BROFY: Towards Essential Integrity Protection for Microservices
Research output: Contribution to conferences › Paper › Contributed › peer-review
Contributors
Abstract
Trusted computing has emerged as one of the main components in a critical microservice application. A powerful adversary such as the cloud provider could harm its integrity by altering the application's code, behavior, and memory. Numerous attempts to preserve application integrity have been made, especially using Trusted Execution Environments (TEE). However, recent studies show that a CPU bitflip, which both adversary or faulty hardware can trigger, may invalidate its integrity despite being executed inside TEE. In the form of Silent Data Corruption (SDC), this bitflip may come undetected and shamble the trust built in a distributed system. We present BROFY, a toolchain that makes the program reliably perform correct computation inside the Intel SGX enclave that already provides code and memory integrity protection out-of-the-box. BROFY is compatible with multiple programming languages, needs no specific requirements or changes on the codebase, and offers a configurable trade-off between recovery ability and performance. We tested BROFY against actual bitflips by undervolting CPU, and our results show a significant decrease in irrecoverable failure rate from 96.7% to 0.5%, with a 100% detection rate inside an SGX enclave. Our experiment shows that programs armored by BROFY, compared to native execution, have 84% overhead on average based on the computation-intensive Starbench benchmark and only 3% overhead on a multithreaded HTTP server application written in C.
Details
Original language | English |
---|---|
Pages | 154-163 |
Number of pages | 10 |
Publication status | Published - 2021 |
Peer-reviewed | Yes |
Conference
Title | 2021 40th International Symposium on Reliable Distributed Systems |
---|---|
Abbreviated title | SRDS 2021 |
Conference number | 40 |
Duration | 20 - 23 September 2021 |
Website | |
City | Chicago |
Country | United States of America |
External IDs
Scopus | 85123012177 |
---|---|
Mendeley | 4424013b-9e97-3819-bd00-a163453d39dd |
Keywords
Research priority areas of TU Dresden
DFG Classification of Subject Areas according to Review Boards
ASJC Scopus subject areas
Keywords
- Benchmark testing, Bitflips, Codes, Distributed databases, Fault tolerance, Integrity, Intel SGX, Reliability, Runtime, TEE, Trusted Computing, cloud computing, performance measurement, BROFY, Benchmark testing, Bitflips, C language, Codes, Distributed databases, Fault Tolerance, Hardware, Intel SGX, Reliability, Runtime, TEE, Trusted computing, cloud computing, data integrity, hypermedia, microprocessor chips, multiprocessing systems, performance measurement, trusted computing, Trusted Computing, Fault tolerance, Performance measurement, Integrity