OmniShield
Confidential computing is an effective technology of protecting data privacy. It has been widely applied in big data analytics. OmniShield is a plugin of the big data engine Spark and provides the data source encryption and decryption functions. It protects data in use by executing the computing process in the trusted execution environment (TEE) of basic hardware. OmniShield ensures data security throughout the entire computing link.
With the plugin mechanism provided by Spark, OmniShield implements encryption and decryption of row-based data sources (CSV, JSON, and TXT) in DataFrame and Spark-SQL scenarios, and supports the AES/GCM and SM4/GCM algorithms. With the introduction of additional JAR packages, OmniShield encrypts and decrypts column-based data sources (ORC) in Spark-SQL scenarios, and supports the SM4/GCM algorithms. The confidential computing trusted execution environment (TEE) kit provides security protection for data that is being processed.
OmniShield performance data
Based on the 99 TPC-DS benchmark test cases defined by the Big Data Alliance, the performance loss caused by the full-computing link security protection provided by OmniShield does not exceed 20% of the average performance of physical machines.
