BROFY: Towards Essential Integrity Protection for Microservices

Research output: Contribution to conferencesPaperContributedpeer-review

Abstract

Trusted computing has emerged as one of the main components in a critical microservice application. A powerful adversary such as the cloud provider could harm its integrity by altering the application's code, behavior, and memory. Numerous attempts to preserve application integrity have been made, especially using Trusted Execution Environments (TEE). However, recent studies show that a CPU bitflip, which both adversary or faulty hardware can trigger, may invalidate its integrity despite being executed inside TEE. In the form of Silent Data Corruption (SDC), this bitflip may come undetected and shamble the trust built in a distributed system. We present BROFY, a toolchain that makes the program reliably perform correct computation inside the Intel SGX enclave that already provides code and memory integrity protection out-of-the-box. BROFY is compatible with multiple programming languages, needs no specific requirements or changes on the codebase, and offers a configurable trade-off between recovery ability and performance. We tested BROFY against actual bitflips by undervolting CPU, and our results show a significant decrease in irrecoverable failure rate from 96.7% to 0.5%, with a 100% detection rate inside an SGX enclave. Our experiment shows that programs armored by BROFY, compared to native execution, have 84% overhead on average based on the computation-intensive Starbench benchmark and only 3% overhead on a multithreaded HTTP server application written in C.

Details

Original languageEnglish
Pages154-163
Number of pages10
Publication statusPublished - 2021
Peer-reviewedYes

Conference

Title2021 40th International Symposium on Reliable Distributed Systems
Abbreviated titleSRDS 2021
Conference number40
Duration20 - 23 September 2021
Website
CityChicago
CountryUnited States of America

External IDs

Scopus 85123012177
Mendeley 4424013b-9e97-3819-bd00-a163453d39dd

Keywords

Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards

Keywords

  • Benchmark testing, Bitflips, Codes, Distributed databases, Fault tolerance, Integrity, Intel SGX, Reliability, Runtime, TEE, Trusted Computing, cloud computing, performance measurement, BROFY, Benchmark testing, Bitflips, C language, Codes, Distributed databases, Fault Tolerance, Hardware, Intel SGX, Reliability, Runtime, TEE, Trusted computing, cloud computing, data integrity, hypermedia, microprocessor chips, multiprocessing systems, performance measurement, trusted computing, Trusted Computing, Fault tolerance, Performance measurement, Integrity