Privacy-preserving recommendations for Online Social Networks using Trusted Execution Environments
Resumo
Online Social Networks (OSN) have changed how individuals interact with each other and with organizations, offering means of communication, publication and consumption of information. As OSNs have become a substantial part of users’ online activities, OSN providers have understood the value of the data being generated and exploited it to maximize profits. Recently, malicious agents have invested in the manipulation of OSN data to attain commercial advantages or influence public opinion with dangerous consequences. This paper describes our ongoing efforts towards the use of Trusted Execution Environments (TEE), more specifically Intel’s SGX, for the management of recommendation engines for OSNs. Our solution focuses on protection of user data and prevention of misuse without compromising OSNs’ functionality nor OSNs’ revenue from advertisements. We describe the architecture of our system and report performance results that can be used to guide the selection of recommendation algorithms for execution under SGX.
Referências
S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthu-kumaran, D. O’Keeffe, M. Stillwell, D. Goltzsche, D. M. Eyers, R. Kapitza, P. R. Pietzuch, and C. Fetzer. Scone: Secure linux containers with intel sgx. In 12th USENIX Symposium on Operating Systems Design and Implementation, 2016.
V. Costan and S. Devadas. Intel sgx explained. Technical Report 2016/086, Cryptology ePrint Archive, 2016.
M. Fire, R. Goldschmidt, and Y. Elovici. Online social networks: Threats and solutions. IEEE Communications Surveys and Tutorials, 16(4):2019–2036, 2014.
F. M. Harper and J. A. Konstan. The movielens datasets: History and context. ACM Trans. Interact. Intell. Syst., 5(4):19:1–19:19, Dec. 2015.
N. Hug. Surprise, a Python library for recommender systems. [link], 2017.
I. R. Intel. Software guard extensions sdk for linux* os, revision 1.5.
F. Kelbert, F. Gregor, R. Pires, S. Köpsell, M. Pasin, A. Havet, V. Schiavoni, P. Felber, C. Fetzer, and P. R. Pietzuch. Securecloud: Secure big data processing in untrusted clouds. In D. Atienza and G. D. Natale, editors, DATE, pages 282–285. IEEE, 2017.
W. Zheng, A. Dave, J. G. Beekman, R. A. Popa, J. E. Gonzalez, and I. Stoica. Opaque: An oblivious and encrypted distributed analytics platform. In 14th USENIX Symposium on Networked Systems Design and Implementation, pages 283–298, 2017.
G. Zyskind, O. Nathan, and A. Pentland. Decentralizing privacy: Using blockchain to protect personal data. In IEEE Symposium on Security and Privacy Workshops, pages 180–184. IEEE Computer Society, 2015.
