Visa Research is a newly formed lab at Visa, growing its research team around machine learning, systems security, cryptography, and blockchain. We will discuss some new results in verifiable computation for databases and for machine learning.
First, I will present VeritasDB, a key-value store that guarantees integrity to the client in the presence of exploits or implementation bugs in the database server. VeritasDB is implemented as a network proxy that mediates communication between the unmodified client(s) and the database server, which can be any off-the-shelf database engine (e.g., Redis, RocksDB). Since the proxy is trusted, we use security primitives offered by modern processors, such as Intel SGX enclaves, to protect the proxy’s code and state, thus completely eliminating trust on the cloud provider. To perform integrity checks in the proxy, we design an authenticated Merkle B-tree that leverages features of Intel SGX (protected memory, direct access to unprotected memory from enclave code, and CPU parallelism) to implement several novel optimizations based on caching, concurrency, and compression. On standard YCSB and Visa transaction workloads, we observe an average overhead of 2.8x in throughput and 2.5x in latency, compared to the (insecure) system with no integrity checks — using CPU parallelism, we bring the throughput overhead down to 1.05x. Thus, VeritasDB provides an order of magnitude improvement over existing techniques for integrity verification.
Second, I will discuss a novel use of verifiable machine learning, where we construct a trustworthy mechanism, called RemoteGate, which allows any party on the Internet to configure a security gateway owned by a second party, at a certain agreed-upon reward that the former pays to the latter. We take an interactive incentive-compatible approach, for the case when both the server and the gateway are rational, to devise a protocol that will allow the server to help the security gateway generate and deploy a policy rule that filters the attack packets before they reach the server. The server will reward the gateway only when the latter can successfully verify that it has generated and deployed the correct rule for the issue. This mechanism will enable an Internet-scale approach to improving security and privacy, backed by digital payment incentives.