Treffer: Encloak: protecting sensitive data in remote computing using trusted execution environments.

Offloading computing jobs to untrusted clouds poses significant risks to sensitive data processed in those jobs. We present EnCloak, a Trusted Execution Environment (TEE)–based framework that protects the confidentiality and integrity of sensitive data in Java programs executed in untrusted clouds. EnCloak automatically identifies sensitive statements in the program, transforms them into Enclave Instructions (EIs) for safe execution inside a secure enclave named Cloak Enclave, which supports secure execution of EIs and protects sensitive variables and their intermediate states. We implemented a prototype system based on the design of EnCloak and evaluated its feasibility and performance on both CPU-intensive and big-data computing jobs. Our results showed that EnCloak provides end-to-end sensitive data protection while reducing the Trust Computing Base by 360 , compared with existing works. Additionally, the design of EnCloak, including the sensitive statements transformation, EI design, and the EI runtime design, are language-agnostic and TEE-agnostic, making it transferable to applications implemented in other programming languages and executed on other TEE environments. [ABSTRACT FROM AUTHOR]

Copyright of Cluster Computing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)