Differences
This shows you the differences between two versions of the page.
pubs:securekeeper [2018-06-03 14:10] |
pubs:securekeeper [2018-06-03 14:10] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== SecureKeeper: | ||
+ | ==== Authors ==== | ||
+ | * Stefan Brenner, IBR DS, TU Braunschweig | ||
+ | * Colin Wulf, IBR DS, TU Braunschweig | ||
+ | * David Goltzsche, IBR DS, TU Braunschweig | ||
+ | * Nico Weichbrodt, IBR DS, TU Braunschweig | ||
+ | * Matthias Lorenz, IBR DS, TU Braunschweig | ||
+ | * Christof Fetzer, TU Dresden | ||
+ | * Peter Pietzuch, LSDS, Imperial College London | ||
+ | * Rüdiger Kapitza, IBR DS, TU Braunschweig | ||
+ | |||
+ | ==== Abstract ==== | ||
+ | |||
+ | Cloud computing, while ubiquitous, still suffers from trust | ||
+ | issues, especially for applications managing sensitive data. | ||
+ | Third-party coordination services such as ZooKeeper and | ||
+ | Consul are fundamental building blocks for cloud applications, | ||
+ | but are exposed to potentially sensitive application | ||
+ | data. Recently, hardware trust mechanisms such as Intel’s | ||
+ | Software Guard Extensions (SGX) offer trusted execution | ||
+ | environments to shield application data from untrusted software, | ||
+ | including the privileged Operating System (OS) and | ||
+ | hypervisors. Such hardware support suggests new options | ||
+ | for securing third-party coordination services. | ||
+ | |||
+ | We describe SecureKeeper, | ||
+ | ZooKeeper coordination service that uses SGX to preserve | ||
+ | the confidentiality and basic integrity of ZooKeepermanaged | ||
+ | data. SecureKeeper uses multiple small enclaves | ||
+ | to ensure that (i) user-provided data in ZooKeeper is always | ||
+ | kept encrypted while not residing inside an enclave, | ||
+ | and (ii) essential processing steps that demand plaintext access | ||
+ | can still be performed securely. SecureKeeper limits | ||
+ | the required changes to the ZooKeeper code base and relies | ||
+ | on Java’s native code support for accessing enclaves. | ||
+ | With an overhead of 11%, the performance of SecureKeeper | ||
+ | with SGX is comparable to ZooKeeper with secure communication, | ||
+ | while providing much stronger security guarantees | ||
+ | with a minimal trusted code base of a few thousand lines of | ||
+ | code. | ||
+ | |||
+ | ==== Download ==== | ||
+ | {{ : |