Tamper-proof access control for IoT clouds using enclaves

Internet of Things (IoT) devices rely on cloud computing for processing user-sensitive data, like health recordings and geolocalization. In this case, security primitives like cryptography and certificate-based authentication does not prevent the cloud provider from acting against the privacy policy. This paper presents a framework for clouds to execute arbitrarily complex processing tasks over IoT data while maintaining the access control policies over the client's control. We rely on a memory enclave to enforce that the cloud follows personal and customizable access policies and analyzed the security properties of our scheme. The performance evaluation reveals that these robust security improvements come with a latency overhead of just 0.1 ms, confirming the system's viability. The system leverages multi-threaded processing inside an enclave to process thousands of client messages per second, achieving high scalability. This work also contributes with a microbenchmark that identifies how much each step of an enclave application influences the performance and evaluates the enclave viability for performing realistic IoT data processing. (AU)