You are looking at a specific version 20180426:195837 of this paper. See the latest version.

Paper 2016/1063

LPAD: Building Secure Enclave Storage using Authenticated Log-Structured Merge Trees

Yuzhe (Richard) Tang, Ju Chen

Abstract

With the advent of commercial trusted execution environments (e.g., Intel Software Guard eXtension or SGX), an important research task is building trustworthy software systems based on the TEE, which will enable a wide range of security applications on the third-party cloud. This work aims at building secure and high-performance storage systems for safe data outsourcing. It considers as storage substrate modern key-value stores, such as Google LevelDB, that adopt the design of log-structured merge trees (LSM). We propose Log-structured Persistent Authen- ticated Dictionary (LPAD), a security protocol that specifies the workflow of an LSM tree for the Intel SGX architecture. We build a secure storage system following the LPAD protocol and based on Google LevelDB. When building the system, we study a range of software-partitioning strategies that make the tradeoff between performance overhead and the size of trusted computing base. We evaluate the LPAD storage for three salient features: formal security in terms of strong data authenticity, low performance overhead and small trusted computing base (TCB). On the latter two aspects, our evaluation shows that 1) the LPAD-based system has a small trusted program. 2) The performance overhead is low with a typical 12% ∼ 40% slowdown.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
SGXTEEhash functionsauthentication codes
Contact author(s)
ytang100 @ syr edu
History
2019-08-13: last of 5 revisions
2016-11-15: received
See all versions
Short URL
https://ia.cr/2016/1063
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.