Building Secure and Trustworthy Stream Analytics Systems Using Trusted Execution Environment

Abstract

The exponential growth in data generated by interconnected IoT devices has accelerated the adoption of cloud platforms for near-real-time analytics in various applications, such as smart grids and healthcare. However, cloud centralization presents both security and latency challenges. While edge computing and cryptographic solutions like homomorphic encryption offer partial remedies, they either fail to adequately protect code or incur substantial computational overhead. A promising alternative lies in leveraging a Trusted Execution Environment (TEE), such as Intel SGX, which creates an isolated and secure region in the memory, called enclaves, to protect the confidentiality and integrity of both code and data. Nonetheless, SGX has several limitations, including limited memory size and is vulnerable to information leakage through side-channel attacks. This thesis advances secure and efficient data analytics on hybrid cloud-edge platforms through the integration of Trusted Execution Environments (TEEs), specifically Intel SGX, with cryptographic protocols. It comprises three interrelated studies that collectively enhance data integrity, privacy, and operational efficiency in real-time analytics. The first study introduces a framework that minimises data transmission to the cloud by processing initial data clustering at the edge, significantly reducing latency and enhancing data security. The second study develops a secure stream processing framework within SGX that efficiently handles large data streams, priorities tasks, and minimises query latency, thus enhancing both security and operational efficiency. The third study addresses the mitigation of side-channel attacks in time-series data processing, introducing a novel approach that decouples data operations to improve security and system performance. Each component of this research contributes to building robust, scalable, and secure real-time data analytics solutions, ensuring comprehensive data protection and operational efficiency across various sectors.