Paper 2023/761
Nimble: Rollback Protection for Confidential Cloud Services (extended version)
Abstract
This paper introduces Nimble, a cloud service that helps applications running in trusted execution environments (TEEs) to detect rollback attacks (i.e., detect whether a data item retrieved from persistent storage is the latest version). To achieve this, Nimble realizes an append-only ledger service by employing a simple state machine running in a TEE in conjunction with a crash fault-tolerant storage service. Nimble then replicates this trusted state machine to ensure the system is available even if a minority of state machines crash. A salient aspect of Nimble is a new reconfiguration protocol that allows a cloud provider to replace the set of nodes running the trusted state machine whenever it wishes—without affecting safety. We have formally verified Nimble’s core protocol in Dafny, and have implemented Nimble such that its trusted state machine runs in multiple TEE platforms (Intel SGX and AMD SNP-SEV). Our results show that a deployment of Nimble on machines running in different availability zones can achieve from tens of thousands of requests/sec with an end-to-end latency of under 3.2 ms (based on an in-memory key-value store) to several thousands of requests/sec with a latency of 30ms (based on Azure Table).
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. USENIX OSDI
- Keywords
- confidential computingrollback protection
- Contact author(s)
- srinath @ microsoft com
- History
- 2023-05-30: approved
- 2023-05-25: received
- See all versions
- Short URL
- https://ia.cr/2023/761
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/761, author = {Sebastian Angel and Aditya Basu and Weidong Cui and Trent Jaeger and Stella Lau and Srinath Setty and Sudheesh Singanamalla}, title = {Nimble: Rollback Protection for Confidential Cloud Services (extended version)}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/761}, year = {2023}, url = {https://eprint.iacr.org/2023/761} }