Venue | Category |
---|---|
EuroSys'19 | SGX |
ShieldStore: Shielded In-memory Key-Value Storage with SGX1. SummaryMotivation of this paperShieldStoreImplementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights (Future work)
Motivation
This paper wants to overcome the memory restriction.
maintain the main data structures in unprotected memory with each key-value pair individually encrypted integrity-protected by its secure component running inside an enclave.
SGX basis
one major limitation of SGX: the capacity of the protected memory region, enclave page cache (EPC). (128MB)
If enclave memory usage is larger than the EPC limit, some pages are evicted from EPC, and remapped to the non-EPC memory region with page granularity encryption and integrity protection.
Performance penalty: demand paging step which maps the page back to the secure region along with the eviction of another victim page.
The data in EPC are in plaintext only in on-chip caches, and they are encrypted and integrity-protected when are in the external memory.
Creating a huge Merkle tree for tens or hundreds of gigabytes of main memory at cacheline granularity will increase the integrity verification latency intolerably.
the effective EPC is smaller than the 128MB reserved region (in practice around 90MB) due to security meta-data.
Cost of crossing enclave boundary
Main idea
Architecture
verifying the SGX support of the processor, the code, and other critical memory state of an enclave.
Clients do not directly access the ciphertexts on the server side
the server in the enclave will decrypt the retrieved data encrypt them again with the session key used for the client, send the response to the client
The performance degradation of accessing enclave memory pages when the enclave memory size exceeds the EPC limit. (read and write)
Three types
Employ a hash-based index structure, and use chaining to resolve collisions in hash-based index.
store the entire hash table in the enclave memory. As the EPC region can cover only a small portion of the total database size, a data access can cause page eviction and demand paging between an EPC page and non-EPC page.
SheildStore Design
Overall architecture:
Fine-grained Key-value encryption
Integrity verification
Persistency Support (seal secure meta-data in the enclave)
Optimizations
Extra Heap Allocator
MAC bucketing
Multi-threading
Searching encrypted key
Workloads
Evaluation
the cost of receiving requests and sending responses through the socket interfaces using HotCalls