CAVALCANTE, L. M.; http://lattes.cnpq.br/4211405584627209; CAVALCANTE, Lucas Medeiros.
Resumo:
Modern computing is moving to the cloud as it is the best environment to meet the needs of the
data-heavy lifestyle that emerged after the creation of social networking services and more recently
the overwhelming increase in the number of personal computers in the form of smartphones. As
a consequence, there is an ever-growing concern about data security in the cloud, especially when
dealing with public providers. However, most leaks that happen in cloud storage are due to human
error when conliguring access or handling keys. Security is also at risk when data analysis tools are
so commonly used to infer trends regarding individuals.
The information security research community is very active and approaches, using cryptography,
anonyrnization techniques and even differential privacy have been used together with Trusted Exe-
cution Environments (TEE). This novel hardware solution is responsible for bringing trust to cloud
environments, promising guarantees of data and code integrity and confidentiality even in strict threat
models. However, such solutions developed to specific scenarios are not always ideal and to achieve
confidentiality and privacy, for example, one would need to chain multiple solutions, accumulating
more overhead. Moreover, these solutions fail to be usable with the most common tools and appli-
cations used by end-users. In this work, we propose an architecture for a secure, transparent proxy,
able to run many custom pipelines, thus benefiting from the algorithms developed by the research
community in a single solution. In the context of this research, we use SCONE in addition to Intel
SGX, which simplifies building coníidential applications.
We evaluate our solution against well-known front-end applications such as the publish/subscribe
system Apache Kafka and the Business Intelligence tool Metabase connected to two of the most used
storage solutions running in Cloud environments, the NoSQL database MongoDB and the Amazon
S3 compatible object storage solution MinIO.