Enabling Strong Database Integrity using Trusted Execution Environments

Immutable and consistent sharing of data across organization boundaries enabl es a new class of applications. Because conventional datastores cannot provide this functionality, blockchain s have been proposed as one possible solution. Yet public blockchains are energy inefficient, hard to scale and suffer from limited throughput and high latencies, while permissioned blockchains depend on specially designated nodes, potentially le ak meta-information, and also suffer from scale and performance bottlenecks. This paper presents CreDB, a datastore that provides blockchain-like guarante es of integrity using trusted execution environments. CreDB employs three novel mechanisms to support a new class of applications. First, it creates a permanent record of every transaction, known as a witness , that clients can then use not only to audit the database, but to prove to thi rd parties that desired actions took place. Second, it associates with every object an inseparable and inviolable securit y policy, which not only performs access control but enables the datastore to i mplement state machines whose behavior is amenable to analysis. Finally, CreDB provides a protected function evaluation mechanism that allows integrity-protected computation over private data. The paper describes these mechanisms, and the applications they collectively enable, in detail. We have fully implemented CreDB on Intel SGX. Evaluation shows that these new mechanisms do not adversely affect performance.

[1]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[2]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[3]  Xin Qi,et al.  Fabric: a platform for secure distributed computation and storage , 2009, SOSP '09.

[4]  Scott Shenker,et al.  Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[5]  Michael Hicks,et al.  Fable: A Language for Enforcing User-defined Security Policies , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[6]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[7]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[8]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[9]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[10]  Andrew C. Myers,et al.  Fabric: Building open distributed systems securely by construction , 2017, J. Comput. Secur..

[11]  Emin Gün Sirer,et al.  Teechan: Payment Channels Using Trusted Execution Environments , 2016, ArXiv.

[12]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[13]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[14]  Fan Zhang,et al.  REM: Resource-Efficient Mining for Blockchains , 2017, IACR Cryptol. ePrint Arch..

[15]  Ariel J. Feldman,et al.  SPORC: Group Collaboration using Untrusted Cloud Resources , 2010, OSDI.

[16]  Emin Gün Sirer,et al.  Kronos: the design and implementation of an event ordering service , 2014, EuroSys '14.

[17]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[18]  Emin Gün Sirer,et al.  KARMA : A Secure Economic Framework for Peer-to-Peer Resource Sharing , 2003 .

[19]  Johannes Gehrke,et al.  Guardat: enforcing data policies at the storage layer , 2015, EuroSys.

[20]  Cynthia Dwork,et al.  Ask a Better Question, Get a Better Answer A New Approach to Private Data Analysis , 2007, ICDT.

[21]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[22]  David Mazières,et al.  Beyond One-Third Faulty Replicas in Byzantine Fault Tolerant Systems , 2007, NSDI.

[23]  J. T. Robinson,et al.  On optimistic methods for concurrency control , 1979, TODS.

[24]  Mark Silberstein,et al.  Eleos: ExitLess OS Services for SGX Enclaves , 2017, EuroSys.

[25]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[26]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[27]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[28]  Warren He,et al.  Proof of Luck: an Efficient Blockchain Consensus Protocol , 2016, SysTEX@Middleware.

[29]  Jacob R. Lorch,et al.  TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[30]  Ken Eguro,et al.  Concerto: A High Concurrency Key-Value Store with Integrity , 2017, SIGMOD Conference.

[31]  Shawn Wilkinson MetaDisk A Blockchain-Based Decentralized File Storage Application , 2014 .

[32]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[33]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[34]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[35]  Emin Gün Sirer,et al.  Logical attestation: an authorization architecture for trustworthy computing , 2011, SOSP.

[36]  Ramarathnam Venkatesan,et al.  Orthogonal Security with Cipherbase , 2013, CIDR.

[37]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[38]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[39]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[40]  Jeffrey S. Chase,et al.  Strong accountability for network storage , 2007, TOS.

[41]  Elaine Shi,et al.  Practical dynamic proofs of retrievability , 2013, CCS.

[42]  Andrew C. Myers,et al.  SIF: Enforcing Confidentiality and Integrity in Web Applications , 2007, USENIX Security Symposium.

[43]  Andrew Lippman,et al.  A Case Study for Blockchain in Healthcare : “ MedRec ” prototype for electronic health records and medical research data , 2016 .

[44]  Elaine Shi,et al.  On Scaling Decentralized Blockchains - (A Position Paper) , 2016, Financial Cryptography Workshops.

[45]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[46]  Christian Cachin,et al.  Architecture of the Hyperledger Blockchain Fabric , 2016 .

[47]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[48]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.