Using Trusted Execution Environments for Secure Stream Processing of Medical Data

(Case Study Paper)
  • Carlos SegarraEmail author
  • Ricard Delgado-Gonzalo
  • Mathieu Lemay
  • Pierre-Louis Aublin
  • Peter Pietzuch
  • Valerio Schiavoni
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11534)


Processing sensitive data, such as those produced by body sensors, on third-party untrusted clouds is particularly challenging without compromising the privacy of the users generating it. Typically, these sensors generate large quantities of continuous data in a streaming fashion. Such vast amount of data must be processed efficiently and securely, even under strong adversarial models. The recent introduction in the mass-market of consumer-grade processors with Trusted Execution Environments (TEEs), such as Intel SGX, paves the way to implement solutions that overcome less flexible approaches, such as those atop homomorphic encryption. We present a secure streaming processing system built on top of Intel SGX to showcase the viability of this approach with a system specifically fitted for medical data. We design and fully implement a prototype system that we evaluate with several realistic datasets. Our experimental results show that the proposed system achieves modest overhead compared to vanilla Spark while offering additional protection guarantees under powerful attackers and threat models.


Spark Data streaming Intel SGX Medical data Case-study 



We are grateful to the members of the LSDS Team ( at Imperial College London to have provided us early access to SGX-Spark.


  1. 1.
  2. 2.
    Coming Soon: Amazon EC2 C5 Instances, the next generation of Compute Optimized instances.
  3. 3.
  4. 4.
    Docker Documentation: Docker Compose.
  5. 5.
  6. 6.
    Eclipse Paho MQTT Implementation.
  7. 7.
    Intel Software Guard Extension for Linux OS Driver on GitHub.
  8. 8.
    MQTT Communication Protocol.
  9. 9.
    Open Portable Trusted Execution Environment.
  10. 10.
  11. 11.
  12. 12.
  13. 13.
    Spectre Attack SGX on Github.
  14. 14.
    The Scala Programming Language.
  15. 15.
    D3.2 SecureCloud: Specification and Implementation of Reusable Secure Microservices (2017).
  16. 16.
    Apache Foundation: Spark streaming programming guide.
  17. 17.
    Armbrust, M., et al.: Structured streaming: a declarative API for real-time applications in Apache Spark. In: ACM SIGMOD 2018 (2018)Google Scholar
  18. 18.
    Armbrust, M., et al.: Spark SQL: relational data processing in Spark. In: ACM SIGMOD 2015 (2015)Google Scholar
  19. 19.
    Barbosa, M., et al.: SAFETHINGS: data security by design in the IoT. In: IEEE EDCC 2017 (2017)Google Scholar
  20. 20.
    Costan, V., Devadas, S.: Intel SGX explained. IACR 2016 (2016)Google Scholar
  21. 21.
    Darrow, B.: Google is first in line to get Intel’s next-gen server chip.
  22. 22.
    Gartner: Leading the IoT Gartner Insights on how to lead in a connected world (2017)Google Scholar
  23. 23.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: ACM STOC 2009 (2009)Google Scholar
  24. 24.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012). Scholar
  25. 25.
    Göttel, C., et al.: Security, performance and energy trade-offs of hardware-assisted memory protection mechanisms. In: IEEE SRDS 2018 (2018)Google Scholar
  26. 26.
    Gueron, S.: A memory encryption engine suitable for general purpose processors. IACR 2016Google Scholar
  27. 27.
    Havet, A., et al.: SecureStreams: a reactive middleware framework for secure data stream processing. In: ACM DES 2017 (2017)Google Scholar
  28. 28.
    Koliousis, A., et al.: SABER: window-based hybrid stream processing for heterogeneous architectures. In: ACM SIGMOD 2016 (2016)Google Scholar
  29. 29.
    Kumar, A., Shaik, F., Rahim, B.A., Kumar, D.S.: Signal and Image Processing in Medical Applications. Springer, Heidelberg (2016). Scholar
  30. 30.
    Malik, M.: Heart rate variability: standards of measurement, physiological interpretation, and clinical use. Circulation 93, 1043–1065 (1996)CrossRefGoogle Scholar
  31. 31.
    McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP 2013 (2013)Google Scholar
  32. 32.
    Miao, H., Park, H., Jeon, M., Pekhimenko, G., McKinley, K.S., Lin, F.X.: StreamBox: modern stream processing on a multicore machine. In: USENIX ATC 2017 (2017)Google Scholar
  33. 33.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). Scholar
  34. 34.
    Parák, J., Tarniceriu, A., Renevey, P., Bertschi, M., Delgado-Gonzalo, R., Korhonen, I.: Evaluation of the beat-to-beat detection accuracy of PulseOn wearable optical heart rate monitor. In: IEEE EMBC 2015 (2015)Google Scholar
  35. 35.
    Puthal, D., Nepal, S., Ranjan, R., Chen, J.: DPBSV - an efficient and secure scheme for big sensing data stream. In: IEEE TRUSTCOM 2015 (2015)Google Scholar
  36. 36.
    Renevey, P., et al.: Respiratory and cardiac monitoring at night using a wrist wearable optical system. In: IEEE EMBC 2018 (2018)Google Scholar
  37. 37.
    Russinovich, M.: Introducing Azure Confidential Computing.
  38. 38.
    Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). Scholar
  39. 39.
    Shaffer, F., Ginsberg, J.P.: An overview of heart rate variability metrics and norms. Front. Pub. Health 5, 258 (2017). Scholar
  40. 40.
    Stephen, J.J., Savvides, S., Sundaram, V., Ardekani, M.A., Eugster, P.: STYX: stream processing with trustworthy cloud-based execution. In: ACM SoCC 2016 (2016)Google Scholar
  41. 41.
    Tetali, S.D., Lesani, M., Majumdar, R., Millstein, T.: MrCrypt: static analysis for secure cloud computations. In: ACM OOPSLA 2013 (2013)Google Scholar
  42. 42.
    Van Bulck, J., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: USENIX Security 2018 (2018)Google Scholar
  43. 43.
    Van Zaen, J., Chételat, O., Lemay, M., Calvo, E.M., Delgado-Gonzalo, R.: Classification of cardiac arrhythmias from single lead ECG with a convolutional recurrent neural network. In: BIOSTEC 2019 (2019)Google Scholar
  44. 44.
    Venkataraman, S., et al.: Drizzle: fast and adaptable stream processing at scale. In: ACM OSP 2017 (2017)Google Scholar
  45. 45.
    Xiong, Z., Nash, M., Cheng, E., Fedorov, V., Stiles, M., Zhao, J.: ECG signal classification for the detection of cardiac arrhythmias using a convolutional recurrent neural network. Physiol. Measur. 39, 094006 (2018)CrossRefGoogle Scholar
  46. 46.
    Zaharia, M., Chowdhury, M., Franklin, M.J., Shenker, S., Stoica, I.: Spark: cluster computing with working sets. In: USENIX HotCloud 2010 (2010)Google Scholar
  47. 47.
    Zaharia, M., Das, T., Li, H., Shenker, S., Stoica, I.: Discretized streams: an efficient and fault-tolerant model for stream processing on large clusters. In: USENIX HotCloud 2012 (2012)Google Scholar
  48. 48.
    Zaharia, M., et al.: Apache spark: a unified engine for big data processing. Commun. ACM 2016 59, 56–65 (2016)Google Scholar
  49. 49.
    Zheng, W., Dave, A., Beekman, J.G., Popa, E.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: USENIX NSDI 2017 (2017)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  1. 1.CSEMNeuchâtelSwitzerland
  2. 2.Imperial College LondonLondonUK
  3. 3.University of NeuchâtelNeuchâtelSwitzerland

Personalised recommendations