QShield: Protecting Outsourced Cloud Data Queries With Multi-User Access Control Based on SGX

Due to the concern on cloud security, digital encryption is applied before outsourcing data for utilization. This introduces a challenge about how efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged offer efficiency, generality flexibility. However, SGX-based lack support multi-user query control security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect results, sensitive information leakage. In this article, we leverage SGX propose secure efficient SQL-style framework named QShield. Notably, novel lightweight secret sharing scheme in QShield enable control; it effectively circumvents avoids cumbersome remote attestation authentication. We further embed trust-proof mechanism into guarantee trustworthiness of invocation; ensures correctness results alleviates side-channel attacks. Through formal analysis, proof-of-concept implementation performance evaluation, show can securely outsourced with efficiency scalable support.