About The Talk
Evolving IT landscapes of cloud computing and social media place great demands on networking services. Not only is performance (i.e. more bandwidth and low latency) required to accommodate with richer workloads involved, but also high-security assurances are also needed to win users’ trust so that they would decide to stay loyal to the services. Nonetheless, statistics have shown us that it is often challenging to achieve one goal, without compromising the other. On top of that, network applications’ security is still moderate, despite increasing awareness of risks and data breaches.
Ideally, network applications’ components should be separated logically into small compartments, so that a defect in one compartment cannot affect the others. Along this line of thought, recent works have adopted Intel SGX enclave, or SGX enclave, to protect parts of their applications. However, their designs still use a single enclave address space, sharing among application threads’ trusted computation. In a vulnerable multithreaded enclave application, a compromised thread’s enclave execution can tamper or steal enclave secrets of the other threads co-located in the same enclave. Retrofitting those multithreaded applications to use one enclave per thread is impractical. Besides, less attention has been paid to protecting network applications’ performance. As for those applications, not only should the protections not be detrimental to the performance, but also the high-performance property itself should become a target of protection. Current state-of-the-art systems use SGX enclaves to protect confidentiality and integrity of sensitive network computations against malicious system software. However, SGX-based systems suffer from cryptographic protection overhead because untrusted memory is mandated to store network packets. Hardware-based virtualization is a promising direction, but existing works have neglected the availability aspect of the protected applications’ performance.
In this proposal, we explore the development of novel and trustworthy systems for high-performance network applications along two different dimensions: (1) a shared SGX enclave architecture for mutually distrusted application threads’ trusted computation, and (2) a secure and high-performance routing system. The proposal first uncovers the feasibility of “sharing” notion on a hardware SGX enclave, which is well-known solely for its isolation property. Then, we propose an enclaved system that enables mutually distrusted application threads to “share” an enclave for their trusted computations, without leaking one thread’s enclave secret to other threads. In the second part of this proposal, we propose a secure routing architecture for traffic-intensive network services, with high availability assurance on performance. Although we consider powerful system software as an adversary, we show that it is possible to safeguard the integrity, confidentiality, and the availability of the high-performance. These security premises come with a minimal trade-off on network throughput and latency. To the best of our reckoning, the aforementioned works are initiative towards building next-generation network services that support diversity and sophistication of future applications. |
