Opaque: An Oblivious and Encrypted Distributed Analytics...
Transcript of Opaque: An Oblivious and Encrypted Distributed Analytics...
![Page 1: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/1.jpg)
Opaque: An Oblivious and Encrypted Distributed Analytics Platform
Wenting Zheng, Ankur Dave, Jethro Beekman, Raluca Ada Popa, Joseph Gonzalez, and Ion Stoica
UC Berkeley
![Page 2: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/2.jpg)
Complex analytics run on sensitive data
client cloud provider
sensitive data
![Page 3: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/3.jpg)
Complex analytics run on sensitive data
client cloud provider
sensitive data
![Page 4: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/4.jpg)
Complex analytics run on sensitive data
client
SparkSQL MLLib GraphX Spark
Streaming
cloud provider
sensitive data
![Page 5: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/5.jpg)
![Page 6: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/6.jpg)
Cloud attackers
client cloud provider
sensitive data
![Page 7: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/7.jpg)
Cloud attackers
client cloud provider
sensitive data
![Page 8: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/8.jpg)
Cloud attackers
client cloud provider
sensitive data
![Page 9: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/9.jpg)
Cloud attackers
client cloud provider
sensitive data
![Page 10: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/10.jpg)
How to protect data and computation
while preserving functionality?
![Page 11: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/11.jpg)
Cryptographic approaches• Generic functionality: fully homomorphic encryption, ObliVM
[RAD’78,Gentry’09]
![Page 12: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/12.jpg)
Cryptographic approaches• Generic functionality: fully homomorphic encryption, ObliVM
too slow[RAD’78,Gentry’09]
![Page 13: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/13.jpg)
Cryptographic approaches• Generic functionality: fully homomorphic encryption, ObliVM
too slow[RAD’78,Gentry’09]
• Specialized solutions: CryptDB, Arx, Seabed
![Page 14: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/14.jpg)
Cryptographic approaches• Generic functionality: fully homomorphic encryption, ObliVM
too slow
restricted functionality
[RAD’78,Gentry’09]
• Specialized solutions: CryptDB, Arx, Seabed
![Page 15: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/15.jpg)
Cryptographic approaches• Generic functionality: fully homomorphic encryption, ObliVM
too slow
restricted functionality
[RAD’78,Gentry’09]
Alternative: hardware enclaves
• Specialized solutions: CryptDB, Arx, Seabed
![Page 16: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/16.jpg)
Hardware enclaves (e.g., Intel SGX)
![Page 17: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/17.jpg)
Hardware enclaves (e.g., Intel SGX)
• Hardware-enforced secure execution environment
![Page 18: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/18.jpg)
Enclave
Hardware enclaves (e.g., Intel SGX)
• Hardware-enforced secure execution environment
Untrusted OS
Code
![Page 19: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/19.jpg)
Enclave
Hardware enclaves (e.g., Intel SGX)
• Hardware-enforced secure execution environment
• Encrypted enclave memory called EPC (accessible only from the enclave)
Untrusted OS
Code
![Page 20: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/20.jpg)
Enclave
Hardware enclaves (e.g., Intel SGX)
• Hardware-enforced secure execution environment
• Encrypted enclave memory called EPC (accessible only from the enclave)
Untrusted OS
Secret dataCode
![Page 21: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/21.jpg)
Enclave
Hardware enclaves (e.g., Intel SGX)
• Hardware-enforced secure execution environment
• Encrypted enclave memory called EPC (accessible only from the enclave)
• Protect against an attacker who has root access
Untrusted OS
Secret dataCode
![Page 22: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/22.jpg)
Remote attestation
Client Server
enclave
untrusted OS
![Page 23: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/23.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
Client Server
enclave
untrusted OS
![Page 24: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/24.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
client code
Client Server
enclave
untrusted OS
![Page 25: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/25.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
client code
Client Server
enclave
untrusted OS
![Page 26: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/26.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
client codehash
Client Server
enclave
untrusted OS
![Page 27: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/27.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
client code
hash
Client Server
enclave
untrusted OS
![Page 28: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/28.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
client code
hash
Client Server
enclave
untrusted OS
![Page 29: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/29.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
client code
hash
Client Server
enclave
untrusted OS
![Page 30: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/30.jpg)
Enables verifying which code runs in the enclave and performing key exchange
Remote attestation
client code
hash
Client Server
enclave
untrusted OS
![Page 31: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/31.jpg)
Enclave-based systems
![Page 32: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/32.jpg)
Enclave-based systems• Prior work: Haven [BMG ’14], Scone [ATGKL.. ’16], VC3
[SCFGPMR ’15]
![Page 33: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/33.jpg)
Enclave-based systems• Prior work: Haven [BMG ’14], Scone [ATGKL.. ’16], VC3
[SCFGPMR ’15]
• full functionality
![Page 34: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/34.jpg)
Enclave-based systems• Prior work: Haven [BMG ’14], Scone [ATGKL.. ’16], VC3
[SCFGPMR ’15]
• full functionality• great performance
![Page 35: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/35.jpg)
Enclave-based systems• Prior work: Haven [BMG ’14], Scone [ATGKL.. ’16], VC3
[SCFGPMR ’15]
• full functionality• great performance • data access pattern leakage [XCP ’15, OCFGKS ‘15]
![Page 36: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/36.jpg)
Access patterns
memoryprocessor
machine 0
![Page 37: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/37.jpg)
Access patterns
memoryprocessor
addresses
machine 0
![Page 38: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/38.jpg)
Access patterns
memoryprocessor
addresses
machine 0
network messages machine 1
![Page 39: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/39.jpg)
Example: network access pattern leakage
![Page 40: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/40.jpg)
Example: network access pattern leakage
ID Name Age Disease
12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes98329 Ronald S. Ogden 53 Cancer32591 Donna R. Bridges 26 Diabetes
![Page 41: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/41.jpg)
Example: network access pattern leakage
ID Name Age Disease
12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes98329 Ronald S. Ogden 53 Cancer32591 Donna R. Bridges 26 Diabetes
SELECT count(*) FROM medical GROUP BY disease
![Page 42: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/42.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 43: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/43.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 44: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/44.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 45: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/45.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 46: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/46.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 47: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/47.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 48: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/48.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Public information:Diabetes twice as commonas cancer
![Page 49: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/49.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Public information:Diabetes twice as commonas cancer
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 50: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/50.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Public information:Diabetes twice as commonas cancer
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 51: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/51.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Public information:Diabetes twice as commonas cancer
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 52: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/52.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 53: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/53.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 54: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/54.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 55: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/55.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
![Page 56: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/56.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
??? Diabetes
??? Diabetes
??? Cancer
??? Diabetes
??? Cancer
??? Diabetes
![Page 57: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/57.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
??? Diabetes
??? Diabetes
??? Cancer
??? Diabetes
??? Cancer
??? Diabetes
??? Cancer
![Page 58: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/58.jpg)
Example: network access pattern leakage
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Learns that Alice has cancer
![Page 59: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/59.jpg)
Leakage from prior work• Memory access patterns attacks [XCP15] extracted
complete text documents and photo outlines
• Network access patterns [OCF+15] extracted age, gender, address of individuals
![Page 60: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/60.jpg)
Goal: oblivious distributed analytics
![Page 61: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/61.jpg)
Goal: oblivious distributed analytics
access patterns are independent of data content
![Page 62: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/62.jpg)
Opaque*: oblivious and encrypted distributed analytics platform
* Oblivious Platform for Analytic QUEries
Spark SQLOpaque
SQL ML Graph Analytics
![Page 63: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/63.jpg)
Threat model
![Page 64: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/64.jpg)
Threat model• Powerful attacker who can compromise the server’s
software stack (including the OS)
![Page 65: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/65.jpg)
Threat model• Powerful attacker who can compromise the server’s
software stack (including the OS)
• Cannot compromise the trusted hardware or the client
![Page 66: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/66.jpg)
Threat model• Powerful attacker who can compromise the server’s
software stack (including the OS)
• Cannot compromise the trusted hardware or the client
• Small region of oblivious memory
![Page 67: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/67.jpg)
Security guarantees (informal)
![Page 68: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/68.jpg)
Security guarantees (informal)• Data encryption and authentication
![Page 69: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/69.jpg)
Security guarantees (informal)• Data encryption and authentication
![Page 70: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/70.jpg)
Security guarantees (informal)• Data encryption and authentication
• Computation integrity: the client can check that the computation result was not affected by an attacker
![Page 71: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/71.jpg)
Security guarantees (informal)• Data encryption and authentication
• Computation integrity: the client can check that the computation result was not affected by an attacker
![Page 72: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/72.jpg)
Security guarantees (informal)• Data encryption and authentication
• Computation integrity: the client can check that the computation result was not affected by an attacker
• Obliviousness: The memory and network accesses of a query is the same for any two inputs with the same size characteristics (input/outputs)
![Page 73: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/73.jpg)
Security guarantees (informal)• Data encryption and authentication
• Computation integrity: the client can check that the computation result was not affected by an attacker
• Obliviousness: The memory and network accesses of a query is the same for any two inputs with the same size characteristics (input/outputs)• When enabling padding, Opaque hides output sizes
as well
![Page 74: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/74.jpg)
![Page 75: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/75.jpg)
Challenge: obliviousness is expensive
![Page 76: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/76.jpg)
Challenge: obliviousness is expensive
Two-part solution:
![Page 77: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/77.jpg)
Challenge: obliviousness is expensive
Two-part solution:
Distributed oblivious SQL operators
![Page 78: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/78.jpg)
Challenge: obliviousness is expensive
Novel query planning techniques
Two-part solution:
Distributed oblivious SQL operators
![Page 79: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/79.jpg)
Opaque components
![Page 80: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/80.jpg)
Opaque components
Data encryption and authentication
![Page 81: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/81.jpg)
Opaque components
Computation verification
Data encryption and authentication
![Page 82: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/82.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Data encryption and authentication
![Page 83: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/83.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Rule-based opt. Cost-based opt.
Data encryption and authentication
Oblivious query planning
Cost model
![Page 84: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/84.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Rule-based opt. Cost-based opt.
Data encryption and authentication
Oblivious query planning
Cost model
![Page 85: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/85.jpg)
Query execution
Client Server
Database
Scheduler
1 2 3
![Page 86: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/86.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3
![Page 87: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/87.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3query = SELECT sum(*) FROM table
![Page 88: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/88.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3
Query
query = SELECT sum(*) FROM table
![Page 89: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/89.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3
Query
query = SELECT sum(*) FROM table
![Page 90: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/90.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3query = SELECT sum(*) FROM table
![Page 91: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/91.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3query = SELECT sum(*) FROM table
![Page 92: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/92.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3query = SELECT sum(*) FROM table
![Page 93: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/93.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3query = SELECT sum(*) FROM table
![Page 94: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/94.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3
query = SELECT sum(*) FROM table
![Page 95: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/95.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
10 13 4
![Page 96: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/96.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
10
13
4
![Page 97: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/97.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
27
![Page 98: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/98.jpg)
Query execution
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
27
![Page 99: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/99.jpg)
Problem: cloud can alter distributed computation
![Page 100: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/100.jpg)
Problem: cloud can alter distributed computation
• Drop data
![Page 101: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/101.jpg)
Problem: cloud can alter distributed computation
• Drop data
• Modify data
![Page 102: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/102.jpg)
Problem: cloud can alter distributed computation
• Drop data
• Modify data
• Skip task
![Page 103: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/103.jpg)
Problem: cloud can alter distributed computation
• Drop data
• Modify data
• Skip task
• Replay old state
![Page 104: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/104.jpg)
Example: drop data
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3query = SELECT sum(*) FROM table
![Page 105: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/105.jpg)
Example: drop data
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
1 2 3
query = SELECT sum(*) FROM table
![Page 106: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/106.jpg)
Example: drop data
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
10 13 4
![Page 107: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/107.jpg)
Example: drop data
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
10
13
![Page 108: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/108.jpg)
Example: drop data
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
23
![Page 109: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/109.jpg)
Example: drop data
Spark Driver
Opaque
Catalyst
Client Server
Database
Scheduler
query = SELECT sum(*) FROM table
23
![Page 110: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/110.jpg)
Self-verifying computationInvariant: if computation does not abort, the execution completed so far is correct
![Page 111: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/111.jpg)
Self-verifying computationInvariant: if computation does not abort, the execution completed so far is correct
![Page 112: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/112.jpg)
Self-verifying computationInvariant: if computation does not abort, the execution completed so far is correct
If the computation is complete, then the entire query was executed correctly
![Page 113: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/113.jpg)
Self-verifying computation
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 114: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/114.jpg)
Self-verifying computation 20
1413 15Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 115: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/115.jpg)
Self-verifying computation 20
1413 15Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 116: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/116.jpg)
Self-verifying computation 20
1413 1510
13
4
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 117: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/117.jpg)
Self-verifying computation 20
1413 15
1013
4
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 118: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/118.jpg)
Self-verifying computation 20
1413 15
1013
4
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 119: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/119.jpg)
Self-verifying computation 20
1413 15
1013
4
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 120: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/120.jpg)
Self-verifying computation 20
1413 15
1013
4
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 121: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/121.jpg)
Self-verifying computation 20
1413 15
1013
4
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 122: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/122.jpg)
Self-verifying computation 20
1413 15
1013
4
Task 13
Task 14
Task 15
Task 20
query = SELECT sum(*) FROM table
![Page 123: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/123.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Rule-based opt. Cost-based opt.
Data encryption and authentication
Oblivious query planning
Cost model
![Page 124: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/124.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Rule-based opt. Cost-based opt.
Data encryption and authentication
Oblivious query planning
Cost model
![Page 125: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/125.jpg)
Oblivious aggregation
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
SELECT count(*) FROM medical GROUP BY disease
1
2
![Page 126: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/126.jpg)
Oblivious aggregation
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
SELECT count(*) FROM medical GROUP BY disease
1
2
There can be many partitions
![Page 127: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/127.jpg)
Oblivious aggregation
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivioussort
[CLRS, Leighton ‘85]
Map Sort
SELECT count(*) FROM medical GROUP BY disease
![Page 128: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/128.jpg)
Oblivious aggregation
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivioussort
[CLRS, Leighton ‘85]
Map Sort
SELECT count(*) FROM medical GROUP BY disease
![Page 129: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/129.jpg)
Oblivious aggregation
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivioussort
[CLRS, Leighton ‘85]
Map Sort
SELECT count(*) FROM medical GROUP BY disease
![Page 130: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/130.jpg)
Oblivious aggregation
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivioussort
[CLRS, Leighton ‘85]
Map Sort
SELECT count(*) FROM medical GROUP BY disease
????
![Page 131: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/131.jpg)
Map Sort
Oblivioussort
[CLRS, Leighton ‘85]
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 132: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/132.jpg)
Oblivioussort
[CLRS, Leighton ‘85]
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 133: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/133.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 134: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/134.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
The “Diabetes” group is split!
![Page 135: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/135.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
The “Diabetes” group is split!
How to aggregate obliviously and in parallel?
![Page 136: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/136.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
The “Diabetes” group is split!
How to aggregate obliviously and in parallel?It can span over many partitions
![Page 137: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/137.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 138: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/138.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 139: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/139.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan
Statistics
Statistics
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 140: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/140.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Statistics
Statistics
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 141: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/141.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Statistics
Statistics
Partial agg.
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
![Page 142: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/142.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Partial agg.
Oblivious aggregationSELECT count(*) FROM medical GROUP BY disease
Cancer;Diabetes:1
Diabetes;Diabetes:3
![Page 143: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/143.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Partial agg.
Oblivious aggregation
Diabetes:1
SELECT count(*) FROM medical GROUP BY disease
![Page 144: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/144.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Oblivious aggregation
DUMMY
Diabetes:1
SELECT count(*) FROM medical GROUP BY disease
![Page 145: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/145.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Oblivious aggregation
DUMMY
Diabetes:1
SELECT count(*) FROM medical GROUP BY disease
![Page 146: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/146.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Oblivious aggregation
DUMMY
Diabetes:1
SELECT count(*) FROM medical GROUP BY disease
![Page 147: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/147.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Scan
Oblivious aggregation
DUMMY
Diabetes:1
SELECT count(*) FROM medical GROUP BY disease
![Page 148: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/148.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Scan
Oblivious aggregation
DUMMY
Diabetes:1
SELECT count(*) FROM medical GROUP BY disease
![Page 149: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/149.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Scan
Oblivious aggregation
DUMMY
Diabetes:1
DUMMY
Cancer: 2
DUMMY
SELECT count(*) FROM medical GROUP BY disease
![Page 150: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/150.jpg)
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Scan
Oblivious aggregation
DUMMY
Diabetes:1
DUMMY
Cancer: 2
DUMMY
DUMMY
DUMMY
Diabetes:4
SELECT count(*) FROM medical GROUP BY disease
![Page 151: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/151.jpg)
Oblivious aggregation
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
12809 … Diabetes
29489 … Diabetes
13744 … Cancer
18740 … Diabetes
98329 … Cancer
32591 … Diabetes
Scan Boundary processing
Scan
DUMMY
Cancer: 2
DUMMY
DUMMY
DUMMY
Diabetes:4
Diabetes:1
DummyDUMMY
Diabetes:1
SELECT count(*) FROM medical GROUP BY disease
![Page 152: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/152.jpg)
Oblivious aggregation
Diabetes
Diabetes
Cancer
Diabetes
Cancer
Diabetes
DUMMY
Cancer: 2
DUMMY
DUMMY
DUMMY
Diabetes:4
SELECT count(*) FROM medical GROUP BY disease
![Page 153: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/153.jpg)
Oblivious aggregation
DUMMY
Cancer: 2
DUMMY
DUMMY
DUMMY
Diabetes:4
SELECT count(*) FROM medical GROUP BY disease
![Page 154: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/154.jpg)
Oblivious aggregation
DUMMY
Cancer: 2
DUMMY
DUMMY
DUMMY
Diabetes:4
Sort
Oblivioussort
[CLRS, Leighton ‘85]
SELECT count(*) FROM medical GROUP BY disease
![Page 155: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/155.jpg)
Oblivious aggregation
DUMMY
Cancer: 2
DUMMY
DUMMY
DUMMY
Diabetes:4
Sort
Oblivioussort
[CLRS, Leighton ‘85]
SELECT count(*) FROM medical GROUP BY disease
![Page 156: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/156.jpg)
Oblivious aggregation
Cancer: 2
Diabetes:4
Sort
Oblivioussort
[CLRS, Leighton ‘85]
SELECT count(*) FROM medical GROUP BY disease
![Page 157: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/157.jpg)
Oblivious aggregation
Cancer: 2
Diabetes:4
Sort
Oblivioussort
[CLRS, Leighton ‘85]
Final result
SELECT count(*) FROM medical GROUP BY disease
![Page 158: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/158.jpg)
Oblivious aggregation
Cancer: 2
Diabetes:4
Sort
Oblivioussort
[CLRS, Leighton ‘85]
Final result
SELECT count(*) FROM medical GROUP BY disease
Aggregation has two sorts…
![Page 159: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/159.jpg)
Oblivious aggregation
Cancer: 2
Diabetes:4
Sort
Oblivioussort
[CLRS, Leighton ‘85]
Final result
SELECT count(*) FROM medical GROUP BY disease
Aggregation has two sorts…
Can we do better?
![Page 160: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/160.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Rule-based opt. Cost-based opt.
Data encryption and authentication
Oblivious query planning
Cost model
![Page 161: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/161.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Rule-based opt. Cost-based opt.
Data encryption and authentication
Oblivious query planning
Cost model
![Page 162: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/162.jpg)
Rule-based optimization
![Page 163: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/163.jpg)
Rule-based optimization
SELECT count(*) FROM medical WHERE age > 30 GROUP BY disease
![Page 164: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/164.jpg)
Rule-based optimization
SELECT count(*) FROM medical WHERE age > 30 GROUP BY disease
medical
Filter
Aggregation
Logical op.
![Page 165: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/165.jpg)
Insight 1
![Page 166: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/166.jpg)
Insight 1
1. Split each logical operator into smaller Opaque operators
![Page 167: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/167.jpg)
Insight 1
1. Split each logical operator into smaller Opaque operators
2. Take a global view across the plan to remove some Opaque operators
![Page 168: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/168.jpg)
Rule-based optimization
medical
Filter
Aggregation
Logical op.
![Page 169: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/169.jpg)
Rule-based optimizationOpaque op.
medical
Filter
Aggregation
Logical op.
![Page 170: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/170.jpg)
Rule-based optimization
medical
Opaque op.
medical
Filter
Aggregation
Logical op.
![Page 171: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/171.jpg)
Rule-based optimization
medical
Opaque op.
medical
Filter
Aggregation
Logical op.
![Page 172: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/172.jpg)
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op.
![Page 173: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/173.jpg)
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
![Page 174: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/174.jpg)
O-sort
Filter
Project
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
![Page 175: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/175.jpg)
O-sort
Filter
Project
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
![Page 176: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/176.jpg)
O-sort
Filter
ProjectProject
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
![Page 177: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/177.jpg)
O-sort
Filter
ProjectProject
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
![Page 178: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/178.jpg)
O-sort
Filter
ProjectProject
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
![Page 179: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/179.jpg)
O-sort
Filter
ProjectProject
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes
00001
98329 Ronald S. Ogden 53 Cancer 0
![Page 180: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/180.jpg)
O-sort
Filter
ProjectProject
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes
00001
98329 Ronald S. Ogden 53 Cancer 0
![Page 181: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/181.jpg)
O-sort
Filter
Project
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes
00001
98329 Ronald S. Ogden 53 Cancer 0
![Page 182: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/182.jpg)
O-sort
Filter
Project
O-sort
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes
00001
98329 Ronald S. Ogden 53 Cancer 0
![Page 183: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/183.jpg)
O-sort
Filter
Project
O-sort
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes
00001
98329 Ronald S. Ogden 53 Cancer 0
![Page 184: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/184.jpg)
O-sort
Filter
Project
O-sort
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
32591 Donna R. Bridges 26 Diabetes
0000
198329 Ronald S. Ogden 53 Cancer 0
![Page 185: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/185.jpg)
O-sort
Filter
Project
O-sort
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
32591 Donna R. Bridges 26 Diabetes
0000
198329 Ronald S. Ogden 53 Cancer 0
![Page 186: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/186.jpg)
O-sort
Filter
Project
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
32591 Donna R. Bridges 26 Diabetes
0000
198329 Ronald S. Ogden 53 Cancer 0
![Page 187: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/187.jpg)
O-sort
Filter
Project
Filter
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
32591 Donna R. Bridges 26 Diabetes
0000
198329 Ronald S. Ogden 53 Cancer 0
![Page 188: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/188.jpg)
O-sort
Filter
Project
Filter
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
0000
98329 Ronald S. Ogden 53 Cancer 0
![Page 189: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/189.jpg)
O-sort
Filter
Project
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
0000
98329 Ronald S. Ogden 53 Cancer 0
![Page 190: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/190.jpg)
O-sort
Agg.
O-sort
O-sort
Filter
Project
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
0000
98329 Ronald S. Ogden 53 Cancer 0
![Page 191: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/191.jpg)
O-sort
Agg.
O-sort
O-sort
Filter
Project
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
0000
98329 Ronald S. Ogden 53 Cancer 0
![Page 192: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/192.jpg)
O-sort
Agg.
O-sort
O-sort
Filter
Project
O-sort
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes
0000
98329 Ronald S. Ogden 53 Cancer 0
![Page 193: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/193.jpg)
O-sort
Agg.
O-sort
O-sort
Filter
Project
O-sort
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op.
12809 Amanda D. Edwards 40 Diabetes
29489 Robert R. McGowan 56 Diabetes
13744 Kimberly R. Seay 51 Cancer
18740 Dennis G. Bates 32 Diabetes0
0
0
0
98329 Ronald S. Ogden 53 Cancer 0
![Page 194: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/194.jpg)
O-sort
Agg.
O-sort
O-sort
Filter
Project
O-sort
Rule-based optimization
medical
Scan
Opaque op.
medical
Filter
Aggregation
Logical op.
12809 Amanda D. Edwards 40 Diabetes
29489 Robert R. McGowan 56 Diabetes
13744 Kimberly R. Seay 51 Cancer
18740 Dennis G. Bates 32 Diabetes0
0
0
0
98329 Ronald S. Ogden 53 Cancer 0
Can we remove any sort?
![Page 195: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/195.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
![Page 196: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/196.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
![Page 197: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/197.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
![Page 198: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/198.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
Sort on 0/1 column
![Page 199: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/199.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
Sort on 0/1 column
![Page 200: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/200.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
Sort on 0/1 column
Sort on Disease
![Page 201: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/201.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
Sort on 0/1 column
Sort on Disease+
![Page 202: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/202.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
Sort on 0/1 column
Sort on Disease+
=
![Page 203: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/203.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
Sort on 0/1 column
Sort on Disease+
Sort on (0/1, Disease)
=
![Page 204: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/204.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
![Page 205: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/205.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
O-sort
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
![Page 206: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/206.jpg)
Rule-based optimization
medical
O-sort
Scan
Filter
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
![Page 207: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/207.jpg)
Scan
Rule-based optimization
medical
Agg.
O-sort
Opaque op.
medical
Filter
Aggregation
Logical op.
O-sort
Filter
Project
![Page 208: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/208.jpg)
Scan
Rule-based optimization
medical
Scan
Agg.
O-sort
Opaque op.
medical
Filter
Aggregation
Logical op.
O-sort
Filter
Project
![Page 209: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/209.jpg)
Scan
Rule-based optimization
medical
Scan
Agg.
O-sort
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
O-sort
Filter
Project
![Page 210: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/210.jpg)
Scan
Rule-based optimization
medical
Agg.
O-sort
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
O-sort
Filter
Project
![Page 211: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/211.jpg)
Scan
Rule-based optimization
medical
Agg.
O-sort
Opaque op.
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes29489 Robert R. McGowan 56 Diabetes13744 Kimberly R. Seay 51 Cancer18740 Dennis G. Bates 32 Diabetes32591 Donna R. Bridges 26 Diabetes98329 Ronald S. Ogden 53 Cancer
O-sort
Filter
ProjectProject
![Page 212: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/212.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes 029489 Robert R. McGowan 56 Diabetes 013744 Kimberly R. Seay 51 Cancer 018740 Dennis G. Bates 32 Diabetes 032591 Donna R. Bridges 26 Diabetes 198329 Ronald S. Ogden 53 Cancer 0
Project
Filter
![Page 213: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/213.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op. 12809 Amanda D. Edwards 40 Diabetes 029489 Robert R. McGowan 56 Diabetes 013744 Kimberly R. Seay 51 Cancer 018740 Dennis G. Bates 32 Diabetes 032591 Donna R. Bridges 26 Diabetes 198329 Ronald S. Ogden 53 Cancer 0
Filter
![Page 214: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/214.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
O-sort
12809 Amanda D. Edwards 40 Diabetes 029489 Robert R. McGowan 56 Diabetes 013744 Kimberly R. Seay 51 Cancer 018740 Dennis G. Bates 32 Diabetes 032591 Donna R. Bridges 26 Diabetes 198329 Ronald S. Ogden 53 Cancer 0
multi-column sort
Filter
![Page 215: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/215.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
O-sort
12809 Amanda D. Edwards 40 Diabetes 029489 Robert R. McGowan 56 Diabetes 013744 Kimberly R. Seay 51 Cancer 018740 Dennis G. Bates 32 Diabetes 032591 Donna R. Bridges 26 Diabetes 198329 Ronald S. Ogden 53 Cancer 0
multi-column sort
Filter
![Page 216: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/216.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
O-sort
12809 Amanda D. Edwards 40 Diabetes 0
29489 Robert R. McGowan 56 Diabetes 0
13744 Kimberly R. Seay 51 Cancer 0
18740 Dennis G. Bates 32 Diabetes 0
32591 Donna R. Bridges 26 Diabetes 1
98329 Ronald S. Ogden 53 Cancer 0
multi-column sort
Filter
![Page 217: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/217.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
12809 Amanda D. Edwards 40 Diabetes 0
29489 Robert R. McGowan 56 Diabetes 0
13744 Kimberly R. Seay 51 Cancer 0
18740 Dennis G. Bates 32 Diabetes 0
32591 Donna R. Bridges 26 Diabetes 1
98329 Ronald S. Ogden 53 Cancer 0
multi-column sort
Filter
![Page 218: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/218.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
12809 Amanda D. Edwards 40 Diabetes 0
29489 Robert R. McGowan 56 Diabetes 0
13744 Kimberly R. Seay 51 Cancer 0
18740 Dennis G. Bates 32 Diabetes 0
32591 Donna R. Bridges 26 Diabetes 1
98329 Ronald S. Ogden 53 Cancer 0
multi-column sort
FilterFilter
![Page 219: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/219.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
12809 Amanda D. Edwards 40 Diabetes 0
29489 Robert R. McGowan 56 Diabetes 0
13744 Kimberly R. Seay 51 Cancer 0
18740 Dennis G. Bates 32 Diabetes 0
98329 Ronald S. Ogden 53 Cancer 0
multi-column sort
FilterFilter
![Page 220: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/220.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
12809 Amanda D. Edwards 40 Diabetes 0
29489 Robert R. McGowan 56 Diabetes 0
13744 Kimberly R. Seay 51 Cancer 0
18740 Dennis G. Bates 32 Diabetes 0
98329 Ronald S. Ogden 53 Cancer 0
multi-column sort
Filter
![Page 221: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/221.jpg)
Rule-based optimization
medical
O-sort
Scan
Agg.
O-sort
Opaque op.
Project
medical
Filter
Aggregation
Logical op.
12809 Amanda D. Edwards 40 Diabetes 0
29489 Robert R. McGowan 56 Diabetes 0
13744 Kimberly R. Seay 51 Cancer 0
18740 Dennis G. Bates 32 Diabetes 0
98329 Ronald S. Ogden 53 Cancer 0
multi-column sort
Filter
Eliminated one oblivious sort!
![Page 222: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/222.jpg)
Opaque components
Distributed oblivious operators
Oblivious Filter
Oblivious Aggregation
Oblivious Join
Computation verification
Rule-based opt. Cost-based opt.
Data encryption and authentication
Oblivious query planning
Cost model
![Page 223: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/223.jpg)
Observation: not all tables are sensitive
![Page 224: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/224.jpg)
Observation: not all tables are sensitive
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
![Page 225: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/225.jpg)
Observation: not all tables are sensitive
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
P_ID
D_ID
Name
Age
Hospitalized patients
![Page 226: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/226.jpg)
Observation: not all tables are sensitive
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
P_ID
D_ID
Name
Age
Hospitalized patients
Opaque can operate in mixed sensitivity: sensitive tables are run with oblivious operators
![Page 227: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/227.jpg)
⨝⨝⨝
A B C DC
Observation: not all tables are sensitive
![Page 228: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/228.jpg)
⨝⨝⨝
A B C DC
⨝
Observation: not all tables are sensitive
![Page 229: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/229.jpg)
⨝⨝⨝
A B C DC
⨝
Observation: not all tables are sensitive
Not oblivious!
![Page 230: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/230.jpg)
⨝⨝⨝
A B C DC
⨝
Observation: not all tables are sensitive
![Page 231: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/231.jpg)
⨝⨝⨝
A B C DC
⨝
Observation: not all tables are sensitive
Sensitivity propagation: propagate obliviousness from leaf to root
![Page 232: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/232.jpg)
⨝⨝⨝
A B C DC
⨝
Observation: not all tables are sensitive
Sensitivity propagation: propagate obliviousness from leaf to root
![Page 233: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/233.jpg)
⨝⨝⨝
A B C D
⨝
C
⨝
Observation: not all tables are sensitive
Sensitivity propagation: propagate obliviousness from leaf to root
![Page 234: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/234.jpg)
Insight 2
Sensitivity propagation introduces a new dimension to
query optimization
![Page 235: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/235.jpg)
Cost-based optimization
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
Find the least costly medication for each patient
![Page 236: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/236.jpg)
Cost-based optimization
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
Find the least costly medication for each patient
Assumption: |P| < |D| < |M|
![Page 237: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/237.jpg)
Cost-based optimization
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
SELECT p_name, d_name, med_costFROM patient, disease, (SELECT d_id, min(cost) AS med_cost FROM medication GROUP BY d_id) AS medWHERE disease.d_id = patient.d_id AND disease.d_id = med.d_id
Find the least costly medication for each patient
Assumption: |P| < |D| < |M|
![Page 238: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/238.jpg)
Cost-based optimization
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
SELECT p_name, d_name, med_costFROM patient, disease, (SELECT d_id, min(cost) AS med_cost FROM medication GROUP BY d_id) AS medWHERE disease.d_id = patient.d_id AND disease.d_id = med.d_id
Find the least costly medication for each patient
Assumption: |P| < |D| < |M|
![Page 239: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/239.jpg)
Cost-based optimization
P_ID
D_ID
Name
Age
Hospitalized patients
D_ID
Name
G_ID
Disease
M_ID
D_ID
Name
Cost
Medication
SELECT p_name, d_name, med_costFROM patient, disease, (SELECT d_id, min(cost) AS med_cost FROM medication GROUP BY d_id) AS medWHERE disease.d_id = patient.d_id AND disease.d_id = med.d_id
Find the least costly medication for each patient
3-way join
Assumption: |P| < |D| < |M|
![Page 240: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/240.jpg)
Cost-based optimization
Patient Disease Medication
⨝ 𝝪⨝
Patient
Disease
Medication
⨝
𝝪⨝
SQL optimizer with new cost:
![Page 241: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/241.jpg)
Cost-based optimization
Patient Disease Medication
⨝ 𝝪⨝
Patient
Disease
Medication
⨝
𝝪⨝
SQL optimizer with new cost:
More selective non-oblivious join
![Page 242: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/242.jpg)
Cost-based optimization
Patient Disease Medication
⨝ 𝝪⨝
Patient
Disease
Medication
⨝
𝝪⨝
SQL optimizer with new cost:
More selective non-oblivious join
![Page 243: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/243.jpg)
Cost-based optimization
Patient Disease Medication
⨝ 𝝪⨝
Patient
Disease
Medication
⨝
𝝪⨝
SQL optimizer with new cost and sensitivity propagation:
![Page 244: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/244.jpg)
Cost-based optimization
Patient Disease Medication
⨝ 𝝪⨝
Patient
Disease
Medication
⨝
𝝪⨝
SQL optimizer with new cost and sensitivity propagation:
Fewer oblivious joins
![Page 245: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/245.jpg)
Cost-based optimization
Patient Disease Medication
⨝ 𝝪⨝
Patient
Disease
Medication
⨝
𝝪⨝
SQL optimizer with new cost and sensitivity propagation:
Fewer oblivious joins
![Page 246: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/246.jpg)
Evaluation setup
![Page 247: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/247.jpg)
Evaluation setup• Single machine experiments:
• Intel Xeon E3-1280 v5, 4 cores, 64 GB RAM
• Intel SGX: 128 MB of enclave page cache (EPC)
![Page 248: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/248.jpg)
Evaluation setup• Single machine experiments:
• Intel Xeon E3-1280 v5, 4 cores, 64 GB RAM
• Intel SGX: 128 MB of enclave page cache (EPC)
• Distributed experiments
• A cluster of 5 SGX machines
![Page 249: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/249.jpg)
Evaluation
![Page 250: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/250.jpg)
Evaluation• How does Opaque compare to Spark SQL?
![Page 251: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/251.jpg)
Evaluation• How does Opaque compare to Spark SQL?
• Big Data Benchmark (BDB); 4 queries total
![Page 252: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/252.jpg)
Evaluation• How does Opaque compare to Spark SQL?
• Big Data Benchmark (BDB); 4 queries total• Queries 1, 2, 3: filter, aggregation, join
![Page 253: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/253.jpg)
Evaluation• How does Opaque compare to Spark SQL?
• Big Data Benchmark (BDB); 4 queries total• Queries 1, 2, 3: filter, aggregation, join• 1 million records
![Page 254: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/254.jpg)
Evaluation• How does Opaque compare to Spark SQL?
• Big Data Benchmark (BDB); 4 queries total• Queries 1, 2, 3: filter, aggregation, join• 1 million records
• How does Opaque compare to state-of-the-art oblivious systems?
![Page 255: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/255.jpg)
Evaluation• How does Opaque compare to Spark SQL?
• Big Data Benchmark (BDB); 4 queries total• Queries 1, 2, 3: filter, aggregation, join• 1 million records
• How does Opaque compare to state-of-the-art oblivious systems?• GraphSC (oblivious graph analytics)
![Page 256: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/256.jpg)
Evaluation• How does Opaque compare to Spark SQL?
• Big Data Benchmark (BDB); 4 queries total• Queries 1, 2, 3: filter, aggregation, join• 1 million records
• How does Opaque compare to state-of-the-art oblivious systems?• GraphSC (oblivious graph analytics)
• PageRank
![Page 257: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/257.jpg)
Big Data Benchmark (distributed)
![Page 258: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/258.jpg)
Big Data Benchmark (distributed)
Data encryption, authentication, computation verification
![Page 259: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/259.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
![Page 260: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/260.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
![Page 261: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/261.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
![Page 262: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/262.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
Overhead: -0.47x to 2.3x
![Page 263: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/263.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
Overhead: -0.47x to 2.3x
+ Obliviousness
![Page 264: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/264.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
Overhead: -0.47x to 2.3x
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
+ Obliviousness
![Page 265: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/265.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
Overhead: -0.47x to 2.3x
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
+ Obliviousness
![Page 266: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/266.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
Overhead: -0.47x to 2.3x
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
+ Obliviousness
![Page 267: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/267.jpg)
Big Data Benchmark (distributed)
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
Data encryption, authentication, computation verification
Overhead: -0.47x to 2.3x
Run
time
(s)
0.01
0.1
1
10
100
Query numberQuery 1 Query 2 Query 3
Spark SQLOpaque
+ Obliviousness
Overhead: 21x to 45x
![Page 268: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/268.jpg)
PageRank: comparison with GraphSC (single machine)
![Page 269: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/269.jpg)
Conclusion
![Page 270: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/270.jpg)
Conclusion• Opaque is an oblivious and encrypted
distributed analytics platform
![Page 271: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/271.jpg)
Conclusion• Opaque is an oblivious and encrypted
distributed analytics platform
• Open source: github.com/ucbrise/opaque
![Page 272: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/272.jpg)
Conclusion• Opaque is an oblivious and encrypted
distributed analytics platform
• Open source: github.com/ucbrise/opaque
• IBM collaboration
![Page 273: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/273.jpg)
Conclusion• Opaque is an oblivious and encrypted
distributed analytics platform
• Open source: github.com/ucbrise/opaque
• IBM collaboration
• Future work
![Page 274: Opaque: An Oblivious and Encrypted Distributed Analytics ...netseminar.stanford.edu/seminars/04_12_18.pdf · Client Server enclave untrusted OS. Enables verifying which code runs](https://reader034.fdocuments.in/reader034/viewer/2022052005/6018af73a358a566d57c4ef9/html5/thumbnails/274.jpg)
Conclusion• Opaque is an oblivious and encrypted
distributed analytics platform
• Open source: github.com/ucbrise/opaque
• IBM collaboration
• Future work
• Federated setting