Rüdiger Kapitza

David Goltzsche, Tim Siebels, Lennard Golsch et al.

Web applications are on the rise and rapidly evolve into more and more mature replacements for their native counterparts. This disruptive trend is mainly driven by the attainment of platform-independence and instant deployability. On top of this, web browsers offer the opportunity for seamless browser-to-browser communication for distributed interaction. In this paper, we present Hector, a novel web application framework that transforms web browsers into a distributed application-centric computing platform. Hector enables offloading application logic to users, thereby improving user experience with lower latencies while generating less costs for service providers. Following the programming paradigm of Function-as-a-Service, applications are decomposed into functions so they can be managed efficiently and deployed in a responsive, scalable and lightweight fashion. In case of client-side resource shortage or unresponsive clients, execution falls back to a traditional cloud-based infrastructure. Hector combines WebAssembly for multi-language computations at near-native speed, WebRTC for browser-to-browser communication and trusted execution as provided by the Intel Software Guard Extensions so browsers can trust each other's computations. We evaluate Hector by implementing a digital assistant as well as a recommendation system. Our evaluation shows that Hector achieves lower end-user latencies while generating less costs than traditional deployments. Additionally, we show that Hector scales linearly with increasing client numbers and can cope well with unresponsive clients.

Marcus Brandenburger, Christian Cachin, Rüdiger Kapitza et al.

A smart contract on a blockchain cannot keep a secret because its data is replicated on all nodes in a network. To remedy this problem, it has been suggested to combine blockchains with trusted execution environments (TEEs), such as Intel SGX, for executing applications that demand privacy. Untrusted blockchain nodes cannot get access to the data and computations inside the TEE. This paper first explores some pitfalls that arise from the combination of TEEs with blockchains. Since TEEs are, in principle, stateless they are susceptible to rollback attacks, which should be prevented to maintain privacy for the application. However, in blockchains with non-final consensus protocols, such as the proof-of-work in Ethereum and others, the contract execution must handle rollbacks by design. This implies that TEEs for securing blockchain execution cannot be directly used for such blockchains; this approach works only when the consensus decisions are final. Second, this work introduces an architecture and a prototype for smart-contract execution within Intel SGX technology for Hyperledger Fabric, a prominent platform for enterprise blockchain applications. Our system resolves difficulties posed by the execute-order-validate architecture of Fabric and prevents rollback attacks on TEE-based execution as far as possible. For increasing security, our design encapsulates each application on the blockchain within its own enclave that shields it from the host system. An evaluation shows that the overhead moving execution into SGX is within 10%-20% for a sealed-bid auction application.

Rafael Pires, David Goltzsche, Sonia Ben Mokhtar et al.

By regularly querying Web search engines, users (unconsciously) disclose large amounts of their personal data as part of their search queries, among which some might reveal sensitive information (e.g. health issues, sexual, political or religious preferences). Several solutions exist to allow users querying search engines while improving privacy protection. However, these solutions suffer from a number of limitations: some are subject to user re-identification attacks, while others lack scalability or are unable to provide accurate results. This paper presents CYCLOSA, a secure, scalable and accurate private Web search solution. CYCLOSA improves security by relying on trusted execution environments (TEEs) as provided by Intel SGX. Further, CYCLOSA proposes a novel adaptive privacy protection solution that reduces the risk of user re- identification. CYCLOSA sends fake queries to the search engine and dynamically adapts their count according to the sensitivity of the user query. In addition, CYCLOSA meets scalability as it is fully decentralized, spreading the load for distributing fake queries among other nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real query and the fake queries separately, in contrast to other existing solutions that mix fake and real query results.