environments. TrustCom, 2019.
- R. Ladjel, N. Anciaux, P. Pucheral and G. Scerri. A manifest-based framework for organizing the management of personal data at the edge of the network. ISD, 2019.
- J. Loudet, I. S. Popa, and L. Bouganim. SEP2P: secure and efficient P2P personal data processing. In EDBT, 145–156, 2019.
- D. H. T. That, I. S. Popa, K. Zeitouni, and C. Borcea. PAMPAS: privacy-aware mobile participatory sensing using secure probes. In SSDBM, 4:1–4:12, 2016.
- P. Tran-Van, N. Anciaux, and P. Pucheral. SWYSWYK: A privacy-by-design paradigm for personal information management systems. ISD, 2017.
Authors short bio
All presenters are members of PETRUS (Personal and Trusted Cloud) group at Inria and UVSQ. PETRUS conducts research on secure personal cloud architectures, privacy preserving administration models and enforcement, global distributed processing and economic, legal and societal issues of the personal cloud. PETRUS has recently launched an Inria Innovation Lab named OwnCare, which aims at building a TEE-based secure medical-social personal cloud facilitating the coordination of home care for elderly people. This secure personal cloud is being deployed over 10.000 patients in the Yvelines district in France.
Nicolas Anciaux is a research director at Inria Saclay-Ile de France and heads the PETRUS team. His main research interest is in secure database processing using trusted hardware, data sharing models and large-scale distributed processing on personal data.
Luc Bouganim is a research director at Inria Saclay-Ile de France and technical coordinator of the OwnCare Inria Innovation Lab. His research interests are on secure (personal) data management using TEEs, decentralized query execution and modern storage.
Philippe Pucheral is full Professor at UVSQ and head of the OwnCare Inria Innovation Lab. His main research interest is on data management embedded in secure hardware and TEE-based decentralized querying protocols.
Iulian Sandu Popa is an Associate Professor at UVSQ. His research interests include secure distributed data management, spatiotemporal databases and mobile data management.

Guillaume Scerri is an Associate Professor at UVSQ. His research interests include provable security of systems based on TEEs and distributed cryptographic protocols.






