More Web Proxy on the site http://driver.im/

research-article

SecureKeeper: Confidential ZooKeeper using Intel SGX

Authors:

Stefan Brenner,

David Goltzsche,

Nico Weichbrodt,

Matthias Lorenz,

Christof Fetzer,

Peter Pietzuch,

Rüdiger KapitzaAuthors Info & Claims

Middleware '16: Proceedings of the 17th International Middleware Conference

Article No.: 14, Pages 1 - 13

https://doi.org/10.1145/2988336.2988350

Published: 28 November 2016 Publication History

Abstract

Cloud computing, while ubiquitous, still suffers from trust issues, especially for applications managing sensitive data. Third-party coordination services such as ZooKeeper and Consul are fundamental building blocks for cloud applications, but are exposed to potentially sensitive application data. Recently, hardware trust mechanisms such as Intel's Software Guard Extensions (SGX) offer trusted execution environments to shield application data from untrusted software, including the privileged Operating System (OS) and hypervisors. Such hardware support suggests new options for securing third-party coordination services.

We describe SecureKeeper, an enhanced version of the ZooKeeper coordination service that uses SGX to preserve the confidentiality and basic integrity of ZooKeeper-managed data. SecureKeeper uses multiple small enclaves to ensure that (i) user-provided data in ZooKeeper is always kept encrypted while not residing inside an enclave, and (ii) essential processing steps that demand plaintext access can still be performed securely. SecureKeeper limits the required changes to the ZooKeeper code base and relies on Java's native code support for accessing enclaves. With an overhead of 11%, the performance of SecureKeeper with SGX is comparable to ZooKeeper with secure communication, while providing much stronger security guarantees with a minimal trusted code base of a few thousand lines of code.

References

[1]

IDC, Worldwide Cloud IT Infrastructure Market Growth Expected to Accelerate {...} http://www.idc.com/getdoc.jsp?containerId=prUS25576415, 2015.

[2]

K. R. Jayaram, D. Safford, U. Sharma, V. Naik, D. Pendarakis, and S. Tao, Trustworthy Geographically Fenced Hybrid Clouds, Middleware, 2014.

Digital Library

[3]

S. Pearson and A. Benameur, Privacy, Security and Trust Issues Arising from Cloud Computing, CloudCom, 2010.

Digital Library

[4]

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, Innovative Instructions and Software Model for Isolated Execution, HASP, 2013.

Digital Library

[5]

M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo, Using Innovative Instructions to Create Trustworthy Software Solutions, HASP, 2013.

Digital Library

[6]

A. Baumann, M. Peinado, and G. Hunt, Shielding Applications from an Untrusted Cloud with Haven, OSDI, 2014.

Digital Library

[7]

Synopsys, Inc., Open Source Report 2014, http://go.coverity.com/rs/157-LQW-289/images/2014-Coverity-Scan-Report.pdf, 2014.

[8]

Spotify AB, Sparkey, https://github.com/spotify/sparkey-java.

[9]

Apache HTTP Server Project, Apache HTTP Server, https://httpd.apache.org/, 2016.

[10]

Eclipse Foundation, Jetty, http://www.eclipse.org/jetty/, 2015.

[11]

W. Reese, Nginx: the High-Performance Web Server and Reverse Proxy, Linux Journal, vol. 2008, no. 173, 2008.

Digital Library

[12]

P. Hunt, M. Konar, F. Junqueira, and B. Reed, ZooKeeper: Wait-Free Coordination for Internet-Scale Systems, USENIXATC, 2010.

Digital Library

[13]

Intel Software Guard Extensions (Intel SGX) SDK, https://software.intel.com/sgx-sdk.

[14]

F. P. Junqueira, B. C. Reed, and M. Serafini, Zab: High-performance broadcast for primary-backup systems, DSN, 2011.

Digital Library

[15]

F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich, VC3: Trustworthy Data Analytics in the Cloud Using SGX, SOSP, 2015.

Digital Library

[16]

Y. Xu, W. Cui, and M. Peinado, Controlled-channel attacks: Deterministic side channels for untrusted operating systems, IEEE, 2015.

Digital Library

[17]

CVE-ID: CVE-2016-0494. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2016-0494, 2016.

[18]

CVE-ID: CVE-2016-0687. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2016-0687, 2016.

[19]

CVE-ID: CVE-2016-3427. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2016-3427, 2016.

[20]

CVE-ID: CVE-2016-3443. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2016-3443, 2016.

[21]

I. Anati, S. Gueron, S. Johnson, and V. Scarlata, Innovative Technology for CPU Based Attestation and Sealing, HASP, 2013.

[22]

M. Halcrow, eCryptfs: An enterprise-class encrypted filesystem for linux, Proceedings of the 2005 Linux Symposium, 2005.

[23]

M. Castro, B. Liskov, et al., Practical Byzantine fault tolerance, vol. 99, 1999.

[24]

J. Beekman, J. Manferdelli, and D. Wagner, Attestation transparency: Building secure internet services for legacy clients, 2016.

[25]

A. Carroll, M. Juarez, J. Polk, and T. Leininger, Microsoft Palladium: A Business Overview, Microsoft Content Security Business Unit, 2002.

[26]

M. Peinado, Y. Chen, P. England, and J. Manferdelli, NGSCB: A Trusted Open System, Information Security and Privacy, 2004.

[27]

R. Ta-Min, L. Litty, and D. Lie, Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable, OSDI, 2006.

Digital Library

[28]

X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports, Overshadow: A Virtualization-based Approach to Retrofitting Protection in Commodity Operating Systems, ASPLOS, 2008.

Digital Library

[29]

J. Criswell, N. Dautenhahn, and V. Adve, Virtual Ghost: Protecting Applications from Hostile Operating Systems, ASPLOS, 2014.

Digital Library

[30]

Lindemann, M. and Perez, R. and Sailer, R. and van Doorn, L. and Smith, S.W., Building the IBM 4758 secure coprocessor, Computer, 2001.

Digital Library

[31]

Trusted Computing Group, Trusted Platform Module Main Specification. version 1.2.

[32]

S. Bajaj and R. Sion, TrustedDB: A Trusted Hardware Based Database with Privacy and Data Confidentiality, SIGMOD, 2011.

Digital Library

[33]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, Flicker: An Execution Infrastructure for TCB Minimization, EuroSys, 2008.

Digital Library

[34]

F. Zhang, J. Chen, H. Chen, and B. Zang, CloudVisor: Retrofitting Protection of Virtual Machines in Multitenant Cloud with Nested Virtualization, SOSP, 2011.

Digital Library

[35]

ARM Limited, ARM Security Technology - Building a Secure System using TrustZone Technology, 2009.

[36]

N. Santos, H. Raj, S. Saroiu, and A. Wolman, Using ARM Trustzone to Build a Trusted Language Runtime for Mobile Applications, ASPLOS, 2014.

Digital Library

[37]

R. Strackx, P. Philippaerts, and F. Vogels, Idea: Towards an Inverted Cloud, Engineering Secure Software and Systems, 2015.

[38]

P. Williams, R. Sion, and D. Shasha, The Blind Stone Tablet: Outsourcing Durability to Untrusted Parties, NDSS, 2009.

[39]

R. A. Popa, E. Stark, S. Valdez, J. Helfer, N. Zeldovich, and H. Balakrishnan, Building Web Applications on Top of Encrypted Data Using Mylar, NSDI, 2014.

Digital Library

[40]

S. Brenner, C. Wulf, and R. Kapitza, Running ZooKeeper Coordination Services in Untrusted Clouds, HotDep, 2014.

Digital Library

[41]

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan, CryptDB: Protecting Confidentiality with Encrypted Query Processing, SOSP, 2011.

Digital Library

Cited By

Wu MLi ZChen HZang BWang SYu LLi SSong H(2024)Toward an SGX-Friendly Java RuntimeIEEE Transactions on Computers10.1109/TC.2023.331840073:1(44-57)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TC.2023.3318400
Tanigassalame SPipereau YChader AToljaga JThomas G(2024)FastSGX: A Message-Passing Based Runtime for SGXAdvanced Information Networking and Applications10.1007/978-3-031-57916-5_7(74-85)Online publication date: 9-Apr-2024
https://doi.org/10.1007/978-3-031-57916-5_7
Bocci AForti SGuanciale RFerrari GBrogi A(2023)Secure Partitioning of Cloud Applications, with Cost Look-AheadFuture Internet10.3390/fi1507022415:7(224)Online publication date: 22-Jun-2023
https://doi.org/10.3390/fi15070224
Show More Cited By

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
SGX-Bomb: Locking Down the Processor via Rowhammer Attack
SysTEX'17: Proceedings of the 2nd Workshop on System Software for Trusted Execution

Intel Software Guard Extensions (SGX) provides a strongly isolated memory space, known as an enclave, for a user process, ensuring confidentiality and integrity against software and hardware attacks. Even the operating system and hypervisor cannot ...
Shielding Applications from an Untrusted Cloud with Haven

Today’s cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider’s staff and its globally distributed software/hardware platform not to expose any of their private data.

We introduce the notion of shielded ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

Middleware '16: Proceedings of the 17th International Middleware Conference

November 2016

280 pages

ISBN:9781450343008

DOI:10.1145/2988336

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

ACM: Association for Computing Machinery
USENIX Assoc: USENIX Assoc
IFIP

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 November 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Commission

Conference

Middleware '16

Sponsor:

ACM
USENIX Assoc

Middleware '16: 17th International Middleware Conference

December 12 - 16, 2016

Trento, Italy

Acceptance Rates

Overall Acceptance Rate 203 of 948 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

96
Total Citations
View Citations
890
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)8

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wu MLi ZChen HZang BWang SYu LLi SSong H(2024)Toward an SGX-Friendly Java RuntimeIEEE Transactions on Computers10.1109/TC.2023.331840073:1(44-57)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TC.2023.3318400
Tanigassalame SPipereau YChader AToljaga JThomas G(2024)FastSGX: A Message-Passing Based Runtime for SGXAdvanced Information Networking and Applications10.1007/978-3-031-57916-5_7(74-85)Online publication date: 9-Apr-2024
https://doi.org/10.1007/978-3-031-57916-5_7
Bocci AForti SGuanciale RFerrari GBrogi A(2023)Secure Partitioning of Cloud Applications, with Cost Look-AheadFuture Internet10.3390/fi1507022415:7(224)Online publication date: 22-Jun-2023
https://doi.org/10.3390/fi15070224
Howard HAlder FAshton EChamayou AClebsch SCosta MDelignat-Lavaud AFournet CJeffery AKerner MKounelis FKuppe MMaffre JRussinovich MWintersteiger C(2023)Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High AvailabilityProceedings of the VLDB Endowment10.14778/3626292.362630417:2(225-240)Online publication date: 1-Oct-2023
https://dl.acm.org/doi/10.14778/3626292.3626304
Du DYang BXia YChen H(2023)Accelerating Extra Dimensional Page Walks for Confidential ComputingProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614293(654-669)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614293
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Wang YZhang ZHe NZhong ZGuo SBao QLi DGuo YChen XMeng WJensen CCremers CKirda E(2023)SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic ExecutionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623213(2710-2724)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623213
Huh SShim MLee JWoo SKim HLee H(2023)DID We Miss Anything?: Towards Privacy-Preserving Decentralized ID ArchitectureIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.323595120:6(4881-4898)Online publication date: Nov-2023
https://doi.org/10.1109/TDSC.2023.3235951
Zhang ZZhang HWang JHu XLi JYu WYu PLi WCui BZhu GSood KWill BGuan H(2023)QKPT: Securing Your Private Keys in Cloud With Performance, Scalability and TransparencyIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.313740320:1(478-491)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3137403
Andrade DSilva JCorreia M(2023)I Can’t Escape Myself: Cloud Inter-Processor Attestation and Sealing using Intel SGX2023 IEEE 28th Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC59308.2023.00032(198-208)Online publication date: 24-Oct-2023
https://doi.org/10.1109/PRDC59308.2023.00032
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents