Behind Enemy Lines: Exploring Trusted Data Stream Processing on Untrusted Systems.

Data Stream Processing Systems (DSPSs) execute long-running, continuous queries over transient streaming data, often making use of outsourced, third-party computational platforms. However, third-party outsourcing can lead to unwanted violations of data providers' access controls or privacy policies, as data potentially flows through untrusted infrastructure. To address these types of violations, data providers can elect to use stream processing techniques based upon computation-enabling encryption. Unfortunately, this class of solutions can leak information about underlying plaintext values, reduce the possible set of queries that can be executed, and come with detrimental performance overheads. To alleviate the concerns with cryptographically-enforced access controls in DSPSs, we have developed \system, a DSPS that makes use of Intel's Software Guard Extensions (SGX) to protect data being processed on untrusted infrastructure. We show that \system can execute arbitrary queries while leaking no more information than an idealized \baseline system. At the same time, an extensive evaluation shows that the overheads associated with stream processing in \system are comparable to its computation-enabling encryption counterparts for many queries.