Venue | Category |
---|---|
Middleware'19 | SGX Storage |
EnclaveCache: A Secure and Scalable Key-Value Cache in Multi-tenant Clouds using Intel SGX1. SummaryMotivation of this paperEnclaveCacheImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
Motivation
In-memory key-value caches such as Redis and Memcached have been widely used to speed up web application and reduce the burden on backend database.
Data security is still a major concern, which affects the adoption of cloud caches (multi-tenant environment)
Limitation of existing approaches
virtualization and containerization technologies
adopt property-preserving encryption to enable query processing over encrypted data
Threat model
Main idea
enforce data isolation among co-located tenants using multiple SGX
securely guard the encryption key of each tenant by the enclave
key question: how to utilize SGX enclaves to realize secure key-value caches within the limited trusted memory
Key design decisions
tenant isolation
each tenant gets a separate enclave as a secret container
data protection
Cache isolation
application container: support un-modified applications inside enclaves (bad scalability
)
data container: hosting only each tenant's data in a dedicated enclave (oversubscribe the SGX resources
)
secret container: storing only the sensitive information as well as the critical code into enclaves (this paper design
)
Architecture
The TLS connection is terminated inside the enclave
Encryption engine inside then secret enclave is responsible for encrypting the sensitive fields of the requests passed from the TLS server endpoint.
The encryption key used by the encryption engine is acquired by the Key Request Module (KRM) from a Key Distribution Center (KDC).
Key distribution and management
Each tenant is bound with a unique encryption key for the encryption/decryption of tenant's data stored outside the enclave.
Every newly-created secret enclave has to go through RA procedure to be attested and provisioned
the encryption key can be stored securely and persistently in the local disk
Query processing
only the sensitive fields of a message, such as the key/value field, need to be protected via encryption.
bind the key and value
appends the hash of the key to its corresponding value, and the encryption is then performed on the newly generated value
query with the encrypted key
Implementation
mbedtls-sgx: AES-128, SHA-256
Tenant isolation
per-tenant LRU for shared multi-tenant cache management strategy
bind each tenant with a logical database to enable the per-tenant LRU strategy
switchless call to optimize the performance
Evaluation
four instances: redis + stunnel, EnclaveCache + switchless, EnclaveCache, Graphene-SGX + redis
YCSB benchmark suite
leverage trusted hardware to solve the problem of tenant isolation and data protection in multi-tenant clouds.
adopts fine-grained, tenant-specific key-value encryption in SGX enclaves to overcome the limit of SGX
.
Extensive evaluation
Issues of encrypted data stored outside the enclaves
Security issues in multi-tenants environment
SGX attach surface
processor
and the software inside enclaves
.