Servicenavigation

Project Details

Back

Projekt Print View

PRIMaTE: PRIvacy preserving Multi-compartment Trusted Execution

Subject Area Security and Dependability, Operating-, Communication- and Distributed Systems
Term from 2017 to 2024
Project identifier Deutsche Forschungsgemeinschaft (DFG) - Project number 391790956
 
Final Report Year 2025

Final Report Abstract

Today, billions of people rely on a wide variety of online services every day, including web search engines, location-based services, and recommendation systems. The personalisation of results is crucial for the success of these services, that is, providing results that align with each user’s specific interests. For example, when two users perform the same web search, search engines will generally rank the results differently to best fit each user’s preferences. However, depending on the application, user profiles may contain sensitive information. In this context, it is essential to develop mechanisms that enable users to securely access online services without worrying that their data will leak from these services or be used in other undesirable ways. As part of the PRIMaTE project, we propose a systematic approach to decomposing online services into compartments that are hardware-secured. Each compartment only has access to the data necessary to perform its assigned task. In the event of a security breach, for example, if attackers exploit a weakness in the code of one or more compartments, the impact of leaked data is minimized. PRIMaTE achieves this by using novel trusted execution environments (TEEs), such as Intel’s Software Guard Extensions (SGX), which are offered by current server processors. While previous research on TEEs has focused on deploying entire legacy applications, such as databases, in a single TEE or creating ad hoc solutions to split existing applications into two parts, PRIMaTE takes this a step further by proposing a systematic and fine-grained approach to using multiple TEEs. In this setting, each TEE handles as little data as possible and has a tailored and therefore a small trusted computing base. This makes it difficult to exploit a PRIMaTE TEE and aims to limit the information exposed if an attacker successfully breaks into a TEE. To address the research goals of the PRIMaTE project, three main areas were explored. First, the system properties of Intel SGX, the primary technology for decomposing an application into multiple secured compartments, were analyzed in detail. These results provided detailed information on the impact of decomposing applications into multiple TEEs. Second, support for decomposing applications into multiple compartments was developed. The core contribution in this regard is EActors, an actor framework optimized for Intel SGX which enhances the flexibility, efficiency and performance of secure applications using multiple enclaves. Third, multiple services were decomposed into tailored TEE-secured compartments. These included a secure, scalable and accurate private web search solution, as well as a Byzantine fault-tolerant agreement framework that hosts a blockchain. In summary, PRIMaTE advanced the state-of-the-art in decomposing services into TEE-secured compartments to strengthen confidentiality and resilience guarantees.

Publications

 
 

Additional Information

© 2026 DFG Disclaimer / Copyright / Privacy Policy

Textvergrößerung und Kontrastanpassung