PriSIEM: Enabling privacy-preserving Managed Security Services

Security monitoring is invariably enabled by Security Information and Event Management (SIEM) technology. A major problem with SIEM is that in house deployment and operation are costly in terms of purchase, human resources, and IT infrastructure. Managed Security Services (MSS) offerings can provide high quality security monitoring solutions at a fraction of the cost. However, outsourcing security monitoring might entail data confidentiality and integrity risks and current MSS solutions are unable to meet the stringent privacy requirements posed by a wide range of applications. We present PriSIEM, an efficient distributed computing model which enables privacy-preserving MSS, by leveraging two of the most promising techniques for confidential computing, namely hardware-assisted Trusted Execution (TE) and Homomorphic Encryption (HE). TE is used to create a shielded computing environment in the provider’s domain, which can be trusted by the data owner. In this trusted environment, potentially sensitive data is encrypted using HE, before it is moved and processed in the rest of the provider’s domain (i.e. externally to the TE environment), which cannot be trusted by the data owner. An experimental campaign has been conducted on a proof-of-concept implementation to validate the effectiveness of the hardening mechanisms and to evaluate the performance of the PriSIEM distributed environment.