Andrey Brito

Robert Krahn, Donald Dragoti, Franz Gregor et al.

Trusted Execution Environments (TEEs), such as Intel Software Guard eXtensions (SGX), are considered as a promising approach to resolve security challenges in clouds. TEEs protect the confidentiality and integrity of application code and data even against privileged attackers with root and physical access by providing an isolated secure memory area, i.e., enclaves. The security guarantees are provided by the CPU, thus even if system software is compromised, the attacker can never access the enclave's content. While this approach ensures strong security guarantees for applications, it also introduces a considerable runtime overhead in part by the limited availability of protected memory (enclave page cache). Currently, only a limited number of performance measurement tools for TEE-based applications exist and none offer performance monitoring and analysis during runtime. This paper presents TEEMon, the first continuous performance monitoring and analysis tool for TEE-based applications. TEEMon provides not only fine-grained performance metrics during runtime, but also assists the analysis of identifying causes of performance bottlenecks, e.g., excessive system calls. Our approach smoothly integrates with existing open-source tools (e.g., Prometheus or Grafana) towards a holistic monitoring solution, particularly optimized for systems deployed through Docker containers or Kubernetes and offers several dedicated metrics and visualizations. Our evaluation shows that TEEMon's overhead ranges from 5% to 17%.

Leandro Ventura Silva, Rodolfo Marinho, Jose Luis Vivas et al.

Smart metering is an essential feature of smart grids, allowing residential customers to monitor and reduce electricity costs. Devices called smart meters allows residential customers to monitor and reduce electricity costs, promoting energy saving, demand management, and energy efficiency. However, monitoring a households' energy consumption through smart meters poses serious privacy threats, and have thus become a major privacy issue. Hence, a significant amount of research has appeared recently with the purpose of providing methods and mechanisms to reconcile smart metering technologies and privacy requirements. However, most current approaches fall short in meeting one of several of the requirements for privacy preserving smart metering systems. In this paper we show how Intel SGX technology can be used to provide a simple and general solution for the smart metering privacy problem that meets all these requirements in a satisfactory way. Moreover, we present also an implementation of the proposed architecture as well as a series of experiments that have been carried out in order to assess how the proposed solution performs in comparison to a second implementation of the architecture that completely disregards privacy issues.

Oleh Bodunov, Florian Schmidt, André Martin et al.

In this paper, we present our approach for solving the DEBS Grand Challenge 2018. The challenge asks to provide a prediction for (i) a destination and the (ii) arrival time of ships in a streaming-fashion using Geo-spatial data in the maritime context. Novel aspects of our approach include the use of ensemble learning based on Random Forest, Gradient Boosting Decision Trees (GBDT), XGBoost Trees and Extremely Randomized Trees (ERT) in order to provide a prediction for a destination while for the arrival time, we propose the use of Feed-forward Neural Networks. In our evaluation, we were able to achieve an accuracy of 97% for the port destination classification problem and 90% (in mins) for the ETA prediction.

Lilia Sampaio, Fábio Silva, Amanda Souza et al.

In this paper we propose a data dissemination platform that supports data security and different privacy levels even when the platform and the data are hosted by untrusted infrastructures. The proposed system aims at enabling an application ecosystem that uses off-the-shelf trusted platforms (in this case, Intel SGX), so that users may allow or disallow third parties to access the live data stream with a specific sensitivity-level. Moreover, this approach does not require users to manage the encryption keys directly. Our experiments show that such an approach is indeed practical for medium scale systems, where participants disseminate small volumes of data at a time, such as in smart grids and IoT environments.

Rodolfo Silva, Pedro Barbosa, Andrey Brito

Intel(R) Software Guard eXtensions (SGX) is a hardware-based technology for ensuring security of sensitive data from disclosure or modification that enables user-level applications to allocate protected areas of memory called enclaves. Such memory areas are cryptographically protected even from code running with higher privilege levels. This memory protection can be used to develop secure and dependable applications, but the technology has some limitations: ($i$) the code of an enclave is visible at load time, ($ii$) libraries used by the code must be statically linked, and ($iii$) the protected memory size is limited, demanding page swapping to be done when this limit is exceeded. We present DynSGX, a privacy preserving tool that enables users and developers to dynamically load and unload code to be executed inside SGX enclaves. Such a technology makes possible that developers use public cloud infrastructures to run applications based on sensitive code and data. Moreover, we present a series of experiments that assess how applications dynamically loaded by DynSGX perform in comparison to statically linked applications that disregard privacy of the enclave code at load time.

Lesandro Ponciano, Pedro Barbosa, Francisco Brasileiro et al.

Internet of Things (IoT) systems have aroused enthusiasm and concerns. Enthusiasm comes from their utilities in people daily life, and concerns may be associated with privacy issues. By using two IoT systems as case-studies, we examine users' privacy beliefs, concerns and attitudes. We focus on four major dimensions: the collection of personal data, the inference of new information, the exchange of information to third parties, and the risk-utility trade-off posed by the features of the system. Altogether, 113 Brazilian individuals answered a survey about such dimensions. Although their perceptions seem to be dependent on the context, there are recurrent patterns. Our results suggest that IoT users can be classified into unconcerned, fundamentalists and pragmatists. Most of them exhibit a pragmatist profile and believe in privacy as a right guaranteed by law. One of the most privacy concerning aspect is the exchange of personal information to third parties. Individuals' perceived risk is negatively correlated with their perceived utility in the features of the system. We discuss practical implications of these results and suggest heuristics to cope with privacy concerns when designing IoT systems.