# Secure Content-Based Routing Using Intel Software Guard Extensions

**Authors:** Rafael Pires, Marcelo Pasin, Pascal Felber, Christof Fetzer

arXiv: 1701.04612 · 2017-01-18

## TL;DR

This paper demonstrates how Intel SGX trusted hardware can enable privacy-preserving content-based routing with efficient matching, overcoming limitations of previous software-only solutions.

## Contribution

It introduces a novel CBR engine leveraging Intel SGX enclaves, providing practical privacy and performance benefits over existing methods.

## Key findings

- SGX adds limited overhead to plaintext matching
- The SGX-based CBR engine outperforms software-only solutions
- First practical demonstration of SGX for privacy-preserving CBR

## Abstract

Content-based routing (CBR) is a powerful model that supports scalable asynchronous communication among large sets of geographically distributed nodes. Yet, preserving privacy represents a major limitation for the wide adoption of CBR, notably when the routers are located in public clouds. Indeed, a CBR router must see the content of the messages sent by data producers, as well as the filters (or subscriptions) registered by data consumers. This represents a major deterrent for companies for which data is a key asset, as for instance in the case of financial markets or to conduct sensitive business-to-business transactions. While there exists some techniques for privacy-preserving computation, they are either prohibitively slow or too limited to be usable in real systems. In this paper, we follow a different strategy by taking advantage of trusted hardware extensions that have just been introduced in off-the-shelf processors and provide a trusted execution environment. We exploit Intel's new software guard extensions (SGX) to implement a CBR engine in a secure enclave. Thanks to the hardware-based trusted execution environment (TEE), the compute-intensive CBR operations can operate on decrypted data shielded by the enclave and leverage efficient matching algorithms. Extensive experimental evaluation shows that SGX adds only limited overhead to insecure plaintext matching outside secure enclaves while providing much better performance and more powerful filtering capabilities than alternative software-only solutions. To the best of our knowledge, this work is the first to demonstrate the practical benefits of SGX for privacy-preserving CBR.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1701.04612/full.md

## Figures

8 figures with captions in the complete paper: https://tomesphere.com/paper/1701.04612/full.md

## References

29 references — full list in the complete paper: https://tomesphere.com/paper/1701.04612/full.md

---
Source: https://tomesphere.com/paper/1701.04612