Distributed shielded execution for transmissible cyber threats analysis.

Abstract Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats' sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees. Highlights • A distributed shielded execution framework for network cyber threats analysis is presented. • A brief secure partition mechanism is proposed to decouple secure and normal spaces. • A context-switch secure interface is proposed to reduce Iago attacks. • New key–value encryption operations are integrated to prevent rollback and replay attacks. [ABSTRACT FROM AUTHOR]