The publish/subscribe(pub/sub) is an asynchronous messaging service or content distribution framework. For the idempotency it provides, pub/sub diagram is an efficient solution for large-scale content distributing systems, thus it is widely used in stock exchange systems or e-Health content sharing systems. Some wide-area applications require cross-domain pub/sub service, making it a natural choice to deploy on the public cloud. However, it would bring about security and privacy issues. Recent research proposes security enhancements to prevent thefts, such as searchable data encryption and attribute-based encryption, which allow the matching process to perform encrypted matching without learning the content of the publications and subscriptions. Besides the considerable performance loss, they could not resist the collusion attacks. If the malicious brokers collude with a malicious publisher or subscriber in a cross-domain environment, they can still infer the subscriptions of benign subscribers. We propose the MagikCube framework that provides confidentiality and integrity of the contents and also protects the privacy of the publishers and subscribers in cross-domain scenarios. Moreover, MagikCube can also resist the collusion attacks from malicious brokers in a cross-domain environment. It achieves these security goals by dynamically selecting and placing the sensitive data and some necessary components in enclaves protected by trusted hardware such as Intel SGX. Our experiment result shows that, compared with the baseline model, MagikCube does not introduce much overhead loss when providing better security for all the participants in the pub/sub system.