CICI: UCSS: Confidential Computing in Reproducible Collaborative Workflows

CICI：UCSS：可重复协作工作流程中的机密计算

• 批准号: 2232824
• 负责人: Keke Chen
• 金额: $ 60万
• 依托单位: Marquette University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-01-01 至 2025-12-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2232824&HistoricalAwards=false
• 关键词: CICI; UCSS; Confidential; Computing; Reproducible

Data-intensive scientific research projects often involve multiple collaborative parties. Some parties may demand confidential processing of their sensitive assets to protect intellectual property, embargo data (or algorithm) sharing before publishing a paper, conform to legal requirements, or avoid the responsibility for releasing sensitive data. However, integrating confidential computing into scientific workflows raises significant challenges. (1) Most science domain developers find it challenging to learn specific confidential computing frameworks and secure their code to protect from side-channel attacks. (2) The interplay between the private components and other components in a collaborative workflow may enable new attacks and side channels for adversaries to explore. The proposed project aims to address these challenges with a scientist-friendly development framework for confidential computing and a holistic attack study and mitigation framework for collaborative workflows. The success of this project will enable domain scientist developers to adopt the best confidential computing practices easily and use publicly available resources without the concern of confidentiality and privacy breach, boosting the idea of open, collaborative science.Specifically, the proposed research focuses on the scientist-oriented trusted-execution-environment (TEE) based development and studies its integration with collaborative scientific workflows. (1) The project explores different protection and usability solutions for domain scientists and allows them to tradeoff between their research goals and security and privacy concerns. (2) It develops an efficient and transparent TEE access-pattern protection framework that uniquely combines the best practices in data-intensive computing and framework-based mitigation methods. (3) It takes a holistic approach to study new security and privacy threats around confidential components in a collaborative workflow, covering stages including task execution, logging, provenance analysis, and reproducibility verification. The solutions will integrate techniques like TEE, blockchain, and differential privacy. (4) It is science-driven, motivated, and validated by collaborative research projects in biomedical sequence processing, image-based remote diagnosis, and healthcare data analytics. This project will generate open-source toolkits and demonstration systems. It also includes several educational and outreach initiatives to enhance cybersecurity and data science programs, attract underrepresented students, help local high school CS education, and strengthen industrial collaborations.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

数据密集型科学研究项目通常涉及多个合作方。一些各方可能会要求对其敏感资产进行保密处理以保护知识产权、在发表论文之前禁止数据（或算法）共享、遵守法律要求或逃避发布敏感数据的责任。然而，将机密计算集成到科学工作流程中提出了重大挑战。 (1) 大多数科学领域开发人员发现学习特定的机密计算框架并保护其代码免受旁道攻击具有挑战性。 (2) 协作工作流程中私有组件和其他组件之间的相互作用可能会为攻击者提供新的攻击和侧通道。拟议的项目旨在通过适合科学家的机密计算开发框架和协作工作流程的整体攻击研究和缓解框架来应对这些挑战。该项目的成功将使领域科学家开发人员能够轻松采用最佳的机密计算实践并使用公开可用的资源，而无需担心机密性和隐私泄露，从而推动开放、协作科学的理念。具体而言，拟议的研究重点关注科学家基于面向可信执行环境（TEE）的开发并研究其与协作科学工作流程的集成。 (1) 该项目为领域科学家探索不同的保护和可用性解决方案，并允许他们在研究目标与安全和隐私问题之间进行权衡。 (2)开发了高效、透明的TEE访问模式保护框架，独特地结合了数据密集型计算的最佳实践和基于框架的缓解方法。 （3）它采用整体方法来研究协作工作流程中机密组件的新安全和隐私威胁，涵盖任务执行、日志记录、来源分析和再现性验证等阶段。该解决方案将集成 TEE、区块链和差分隐私等技术。 (4) 它是科学驱动的、有动力的，并经过生物医学序列处理、基于图像的远程诊断和医疗数据分析方面的合作研究项目的验证。该项目将生成开源工具包和演示系统。它还包括多项教育和外展计划，以加强网络安全和数据科学项目、吸引代表性不足的学生、帮助当地高中计算机科学教育以及加强行业合作。该奖项反映了 NSF 的法定使命，并通过使用基金会的评估进行评估，被认为值得支持。智力价值和更广泛的影响审查标准。

项目成果

Demo: SGX-MR-Prot: Efficient and Developer-Friendly Access-Pattern Protection in Trusted Execution Environments

演示：SGX-MR-Prot：可信执行环境中高效且开发人员友好的访问模式保护

• DOI: 10.1109/icdcs57875.2023.00121
• 发表时间: 2023-07
• 期刊: IEEE
• 作者: Alam, A K;Boyce, Justin;Chen, Keke
• 通讯作者: Chen, Keke

Making Your Program Oblivious: A Comparative Study for Side-channel-Safe Confidential Computing

让你的程序被遗忘：侧通道安全机密计算的比较研究

• DOI: 10.1109/cloud60044.2023.00040
• 发表时间: 2023-07-01
• 期刊: 2023 IEEE 16th International Conference on Cloud Computing (CLOUD)
• 作者: A. M. Alam;Keke Chen
• 通讯作者: Keke Chen

TEE-Graph: efficient privacy and ownership protection for cloud-based graph spectral analysis

TEE-Graph：基于云的图谱分析的高效隐私和所有权保护

• DOI: 10.3389/fdata.2023.1296469
• 发表时间: 2023
• 期刊: Frontiers in Big Data
• 影响因子: 3.1
• 作者: Alam, A. K. M. Mubashwir;Chen, Keke
• 通讯作者: Chen, Keke

GAN-Based Domain Inference Attack

基于 GAN 的域推理攻击

• DOI: 10.1609/aaai.v37i12.26663
• 发表时间: 2023-06
• 期刊: Proceedings of the AAAI Conference on Artificial Intelligence
• 作者: Gu, Yuechun;Chen, Keke
• 通讯作者: Chen, Keke

Confidential High-Performance Computing in the Public Cloud

公有云中的机密高性能计算

• DOI: 10.1109/mic.2022.3226757
• 发表时间: 2022-12-05
• 期刊: IEEE Internet Computing
• 影响因子: 3.2
• 作者: Keke Chen