Scalable persistent data protection with hardware trusted execution

Abstract

The shielded computation of hardware-based trusted execution environments such as Intel Software Guard Extensions (SGX) can provide secure cloud computing on remote systems under untrusted privileged system software. This dissertation proposes two mechanisms to provide efficient data protection using Intel SGX. First, the dissertation proposes a key-value store called ShieldStore, to alleviate the limitation of SGX. Hardware overheads for securing protected memory using SGX restrict its capacity to a modest size of several tens of megabytes and more demands for protected memory beyond the limit cause costly page re-mappings. Although one of the widely used applications beneting from the enhanced security of SGX, is the in-memory key-value store, its memory requirements are far larger than the memory limit. Furthermore, the main data structures commonly use fine-grained data items such as pointers and keys, which do not match well with the coarse-grained page re-mapping of the SGX. To overcome the memory restriction, this study proposes ShieldStore with application-specific data security management. ShieldStore maintains the main data structures in unprotected memory with each key-value pair individually encrypted and integrity-protected by its secure component running inside an enclave. Second, the dissertation proposes a new library called ShieldNVM, to support trusted crash consistency support for persistent memory using SGX. Emerging non-volatile main memory (NVMM) provides byte-addressable memory with persistency, which can retain data even after a power failure or a system crash. However, under the presence of cache hierarchy and out-of-order execution, crash consistency is required to provide consistent recovery of data structures across system crashes. In addition to the consistency support, the security of the data stored in persistent memory has become critical, as the non-volatile nature of the persistent memory exposes its content across power cycles. ShieldNVM uses the shielded execution of SGX to protect the critical security functions for the crash consistency support of NVM-resident data. ShieldNVM can not only encrypt and integrity-protect the data but also ensure crash consistency for the persistent memory. To support such trusted crash consistency, ShieldNVM addresses three main challenges. First, log writes for consistency support must be protected by encryption and integrity protection. Second, the crash consistency of security meta-data must be preserved across system failures. Finally, the persistently stored data must be sealed to be protected from potential rollback attacks. This study shows the design and implementation of ShieldNVM for supporting the secure transactional execution for NVMM. Our evaluation identifies the critical performance bottleneck of the monotonic counter required for preventing rollback attacks.