Differences
This shows you the differences between two versions of the page.
pubs:securekeeper [2017-09-29 20:52] weichbr created |
pubs:securekeeper [2018-06-03 14:10] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== SecureKeeper: | ||
- | ==== Authors ==== | ||
- | * Stefan Brenner, IBR DS, TU Braunschweig | ||
- | * Colin Wulf, IBR DS, TU Braunschweig | ||
- | * David Goltzsche, IBR DS, TU Braunschweig | ||
- | * Nico Weichbrodt, IBR DS, TU Braunschweig | ||
- | * Matthias Lorenz, IBR DS, TU Braunschweig | ||
- | * Christof Fetzer, TU Dresden | ||
- | * Peter Pietzuch, LSDS, Imperial College London | ||
- | * Rüdiger Kapitza, IBR DS, TU Braunschweig | ||
- | |||
- | ==== Abstract ==== | ||
- | |||
- | Cloud computing, while ubiquitous, still suffers from trust | ||
- | issues, especially for applications managing sensitive data. | ||
- | Third-party coordination services such as ZooKeeper and | ||
- | Consul are fundamental building blocks for cloud applications, | ||
- | but are exposed to potentially sensitive application | ||
- | data. Recently, hardware trust mechanisms such as Intel’s | ||
- | Software Guard Extensions (SGX) offer trusted execution | ||
- | environments to shield application data from untrusted software, | ||
- | including the privileged Operating System (OS) and | ||
- | hypervisors. Such hardware support suggests new options | ||
- | for securing third-party coordination services. | ||
- | |||
- | We describe SecureKeeper, | ||
- | ZooKeeper coordination service that uses SGX to preserve | ||
- | the confidentiality and basic integrity of ZooKeepermanaged | ||
- | data. SecureKeeper uses multiple small enclaves | ||
- | to ensure that (i) user-provided data in ZooKeeper is always | ||
- | kept encrypted while not residing inside an enclave, | ||
- | and (ii) essential processing steps that demand plaintext access | ||
- | can still be performed securely. SecureKeeper limits | ||
- | the required changes to the ZooKeeper code base and relies | ||
- | on Java’s native code support for accessing enclaves. | ||
- | With an overhead of 11%, the performance of SecureKeeper | ||
- | with SGX is comparable to ZooKeeper with secure communication, | ||
- | while providing much stronger security guarantees | ||
- | with a minimal trusted code base of a few thousand lines of | ||
- | code. | ||
- | |||
- | ==== Download ==== | ||
- | {{ : |