SecDAF: An efficient secure multi-source data analysis framework

Multi-source data analysis promises valuable insights but encounters challenges in preserving data privacy. While cryptography facilitates secure multi-party computation, its performance overhead hinders practicality. Recent advancements in trusted execution environments — Intel Software Guard Extension (SGX), present a promising alternative due to its efficiency. However, existing SGX-based methods exhibit limitations: (1) Unrealistic assumption of code security. They presume the data analysis code itself is secure, which is often not guaranteed. (2) Performance bottlenecks for large datasets. Heavy reliance on data encryption/decryption significantly impacts performance. (3) Steep learning curve for data analysts. Analysts need prior knowledge of SGX to develop secure programs. To overcome these limitations, this paper presents SecDAF, a secure and efficient framework for multi-source data analysis. SecDAF introduces ReE-Fuse, a novel mechanism that combines reusable enclaves with a fuse-threshold security policy, enabling secure execution across diverse analysis tasks without requiring repeated code audits. By integrating this mechanism with homomorphic encryption via a lightweight protocol, SecDAF ensures strong privacy guarantees while significantly reducing cryptographic overhead. Additionally, SecDAF provides Python APIs that allow analysts to implement secure computations without prior knowledge of SGX internals. Experimental results show that SecDAF achieves over 2×performance improvement compared to a state-of-the-art secure multi-party computation approach, while also enhancing usability and security assurance.