opaque: an oblivious and encrypted distributed analytics ...platformlab.stanford.edu/seminar...

Opaque: An Oblivious and Encrypted Distributed Analytics Platform

Raluca Ada Popa

Joint work with: Wenting Zheng, Ankur Dave, Jethro Beekman, Joseph Gonzalez, and Ion Stoica

UC Berkeley

[NSDI’17]

Complex analytics run on sensitive data

client cloud provider

sensitive data

Complex analytics run on sensitive data

client

SparkSQL MLLib GraphX Spark

Streaming

cloud provider

sensitive data

Cloud attackers

client cloud provider

sensitive data

Attacker has full access to all cloud software

Threat model

How to protect data and computation

while preserving functionality?

How to protect data and computation

while preserving functionality?

relational algebra

Cryptographic approaches• Generic functionality: fully homomorphic encryption, ObliVM

[RAD’78,Gentry’09]


too slow[RAD’78,Gentry’09]


too slow[RAD’78,Gentry’09]

• Specialized solutions: CryptDB, Cipherbase, Monomi, [..], BlindSeer, [FJK+15], Arx


too slow

restricted functionality




too slow

restricted functionality


Alternative: hardware enclaves


Hardware enclaves 101

• Hardware-enforced isolated execution environment

Hardware enclaves

memoryon die

core cache

(Intel SGX)


Hardware enclaves

memoryon die

core cache MEE

(Intel SGX)


• Data decrypted only on the processor

Hardware enclaves

memoryon die

core cache MEE

(Intel SGX)


• Data decrypted only on the processor

Hardware enclaves

memoryon die

core cache MEE

• Protect against an attacker who has root access or compromised OS

(Intel SGX)

Remote attestation

Client Server

enclave

Enables verifying which code runs in the enclave and performing key exchange

Remote attestation

Client Server

enclave


Remote attestation

client code

Client Server

enclave


Remote attestation

client codehash

Client Server

enclave


Remote attestation

client code

hash

Client Server

enclave


Remote attestation

client code

hash

Client Server

enclave

untrusted OS

Assumption

memoryprocessor

Attacker is restricted to software attacks only, and does not exploit timing. Attacker controls the software stack.

machine

Assumption

memoryprocessor

Attacker is restricted to software attacks only, and does not exploit timing. Attacker controls the software stack.

machine

• for the implementation, attacker does not see accesses to a small memory region (due to T-SGX, page pinning, super pages, … )

Enclave-based systems• Systems supporting relational algebra: Haven,

Scone


Scone• not distributed• data access pattern leakage [XCP ’15, OCFGKS ’15]


Scone

• Distributed systems: VC3, M2R, Ohrimenko et al.’16: do not enable relational algebra and query planning

• not distributed• data access pattern leakage [XCP ’15, OCFGKS ’15]

Access patterns leakage

Access patternsmemory

processormachine 0


processoraddresses

machine 0


processoraddresses

machine 0

network messages machine 1

Example: network access pattern leakage


ID Name Age Disease

12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes98329 Ronald S. Ogden 53 Cancer32591 Donna R. Bridges 26 Diabetes


ID Name Age Disease

12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes98329 Ronald S. Ogden 53 Cancer32591 Donna R. Bridges 26 Diabetes

SELECT count(*) FROM medical GROUP BY disease


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Public information:Diabetes twice as commonas cancer


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Public information:Diabetes twice as commonas cancer

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

??? Diabetes

??? Diabetes

??? Cancer

??? Diabetes

??? Cancer

??? Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

??? Diabetes

??? Diabetes

??? Cancer

??? Diabetes

??? Cancer

??? Diabetes

??? Cancer


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Learns that Alice has cancer

Leakage from prior work

• Memory access patterns attacks [XCP15] extracted complete text documents and photo outlines

• Network access patterns [OCF+15] extracted age, gender, address of individuals

Goal: oblivious distributed analytics

Goal: oblivious distributed analytics

access patterns are independent of data content

Opaque*: oblivious and encrypted distributed analytics platform

* Oblivious Platform for Analytic QUEries

Spark SQLOpaque

SQL ML Graph Analytics

Security guarantees (informal)

Security guarantees (informal)• Data encryption and authentication


• Computation integrity: the client can check that the computation result was not affected by an attacker



• Obliviousness: The memory and network accesses of a query is the same for any two inputs with the same size characteristics (input/outputs)



• Obliviousness: The memory and network accesses of a query is the same for any two inputs with the same size characteristics (input/outputs)• When enabling padding, Opaque hides output

sizes as well

Achieving practical obliviousness is not easy

Achieving practical obliviousness is not easy

Obliviousness typically comes with high overheads

• For example, the state-of-the-art system, ObliVM, is six orders of magnitude slower than regular computation

Opaque components

Opaque components

Data encryption and authentication

Opaque components

Computation verification


Opaque components

Distributed oblivious operatorsOblivious

FilterOblivious

AggregationOblivious

Join



Opaque components


FilterOblivious


Join


Rule-based opt. Cost-based opt.


Oblivious query planning

Cost model

Query execution

Client Server

Database

Scheduler

1 2 3

Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler

1 2 3

Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler

1 2 3query = SELECT sum(*) FROM table

Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler

1 2 3

Query

query = SELECT sum(*) FROM table

Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler

1 2 3


Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


10 13 4

Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


10

13

4

Query execution

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


27

Problem: cloud can alter distributed computation


• Drop data


• Drop data

• Modify data


• Drop data

• Modify data

• Skip task


• Drop data

• Modify data

• Skip task

• Replay old state

Example: drop data

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


Example: drop data

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler

1 2 3


Example: drop data

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


10 13 4

Example: drop data

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


10

13

Example: drop data

Spark Driver

Opaque

Catalyst

Client Server

Database

Scheduler


23

Self-verifying computationInvariant: if computation does not abort, the execution completed so far is correct

Self-verifying computationInvariant: if computation does not abort, the execution completed so far is correct

If the computation is complete, then the entire query was executed correctly

Self-verifying computation

Task 13

Task 14

Task 15

Task 20


Self-verifying computation 20

1413 15Task 13

Task 14

Task 15

Task 20



1413 1510

13

4

Task 13

Task 14

Task 15

Task 20



1413 15

1013

4

Task 13

Task 14

Task 15

Task 20


Opaque components


FilterOblivious


Join





Cost model

Oblivious aggregation

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


1

2


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


1

2

There can be many partitions


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Oblivioussort

[CLRS, Leighton ‘85]

Map Sort



12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Oblivioussort


Map Sort


????

Map Sort

Oblivioussort


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease

Oblivioussort


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


The “Diabetes” group is split!

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes



How to aggregate obliviously and in parallel?

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes



How to aggregate obliviously and in parallel?It can span over many partitions

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Scan


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Scan

Statistics

Statistics


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

Scan Boundary processing

Statistics

Statistics


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


Statistics

Statistics

Partial agg.


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


Partial agg.


Cancer;Diabetes:1

Diabetes;Diabetes:3

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


Partial agg.


Diabetes:1


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes



DUMMY

Diabetes:1


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes



DUMMY

Diabetes:1


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


Scan


DUMMY

Diabetes:1


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


Scan


DUMMY

Diabetes:1

DUMMY

Cancer: 2

DUMMY


12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


Scan


DUMMY

Diabetes:1

DUMMY

Cancer: 2

DUMMY

DUMMY

DUMMY

Diabetes:4



12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes

12809 … Diabetes

29489 … Diabetes

13744 … Cancer

18740 … Diabetes

98329 … Cancer

32591 … Diabetes


Scan

DUMMY

Cancer: 2

DUMMY

DUMMY

DUMMY

Diabetes:4

Diabetes:1

DummyDUMMY

Diabetes:1



Diabetes

Diabetes

Cancer

Diabetes

Cancer

Diabetes

DUMMY

Cancer: 2

DUMMY

DUMMY

DUMMY

Diabetes:4



DUMMY

Cancer: 2

DUMMY

DUMMY

DUMMY

Diabetes:4



DUMMY

Cancer: 2

DUMMY

DUMMY

DUMMY

Diabetes:4

Sort

Oblivioussort




Cancer: 2

Diabetes:4

Sort

Oblivioussort




Cancer: 2

Diabetes:4

Sort

Oblivioussort


Final result



Cancer: 2

Diabetes:4

Sort

Oblivioussort


Final result


Aggregation hastwo sorts…


Cancer: 2

Diabetes:4

Sort

Oblivioussort


Final result


Aggregation hastwo sorts…

Can we do better?

Opaque components


FilterOblivious


Join





Cost model

Rule-based optimization


SELECT count(*) FROM medical WHERE age > 30 GROUP BY disease


SELECT count(*) FROM medical WHERE age > 30 GROUP BY disease

medical

Filter

Aggregation

Logical op.

Insight 1

Insight 1

1. Split each logical operator into smaller Opaque operators

Insight 1

1. Split each logical operator into smaller Opaque operators

2. Take a global view across the plan to remove some Opaque operators


medical

Filter

Aggregation

Logical op.

Rule-based optimizationOpaque op.

medical

Filter

Aggregation

Logical op.


medical

Opaque op.

medical

Filter

Aggregation

Logical op.


medical

Scan

Opaque op.

medical

Filter

Aggregation

Logical op.


medical

Scan

Opaque op.

medical

Filter

Aggregation

Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer

O-sort

Filter

Project


medical

Scan

Opaque op.

medical

Filter

Aggregation


O-sort

Filter

ProjectProject


medical

Scan

Opaque op.

medical

Filter

Aggregation


O-sort

Filter

ProjectProject


medical

Scan

Opaque op.

medical

Filter

Aggregation

Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes

00001

98329 Ronald S. Ogden 53 Cancer 0

O-sort

Filter

Project


medical

Scan

Opaque op.

medical

Filter

Aggregation


00001


O-sort

Filter

Project

O-sort


medical

Scan

Opaque op.

medical

Filter

Aggregation


00001


O-sort

Filter

Project

O-sort


medical

Scan

Opaque op.

medical

Filter

Aggregation

Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes

32591 Donna R. Bridges 26 Diabetes

0000


O-sort

Filter

Project


medical

Scan

Opaque op.

medical

Filter

Aggregation



0000


O-sort

Filter

Project

Filter


medical

Scan

Opaque op.

medical

Filter

Aggregation



0000


O-sort

Filter

Project

Filter


medical

Scan

Opaque op.

medical

Filter

Aggregation


0000


O-sort

Filter

Project


medical

Scan

Opaque op.

medical

Filter

Aggregation


0000


O-sort

Agg.

O-sort

O-sort

Filter

Project


medical

Scan

Opaque op.

medical

Filter

Aggregation


0000


O-sort

Agg.

O-sort

O-sort

Filter

Project

O-sort


medical

Scan

Opaque op.

medical

Filter

Aggregation


0000


O-sort

Agg.

O-sort

O-sort

Filter

Project

O-sort


medical

Scan

Opaque op.

medical

Filter

Aggregation

Logical op.

12809 Amanda D. Edwards 40 Diabetes

29489 Robert R. McGowan 56 Diabetes

13744 Kimberly R. Seay 51 Cancer

18740 Dennis G. Bates 32 Diabetes0

0

0

0


O-sort

Agg.

O-sort

O-sort

Filter

Project

O-sort


medical

Scan

Opaque op.

medical

Filter

Aggregation

Logical op.

12809 Amanda D. Edwards 40 Diabetes

29489 Robert R. McGowan 56 Diabetes

13744 Kimberly R. Seay 51 Cancer

18740 Dennis G. Bates 32 Diabetes0

0

0

0


Can we remove any sort?


medical

O-sort

Scan

Filter

O-sort

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.


medical

O-sort

Scan

Filter

O-sort

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

Sort on 0/1 column


medical

O-sort

Scan

Filter

O-sort

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

Sort on 0/1 column

Sort on Disease


medical

O-sort

Scan

Filter

O-sort

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

Sort on 0/1 column

Sort on Disease+


medical

O-sort

Scan

Filter

O-sort

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

Sort on 0/1 column

Sort on Disease+

=


medical

O-sort

Scan

Filter

O-sort

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

Sort on 0/1 column

Sort on Disease+

Sort on (0/1, Disease)

=


medical

O-sort

Scan

Filter

O-sort

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.


medical

O-sort

Scan

Filter

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

Scan


medical

Agg.

O-sort

Opaque op.

medical

Filter

Aggregation

Logical op.

O-sort

Filter

Project

Scan


medical

Scan

Agg.

O-sort

Opaque op.

medical

Filter

Aggregation

Logical op.

O-sort

Filter

Project

Scan


medical

Scan

Agg.

O-sort

Opaque op.

medical

Filter

Aggregation


O-sort

Filter

Project

Scan


medical

Agg.

O-sort

Opaque op.

medical

Filter

Aggregation


O-sort

Filter

Project

Scan


medical

Agg.

O-sort

Opaque op.

medical

Filter

Aggregation


O-sort

Filter

ProjectProject


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op. 12809 Amanda D. Edwards 40 Diabetes 029489 Robert R. McGowan 56 Diabetes 013744 Kimberly R. Seay 51 Cancer 018740 Dennis G. Bates 32 Diabetes 032591 Donna R. Bridges 26 Diabetes 198329 Ronald S. Ogden 53 Cancer 0

Project

Filter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op. 12809 Amanda D. Edwards 40 Diabetes 029489 Robert R. McGowan 56 Diabetes 013744 Kimberly R. Seay 51 Cancer 018740 Dennis G. Bates 32 Diabetes 032591 Donna R. Bridges 26 Diabetes 198329 Ronald S. Ogden 53 Cancer 0

Filter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

O-sort

12809 Amanda D. Edwards 40 Diabetes 029489 Robert R. McGowan 56 Diabetes 013744 Kimberly R. Seay 51 Cancer 018740 Dennis G. Bates 32 Diabetes 032591 Donna R. Bridges 26 Diabetes 198329 Ronald S. Ogden 53 Cancer 0

multi-column sort

Filter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.

O-sort

12809 Amanda D. Edwards 40 Diabetes 0

29489 Robert R. McGowan 56 Diabetes 0

13744 Kimberly R. Seay 51 Cancer 0

18740 Dennis G. Bates 32 Diabetes 0

32591 Donna R. Bridges 26 Diabetes 1


multi-column sort

Filter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.







multi-column sort

Filter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.







multi-column sort

FilterFilter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.






multi-column sort

FilterFilter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.






multi-column sort

Filter


medical

O-sort

Scan

Agg.

O-sort

Opaque op.

Project

medical

Filter

Aggregation

Logical op.






multi-column sort

Filter

Eliminated one oblivious sort!

Opaque components


FilterOblivious


Join





Cost model

Observation: not all tables are sensitive


P_ID

D_ID

Name

Age

Hospitalizedpatients

D_ID

Name

G_ID

Disease

M_ID

D_ID

Name

Cost

Medication


P_ID

D_ID

Name

Age


D_ID

Name

G_ID

Disease

M_ID

D_ID

Name

Cost

Medication

P_ID

D_ID

Name

Age



P_ID

D_ID

Name

Age


D_ID

Name

G_ID

Disease

M_ID

D_ID

Name

Cost

Medication

P_ID

D_ID

Name

Age


Opaque can operate in mixed sensitivity:sensitive tables are run with oblivious operators

⨝⨝⨝

A B C DC


⨝⨝⨝

A B C DC

⨝


⨝⨝⨝

A B C DC

⨝


Not oblivious!

⨝⨝⨝

A B C DC

⨝


⨝⨝⨝

A B C DC

⨝


Sensitivity propagation: propagate obliviousness from leaf to root

⨝⨝⨝

A B C D

⨝

C

⨝


Sensitivity propagation: propagate obliviousness from leaf to root

Insight 2

Sensitivity propagationintroduces a new dimension to

query optimization

Cost-based optimizationP_ID

D_ID

Name

Age


D_ID

Name

G_ID

Disease

M_ID

D_ID

Name

Cost

Medication

Find the least costly medication for each patient


D_ID

Name

Age


D_ID

Name

G_ID

Disease

M_ID

D_ID

Name

Cost

Medication


Assumption: |P| < |D| < |M|


D_ID

Name

Age


D_ID

Name

G_ID

Disease

M_ID

D_ID

Name

Cost

Medication

SELECT p_name, d_name, med_costFROM patient, disease, (SELECT d_id, min(cost) AS med_cost FROM medication GROUP BY d_id) AS medWHERE disease.d_id = patient.d_id AND disease.d_id = med.d_id




D_ID

Name

Age


D_ID

Name

G_ID

Disease

M_ID

D_ID

Name

Cost

Medication

SELECT p_name, d_name, med_costFROM patient, disease, (SELECT d_id, min(cost) AS med_cost FROM medication GROUP BY d_id) AS medWHERE disease.d_id = patient.d_id AND disease.d_id = med.d_id


3-way join


Cost-based optimization

Patient Disease Medication

⨝ 𝝪⨝

Patient

Disease

Medication

⨝

𝝪⨝

SQL optimizer with new cost:



⨝ 𝝪⨝

Patient

Disease

Medication

⨝

𝝪⨝

SQL optimizer with new cost:

More selective non-oblivious join



⨝ 𝝪⨝

Patient

Disease

Medication

⨝

𝝪⨝

SQL optimizer with new cost and sensitivity propagation:



⨝ 𝝪⨝

Patient

Disease

Medication

⨝

𝝪⨝

SQL optimizer with new cost and sensitivity propagation:

Fewer oblivious joins

Evaluation setup

Evaluation setup• Single machine experiments:

• Intel Xeon E3-1280 v5, 4 cores, 64 GB RAM

• Intel SGX: 128 MB of enclave page cache (EPC)

Evaluation setup• Single machine experiments:

• Intel Xeon E3-1280 v5, 4 cores, 64 GB RAM

• Intel SGX: 128 MB of enclave page cache (EPC)

• Distributed experiments

• A cluster of 5 SGX machines

Evaluation

Evaluation• How does Opaque compare to Spark SQL?


• Big Data Benchmark (BDB); 4 queries total


• Big Data Benchmark (BDB); 4 queries total• Queries 1, 2, 3: filter, aggregation, join


• Big Data Benchmark (BDB); 4 queries total• Queries 1, 2, 3: filter, aggregation, join• 1 million records



• How does Opaque compare to state-of-the-art oblivious systems?



• How does Opaque compare to state-of-the-art oblivious systems?• GraphSC (oblivious graph analytics)



• How does Opaque compare to state-of-the-art oblivious systems?• GraphSC (oblivious graph analytics)

• PageRank

Big Data Benchmark (distributed)


Data encryption, authentication, computation verification


Run

time

(s)

0.01

0.1

1

10

100

Query numberQuery 1 Query 2 Query 3

Spark SQLOpaque



Run

time

(s)

0.01

0.1

1

10

100


Spark SQLOpaque


Overhead: -0.47x to 2.3x


Run

time

(s)

0.01

0.1

1

10

100


Spark SQLOpaque



+ Obliviousness


Run

time

(s)

0.01

0.1

1

10

100


Spark SQLOpaque



Run

time

(s)

0.01

0.1

1

10

100


Spark SQLOpaque

+ Obliviousness


Run

time

(s)

0.01

0.1

1

10

100


Spark SQLOpaque



Run

time

(s)

0.01

0.1

1

10

100


Spark SQLOpaque

+ Obliviousness

Overhead: 21x to 45x

PageRank: comparison with GraphSC (single machine)

How does Opaque fit among practical encrypted databases*?

*single-cloud, relational DBs

Confidentiality is a beast


• Sharp tradeoff between performance and confidentiality. No practical encrypted database has perfect confidentiality.



fun



fun

• Non-ideal confidentiality is meaningful: it removes classes of attackers, and leaks much less data

Spectrum of contributions

plaintext

no leakage

property-preserving encryption

semantic security

hide access patterns

hide result sizes

timing, query, structure of input

all leaks


plaintext

no leakage


semantic security


hide result sizes


all leaks

better performance


plaintext

no leakage


semantic security


hide result sizes


all leaks CryptDBMonomi

Cipherbase

better performance


plaintext

no leakage


semantic security


hide result sizes



Cipherbase

Haven, SCONE, VC3,Arx, BlindSeer, [FJK+15]

better performance


plaintext

no leakage


semantic security


hide result sizes



Cipherbase

Haven, SCONE, VC3,Arx, BlindSeer, [FJK+15] Opaque

better performance


plaintext

no leakage


semantic security


hide result sizes



Cipherbase


Opaque+pad

Opaque

better performance


plaintext

no leakage


semantic security


hide result sizes


all leaks

Each of these systems protects against classes of attackers

CryptDBMonomi

Cipherbase


Opaque+pad

Opaque

better performance


plaintext

no leakage


semantic security


hide result sizes


all leaks

Each of these systems protects against classes of attackers

CryptDBMonomi

Cipherbase


Opaque+pad

Opaque

Opaque offers strong security guarantees

better performance

ConclusionOpaque is an oblivious and encrypted distributed analytics platform

Spark SQLOpaque

SQL ML Graph Analytics

Open source: github.com/ucbrise/opaque

http://github.com/ucbrise/opaque

opaque: an oblivious and encrypted distributed analytics ...platformlab.stanford.edu/seminar...

Documents