Paper 2016/1063
LPAD: Building Secure Enclave Storage using Authenticated Log-Structured Merge Trees
Yuzhe (Richard) Tang, Ju Chen
Abstract
With the advent of commercial trusted execution environments (e.g., Intel Software Guard eXtension or SGX), an important research task is building trustworthy software systems based on the TEE, which will enable a wide range of security applications on the third-party cloud. This work aims at building secure and high-performance storage systems for safe data outsourcing. It considers as storage substrate modern key-value stores, such as Google LevelDB, that adopt the design of log-structured merge trees (LSM). We propose Log-structured Persistent Authen- ticated Dictionary (LPAD), a security protocol that specifies the workflow of an LSM tree for the Intel SGX architecture. We build a secure storage system following the LPAD protocol and based on Google LevelDB. When building the system, we study a range of software-partitioning strategies that make the tradeoff between performance overhead and the size of trusted computing base. We evaluate the LPAD storage for three salient features: formal security in terms of strong data authenticity, low performance overhead and small trusted computing base (TCB). On the latter two aspects, our evaluation shows that 1) the LPAD-based system has a small trusted program. 2) The performance overhead is low with a typical 12% ∼ 40% slowdown.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- SGXTEEhash functionsauthentication codes
- Contact author(s)
- ytang100 @ syr edu
- History
- 2019-08-13: last of 5 revisions
- 2016-11-15: received
- See all versions
- Short URL
- https://ia.cr/2016/1063
- License
-
CC BY