Lorenzo Brescia
PhD student
Computer Science Department, University of Turin
Via Pessinetto 12, 10149 Torino – Italy
email: lorenzo.brescia@unito.it
Short Bio
Lorenzo Brescia is a PhD student in Modeling and Data Science at the University of Turin.
He received his Bachelor’s Degree in Computer Science in 2020 with a thesis on coupling tracing events between host and guest Linux machines.
He also received the Master’s Degree in Computer Science in 2023 with a thesis proposing a method to automate the execution of a workflow involving steps executed inside a trusted execution environment (Intel SGX).
Fields of interest
- High-Performance Computing
- Networking
- Cyber Security
- Trusted computing (SGX)
Publications
2024
Lorenzo Brescia, Marco Aldinucci
Secure Generic Remote Workflow Execution with TEEs Proceedings Article
In: Proceedings of the 2nd Workshop on Workflows in Distributed Environments, pp. 8-13, ACM, Athens, Greece, 2024.
Abstract | Links | BibTeX | Tags: confidential, icsc
@inproceedings{23:brescia:wide,
title = {Secure Generic Remote Workflow Execution with TEEs},
author = {Lorenzo Brescia and Marco Aldinucci},
doi = {10.1145/3642978.3652834},
year = {2024},
date = {2024-01-01},
booktitle = {Proceedings of the 2nd Workshop on Workflows in Distributed Environments},
pages = {8-13},
publisher = {ACM},
address = {Athens, Greece},
abstract = {In scientific environments, the frequent need to process substantial volumes of data poses a common challenge. Individuals tasked with executing these computations frequently encounter a deficit in local computational resources, leading them to opt for the facilities of a Cloud Service Provider (CSP) for data processing. However, the data subjected to these calculations may be subject to confidentiality constraints. This paper introduces a proof-of-concept framework that leverages Gramine LibOS and Intel SGX, enabling the protection of generic remote workflow computations through SGX enclaves as Trusted Execution Environments (TEEs). The framework entails the delineation of user and CSP behavior and has been implemented using Bash scripts. Furthermore, an infrastructure has been designed for the Data Center Attestation Primitives (DCAP) remote attestation mechanism, wherein the user gains trust in the proper instantiation of the enclave within the CSP. To assess the framework efficacy, it has been tested on two distinct workflows, one trivial and the other involving real-world bioinformatics applications for processing DNA data. The performance study revealed that the framework incurred an acceptable overhead, ranging from a factor of x1.4 to x1.8 compared to unsafe execution practice.},
howpublished = {Proceedings of the 2nd Workshop on Workflows in Distributed Environments},
keywords = {confidential, icsc},
pubstate = {published},
tppubtype = {inproceedings}
}
In scientific environments, the frequent need to process substantial volumes of data poses a common challenge. Individuals tasked with executing these computations frequently encounter a deficit in local computational resources, leading them to opt for the facilities of a Cloud Service Provider (CSP) for data processing. However, the data subjected to these calculations may be subject to confidentiality constraints. This paper introduces a proof-of-concept framework that leverages Gramine LibOS and Intel SGX, enabling the protection of generic remote workflow computations through SGX enclaves as Trusted Execution Environments (TEEs). The framework entails the delineation of user and CSP behavior and has been implemented using Bash scripts. Furthermore, an infrastructure has been designed for the Data Center Attestation Primitives (DCAP) remote attestation mechanism, wherein the user gains trust in the proper instantiation of the enclave within the CSP. To assess the framework efficacy, it has been tested on two distinct workflows, one trivial and the other involving real-world bioinformatics applications for processing DNA data. The performance study revealed that the framework incurred an acceptable overhead, ranging from a factor of x1.4 to x1.8 compared to unsafe execution practice.
Talks
2024
Lorenzo Brescia
Secure Generic Remote Workflow Execution with TEEs Miscellaneous
Proceedings of the 2nd Workshop on Workflows in Distributed Environments, 2024.
Abstract | Links | BibTeX | Tags: confidential, icsc
@misc{23:brescia:wide:talk,
title = {Secure Generic Remote Workflow Execution with TEEs},
author = {Lorenzo Brescia},
url = {https://datacloud.di.unito.it/index.php/s/Prxq6EWGbcN8sWx},
year = {2024},
date = {2024-04-01},
address = {Athens, Greece},
abstract = {In scientific environments, the frequent need to process substantial volumes of data poses a common challenge. Individuals tasked with executing these computations frequently encounter a deficit in local computational resources, leading them to opt for the facilities of a Cloud Service Provider (CSP) for data processing. However, the data subjected to these calculations may be subject to confidentiality constraints. This paper introduces a proof-of-concept framework that leverages Gramine LibOS and Intel SGX, enabling the protection of generic remote workflow computations through SGX enclaves as Trusted Execution Environments (TEEs). The framework entails the delineation of user and CSP behavior and has been implemented using Bash scripts. Furthermore, an infrastructure has been designed for the Data Center Attestation Primitives (DCAP) remote attestation mechanism, wherein the user gains trust in the proper instantiation of the enclave within the CSP. To assess the framework efficacy, it has been tested on two distinct workflows, one trivial and the other involving real-world bioinformatics applications for processing DNA data. The performance study revealed that the framework incurred an acceptable overhead, ranging from a factor of x1.4 to x1.8 compared to unsafe execution practice.},
howpublished = {Proceedings of the 2nd Workshop on Workflows in Distributed Environments},
keywords = {confidential, icsc},
pubstate = {published},
tppubtype = {misc}
}
In scientific environments, the frequent need to process substantial volumes of data poses a common challenge. Individuals tasked with executing these computations frequently encounter a deficit in local computational resources, leading them to opt for the facilities of a Cloud Service Provider (CSP) for data processing. However, the data subjected to these calculations may be subject to confidentiality constraints. This paper introduces a proof-of-concept framework that leverages Gramine LibOS and Intel SGX, enabling the protection of generic remote workflow computations through SGX enclaves as Trusted Execution Environments (TEEs). The framework entails the delineation of user and CSP behavior and has been implemented using Bash scripts. Furthermore, an infrastructure has been designed for the Data Center Attestation Primitives (DCAP) remote attestation mechanism, wherein the user gains trust in the proper instantiation of the enclave within the CSP. To assess the framework efficacy, it has been tested on two distinct workflows, one trivial and the other involving real-world bioinformatics applications for processing DNA data. The performance study revealed that the framework incurred an acceptable overhead, ranging from a factor of x1.4 to x1.8 compared to unsafe execution practice.