BROFY: Towards Essential Integrity Protection for Microservices
Publikation: Beitrag zu Konferenzen › Paper › Beigetragen › Begutachtung
Beitragende
Abstract
Trusted computing has emerged as one of the main components in a critical microservice application. A powerful adversary such as the cloud provider could harm its integrity by altering the application's code, behavior, and memory. Numerous attempts to preserve application integrity have been made, especially using Trusted Execution Environments (TEE). However, recent studies show that a CPU bitflip, which both adversary or faulty hardware can trigger, may invalidate its integrity despite being executed inside TEE. In the form of Silent Data Corruption (SDC), this bitflip may come undetected and shamble the trust built in a distributed system. We present BROFY, a toolchain that makes the program reliably perform correct computation inside the Intel SGX enclave that already provides code and memory integrity protection out-of-the-box. BROFY is compatible with multiple programming languages, needs no specific requirements or changes on the codebase, and offers a configurable trade-off between recovery ability and performance. We tested BROFY against actual bitflips by undervolting CPU, and our results show a significant decrease in irrecoverable failure rate from 96.7% to 0.5%, with a 100% detection rate inside an SGX enclave. Our experiment shows that programs armored by BROFY, compared to native execution, have 84% overhead on average based on the computation-intensive Starbench benchmark and only 3% overhead on a multithreaded HTTP server application written in C.
Details
Originalsprache | Englisch |
---|---|
Seiten | 154-163 |
Seitenumfang | 10 |
Publikationsstatus | Veröffentlicht - 2021 |
Peer-Review-Status | Ja |
Konferenz
Titel | 2021 40th International Symposium on Reliable Distributed Systems |
---|---|
Kurztitel | SRDS 2021 |
Veranstaltungsnummer | 40 |
Dauer | 20 - 23 September 2021 |
Webseite | |
Stadt | Chicago |
Land | USA/Vereinigte Staaten |
Externe IDs
Scopus | 85123012177 |
---|---|
Mendeley | 4424013b-9e97-3819-bd00-a163453d39dd |
Schlagworte
Forschungsprofillinien der TU Dresden
DFG-Fachsystematik nach Fachkollegium
ASJC Scopus Sachgebiete
Schlagwörter
- Benchmark testing, Bitflips, Codes, Distributed databases, Fault tolerance, Integrity, Intel SGX, Reliability, Runtime, TEE, Trusted Computing, cloud computing, performance measurement, BROFY, Benchmark testing, Bitflips, C language, Codes, Distributed databases, Fault Tolerance, Hardware, Intel SGX, Reliability, Runtime, TEE, Trusted computing, cloud computing, data integrity, hypermedia, microprocessor chips, multiprocessing systems, performance measurement, trusted computing, Trusted Computing, Fault tolerance, Performance measurement, Integrity