CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing
Publikation: Beitrag zu Konferenzen › Paper › Beigetragen › Begutachtung
Beitragende
Abstract
Trusted execution environments (TEEs) protect the integrity and confidentiality of running code and its associated data. Nevertheless, TEEs' integrity protection does not extend to the state saved on disk. Furthermore, modern cloud-native applications heavily rely on orchestration (e.g., through systems such as Kubernetes) and, thus, have their services frequently restarted. During restarts, attackers can revert the state of confidential services to a previous version that may aid their malicious intent. This paper presents CRISP, a rollback protection mechanism that uses an existing runtime for Intel SGX and transparently prevents rollback. Our approach can constrain the attack window to a fixed and short period or give developers the tools to avoid the vulnerability window altogether. Finally, experiments show that applying CRISP in a critical stateful cloud-native application may incur a resource increase but only a minor performance penalty.
Details
Originalsprache | Englisch |
---|---|
Publikationsstatus | Angenommen/Im Druck - 2024 |
Peer-Review-Status | Ja |
Konferenz
Titel | 2024 IEEE 17th International Conference on Cloud Computing |
---|---|
Kurztitel | IEEE CLOUD 2024 |
Veranstaltungsnummer | 17 |
Beschreibung | at the 2024 IEEE WORLD CONGRESS ON SERVICES |
Dauer | 7 - 13 Juli 2024 |
Webseite | |
Ort | Intercontinental Shenzhen Hotel |
Stadt | Shenzhen |
Land | China |