FLARE: A Fast, Secure, and Memory-Efficient Distributed Analytics Framework (Flavor: Systems)

As big data processing in the cloud becomes prevalent today, data privacy on such public platforms raises critical concerns. Hardware-based trusted execution environments (TEEs) provide promising and practical platforms for low-cost privacy-preserving data processing. However, using TEEs to enhance the security of data analytics frameworks like Apache Spark involves challenging issues when separating various framework components into trusted and untrusted domains, demanding meticulous considerations for programmability, performance, and security. Based on Intel SGX, we build Flare, a fast, secure, and memory-efficient data analytics framework with a familiar user programming interface and useful functionalities similar to Apache Spark. Flare ensures confidentiality and integrity by keeping sensitive data and computations encrypted and authenticated. It also supports oblivious processing to protect against access pattern side channels. The main innovations of Flare include a novel abstraction paradigm of shadow operators and shadow tasks to minimize trusted components and reduce domain switch overheads, memory-efficient data processing with proper granularities for different operators, and adaptive parallelization based on memory allocation intensity for better scalability. Flare outperforms the state-of-the-art secure framework by 3.0× to 176.1×, and is also 2.8× to 28.3× faster than a monolithic libOS-based integration approach.

• Publication year

  2023

• Venue

  Proceedings of the VLDB Endowment

• Publication date

  2023-02-01

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.14778/3583140.3583158
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Scalable Memory Protection in the PENGLAI Enclave

  2021cited by this paper
• Avocado: A Secure In-Memory Distributed Storage System

  2021cited by this paper
• Uranus: Simple, Efficient SGX Programming and its Applications

  2020cited by this paper
• MapReduce

  2020cited by this paper
• Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX

  2020cited by this paper
• Game of Threads: Enabling Asynchronous Poisoning Attacks

  2020cited by this paper
• COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX

  2020influential reference
• A Practical Intel SGX Setting for Linux Containers in the Cloud

  2019cited by this paper
• SGX-PySpark: Secure Distributed Data Analytics

  2019influential reference
• ShieldStore: Shielded In-memory Key-value Storage with SGX

  2019cited by this paper
• SGX-LKL: Securing the Host OS Interface for Trusted Execution

  2019cited by this paper
• Towards Memory Safe Enclave Programming with Rust-SGX

  2019cited by this paper
• Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges

  2019cited by this paper
• Everything You Should Know About Intel SGX Performance on Virtualized Systems

  2019cited by this paper
• X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers

  2019cited by this paper
• ZeroTrace : Oblivious Memory Primitives from Intel SGX

  2018influential reference
• FPGA-Based Remote Power Side-Channel Attacks

  2018cited by this paper
• EnclaveDB: A Secure Database Using SGX

  2018cited by this paper
• sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves

  2018influential reference
• Path ORAM

  2018cited by this paper
• Oblix: An Efficient Oblivious Search Index

  2018cited by this paper
• Partitioned Data Security on Outsourced Sensitive and Non-Sensitive Data

  2018cited by this paper
• VeritasDB: High Throughput Key-Value Store with Integrity

  2018cited by this paper
• To Isolate, or to Share?: That is a Question for Intel SGX

  2018cited by this paper
• Eliminating timing side-channel leaks using program repair

  2018cited by this paper
• SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors

  2017cited by this paper
• Multiprogramming a 64kB Computer Safely and Efficiently

  2017cited by this paper
• ObliDB: Oblivious Query Processing using Hardware Enclaves

  2017cited by this paper
• T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

  2017cited by this paper
• Cache Attacks on Intel SGX

  2017cited by this paper
• Malware Guard Extension: Using SGX to Conceal Cache Attacks

  2017cited by this paper
• POSTER: Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave

  2017cited by this paper
• Opaque: An Oblivious and Encrypted Distributed Analytics Platform

  2017influential reference
• Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX

  2017cited by this paper
• Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution

  2017cited by this paper
• On the Performance of Intel SGX

  2016cited by this paper
• A Memory Encryption Engine Suitable for General Purpose Processors

  2016cited by this paper
• AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves

  2016cited by this paper
• Sanctum: Minimal Hardware Extensions for Strong Software Isolation

  2016influential reference
• Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing

  2016cited by this paper
• CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy

  2016cited by this paper
• Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave

  2016cited by this paper
• M2R: Enabling Stronger Privacy in MapReduce Computation

  2015cited by this paper
• SEMROD: Secure and Efficient MapReduce Over HybriD Clouds

  2015cited by this paper
• GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation

  2015cited by this paper
• Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems

  2015cited by this paper
• VC3: Trustworthy Data Analytics in the Cloud Using SGX

  2015influential reference
• GraphSC: Parallel Secure Computation Made Easy

  2015cited by this paper
• ObliVM: A Programming Framework for Secure Computation

  2015cited by this paper
• Thermal Covert Channels on Multi-core Platforms

  2015cited by this paper
• Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM

  2014cited by this paper
• Shielding Applications from an Untrusted Cloud with Haven

  2014cited by this paper
• Innovative instructions and software model for isolated execution

  2013influential reference
• Using innovative instructions to create trustworthy software solutions

  2013influential reference
• Iago attacks: why the system call API is a bad untrusted RPC interface

  2013cited by this paper
• Innovative Technology for CPU Based Attestation and Sealing

  2013influential reference
• Path ORAM: an extremely simple oblivious RAM protocol

  2012influential reference
• Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing

  2012cited by this paper
• Learning to Discover Social Circles in Ego Networks

  2012cited by this paper
• Sedic: privacy-aware data intensive computing on hybrid clouds

  2011cited by this paper
• TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality

  2011cited by this paper
• A fully homomorphic encryption scheme

  2009cited by this paper
• Community Structure in Large Networks: Natural Cluster Sizes and the Absence of Large Well-Defined Clusters

  2008cited by this paper
• MapReduce: simplified data processing on large clusters

  2008cited by this paper
• Graphs over time: densification laws, shrinking diameters and possible explanations

  2005cited by this paper
• TrustZone : Integrated Hardware and Software Security

  2004cited by this paper
• Remote timing attacks are practical

  2003cited by this paper
• Language-based information-flow security

  2003cited by this paper
• Electromagnetic Analysis: Concrete Results

  2001cited by this paper
• Fair exchange with a semi-trusted third party (extended abstract)

  1997cited by this paper
• Software protection and simulation on oblivious RAMs

  1996cited by this paper
• Improving the cache locality of memory allocation

  1993cited by this paper
• How to play ANY mental game

  1987cited by this paper
• Towards a theory of software protection and simulation by oblivious RAMs

  1987influential reference
• Bitonic Sort on a Mesh-Connected Parallel Computer

  1979cited by this paper
• 2013 IEEE Symposium on Security and Privacy Practical Timing Side Channel Attacks Against Kernel Space ASLR

  year unknowncited by this paper
• This paper is included in the Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’16).

  year unknowninfluential reference

• Hardware technology evolution for privacy preservation in pervasive cloud computing: A comprehensive review

  2026cites this paper
• Confidential Analytics with Scylla

  2025cites this paper
• Jodes: Efficient Oblivious Join in the Distributed Setting

  2025cites this paper
• LoRATEE: A Secure and Efficient Inference Framework for Multi-Tenant LoRA LLMs Based on TEE

  2025cites this paper
• FIMFS: A Fine-Grained in-Memory Secure Storage System for Distributed Confidential Containers

  2025cites this paper
• Secure Undirected-Graph Computation Towards Efficiency and Scalability

  2024cites this paper
• MapComp: A Secure View-based Collaborative Analytics Framework for Join-Group-Aggregation

  2024cites this paper
• Making Privacy-preserving Federated Graph Analytics Practical (for Certain Queries)

  2024cites this paper
• Preemptive Switch Memory Usage to Accelerate Training Jobs with Shared In-Network Aggregation

  2023cites this paper
• Demystifying the QoS and QoE of Edge-hosted Video Streaming Applications in the Wild with SNESet

  2023cites this paper
• SODA: A Set of Fast Oblivious Algorithms in Distributed Secure Data Analytics

  2023influential citation
• Protecting User Privacy in Remote Conversational Systems: A Privacy-Preserving framework based on text sanitization

  2023cites this paper