BROFY: Towards Essential Integrity Protection for Microservices

Publikation: Beitrag zu KonferenzenPaperBeigetragenBegutachtung


Trusted computing has emerged as one of the main components in a critical microservice application. A powerful adversary such as the cloud provider could harm its integrity by altering the application's code, behavior, and memory. Numerous attempts to preserve application integrity have been made, especially using Trusted Execution Environments (TEE). However, recent studies show that a CPU bitflip, which both adversary or faulty hardware can trigger, may invalidate its integrity despite being executed inside TEE. In the form of Silent Data Corruption (SDC), this bitflip may come undetected and shamble the trust built in a distributed system. We present BROFY, a toolchain that makes the program reliably perform correct computation inside the Intel SGX enclave that already provides code and memory integrity protection out-of-the-box. BROFY is compatible with multiple programming languages, needs no specific requirements or changes on the codebase, and offers a configurable trade-off between recovery ability and performance. We tested BROFY against actual bitflips by undervolting CPU, and our results show a significant decrease in irrecoverable failure rate from 96.7% to 0.5%, with a 100% detection rate inside an SGX enclave. Our experiment shows that programs armored by BROFY, compared to native execution, have 84% overhead on average based on the computation-intensive Starbench benchmark and only 3% overhead on a multithreaded HTTP server application written in C.


PublikationsstatusVeröffentlicht - 2021


Titel2021 40th International Symposium on Reliable Distributed Systems (SRDS)
Dauer20 - 23 September 2021
LandUSA/Vereinigte Staaten

Externe IDs

Scopus 85123012177


Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium


  • Trusted Computing, Bitflips, Integrity, TEE, Fault tolerance, performance measurement, Intel SGX, Codes, Runtime, Distributed databases, Benchmark testing, Reliability, cloud computing, Trusted computing, Runtime, Distributed databases, Benchmark testing, Hardware, Codes, Reliability, C language, cloud computing, data integrity, hypermedia, microprocessor chips, multiprocessing systems, trusted computing, BROFY, Bitflips, TEE, Fault Tolerance, performance measurement, Intel SGX