Secure Content Based Routing and further directions on Intel SGX (Secure Guard Extensions)
Rafael Pires (Université de Neuchâtel)
Content-based routing (CBR) is a powerful model that supports scalable asynchronous communication among large sets of geographically distributed nodes. In order to efficiently perform its matching step, a CBR router must see the content of the messages sent by data producers, as well as the filters (or subscriptions) registered by data consumers, which represents a threat to privacy. In this work, we implement a CBR engine that takes advantage of trusted hardware extensions that have just been introduced in off-the-shelf processors, namely Intel software guard extensions (SGX). Thanks to it, the compute-intensive CBR operations can operate on decrypted data shielded by secure enclaves and leverage efficient matching algorithms. Our experimental evaluation shows that SGX adds only limited overhead to insecure plaintext matching outside secure enclaves while providing much better performance and more powerful filtering capabilities than alternative software-only solutions. An overview of Intel's software development kit for SGX, as well as some current and future work to suit our system for processing large amounts of data will also be discussed.
Rafael Pires is a Computer Science PhD student at University of Neuchâtel, Switzerland. He holds a Master degree in Computer Science (2009) from Federal University of Santa Catarina, Brazil. During his Masters, he worked with routing algorithms for Wireless Sensor Networks and spent a term at Fachhochschule Kiel, Germany, as exchange student. Before the PhD, he worked in industry with distributed systems, embedded systems and industrial automation. Currently, his interests lie in communication, dependability and processing in distributed systems.
Back to EBSIS Events section.