Understanding the Latency-Security Tradeoff: TEE-based Confidential Computing for Streaming Workloads

Distributed streaming platforms such as Pravega, Kafka, and Pulsar are widely used for high-throughput, low latency data processing. As these platforms increasingly  handle sensitive data, ensuring data confidentiality and integrity becomes critical. Trusted Execution Environments (TEEs) offer secure computations that can be used on client-side processing, but their impact on performance must be carefully assessed. This study evaluates the write latency of Pravega clients running in TEEs compared to those in standard (non-secured) environments. We found that under typical workloads, TEE-based clients experience approximately 50% higher latency due to the overhead of secure executions. However, when data rates exceed 976 MB/s, the Pravega broker reaches its throughput limit, causing latency to spike for standard clients. In contrast, TEE-based clients exhibit more stable latency under these high-throughput conditions. These findings can be helpful for data architects, as systems highlight a trade-off: while latency may increase, the impact could be acceptable in certain scenarios given the enhanced security benefits.