%0 Conference Proceedings %T On the Trade-Offs of Combining Multiple Secure Processing Primitives for Data Analytics %+ Universidade do Minho = University of Minho [Braga] %A Carvalho, Hugo %A Cruz, Daniel %A Pontes, Rogério %A Paulo, João %A Oliveira, Rui %Z Part 1: Privacy and Security %< avec comité de lecture %( Lecture Notes in Computer Science %B 20th IFIP International Conference on Distributed Applications and Interoperable Systems (DAIS) %C Valletta, Malta %Y Anne Remke %Y Valerio Schiavoni %I Springer International Publishing %3 Distributed Applications and Interoperable Systems %V LNCS-12135 %P 3-20 %8 2020-06-15 %D 2020 %R 10.1007/978-3-030-50323-9_1 %K Data analytics %K Privacy %K Trusted hardware %Z Computer Science [cs] %Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers %X Cloud Computing services for data analytics are increasingly being sought by companies to extract value from large quantities of information. However, processing data from individuals and companies in third-party infrastructures raises several privacy concerns. To this end, different secure analytics techniques and systems have recently emerged. These initial proposals leverage specific cryptographic primitives lacking generality and thus having their application restricted to particular application scenarios. In this work, we contribute to this thriving body of knowledge by combining two complementary approaches to process sensitive data.We present SafeSpark, a secure data analytics framework that enables the combination of different cryptographic processing techniques with hardware-based protected environments for privacy-preserving data storage and processing. SafeSpark is modular and extensible therefore adapting to data analytics applications with different performance, security and functionality requirements.We have implemented a SafeSpark’s prototype based on Spark SQL and Intel SGX hardware. It has been evaluated with the TPC-DS Benchmark under three scenarios using different cryptographic primitives and secure hardware configurations. These scenarios provide a particular set of security guarantees and yield distinct performance impact, with overheads ranging from as low as 10% to an acceptable 300% when compared to an insecure vanilla deployment of Apache Spark. %G English %Z TC 6 %Z WG 6.1 %2 https://inria.hal.science/hal-03223252/document %2 https://inria.hal.science/hal-03223252/file/495624_1_En_1_Chapter.pdf %L hal-03223252 %U https://inria.hal.science/hal-03223252 %~ IFIP-LNCS %~ IFIP %~ IFIP-TC %~ IFIP-WG %~ IFIP-TC6 %~ IFIP-WG6-1 %~ IFIP-DAIS %~ IFIP-LNCS-12135