pubs:securekeeper

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

pubs:securekeeper [2018-06-03 14:10]
pubs:securekeeper [2018-06-03 14:10] (current)
Line 1: Line 1:
 +====== SecureKeeper: Confidential ZooKeeper using Intel SGX ======
  
 +==== Authors ====
 +  * Stefan Brenner, IBR DS, TU Braunschweig
 +  * Colin Wulf, IBR DS, TU Braunschweig
 +  * David Goltzsche, IBR DS, TU Braunschweig
 +  * Nico Weichbrodt, IBR DS, TU Braunschweig
 +  * Matthias Lorenz, IBR DS, TU Braunschweig
 +  * Christof Fetzer, TU Dresden
 +  * Peter Pietzuch, LSDS, Imperial College London
 +  * Rüdiger Kapitza, IBR DS, TU Braunschweig
 +
 +==== Abstract ====
 +
 +Cloud computing, while ubiquitous, still suffers from trust
 +issues, especially for applications managing sensitive data.
 +Third-party coordination services such as ZooKeeper and
 +Consul are fundamental building blocks for cloud applications,
 +but are exposed to potentially sensitive application
 +data. Recently, hardware trust mechanisms such as Intel’s
 +Software Guard Extensions (SGX) offer trusted execution
 +environments to shield application data from untrusted software,
 +including the privileged Operating System (OS) and
 +hypervisors. Such hardware support suggests new options
 +for securing third-party coordination services.
 +
 +We describe SecureKeeper, an enhanced version of the
 +ZooKeeper coordination service that uses SGX to preserve
 +the confidentiality and basic integrity of ZooKeepermanaged
 +data. SecureKeeper uses multiple small enclaves
 +to ensure that (i) user-provided data in ZooKeeper is always
 +kept encrypted while not residing inside an enclave,
 +and (ii) essential processing steps that demand plaintext access
 +can still be performed securely. SecureKeeper limits
 +the required changes to the ZooKeeper code base and relies
 +on Java’s native code support for accessing enclaves.
 +With an overhead of 11%, the performance of SecureKeeper
 +with SGX is comparable to ZooKeeper with secure communication,
 +while providing much stronger security guarantees
 +with a minimal trusted code base of a few thousand lines of
 +code.
 +
 +==== Download ====
 +{{ :pubs:2016-middleware-brenner-securekeeper.pdf |}}
  • pubs/securekeeper.txt
  • Last modified: 2018-06-03 14:10
  • (external edit)