Paper ACM

Presentation pdf

SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments

Big data workflow management systems (BDWFMSs) have recently emerged as popular platforms to perform large-scale data analytics in the cloud. However, the protection of data confidentiality and secure execution of workflow applications remains an important and challenging problem. Although a few data analytics systems were developed to address this problem, they are limited to specific structures such as Map-Reduce-style workflows and SQL queries. This paper proposes SecDATAVIEW, a BDWFMS that leverages Intel Software Guard eXtensions (SGX) and AMD Secure Encrypted Virtualization (SEV) to develop a heterogeneous trusted execution environment for workflows. SecDATAVIEW aims to (1) provide the confidentiality and integrity of code and data for workflows running on public untrusted clouds, (2) minimize the TCB size for a BDWFMS, (3) enable the trade-off between security and performance for workflows, and (4) support the execution of Java-based workflow tasks in SGX. Our experimental results show that SecDATAVIEW imposes $1.69x$ to $2.62x$ overhead on workflow execution time on SGX worker nodes, $1.04x$ to $1.29x$ overhead on SEV worker nodes, and $1.20x$ to $1.43x$ overhead on a heterogeneous setting in which both SGX and SEV worker nodes are used.