research-article

T-Lease: a trusted lease primitive for distributed systems

Authors:

Oleksii Oleksenko,

Pramod Bhatotia,

Christof FetzerAuthors Info & Claims

SoCC '20: Proceedings of the 11th ACM Symposium on Cloud Computing

Pages 387 - 400

https://doi.org/10.1145/3419111.3421273

Published: 12 October 2020 Publication History

Abstract

A lease is an important primitive for building distributed protocols, and it is ubiquitously employed in distributed systems. However, the scope of the classic lease abstraction is restricted to the trusted computing infrastructure. Unfortunately, this important primitive cannot be employed in the untrusted computing infrastructure because the trusted execution environments (TEEs) do not provide a trusted time source. In the untrusted environment, an adversary can easily manipulate the system clock to violate the correctness properties of lease-based systems.

We tackle this problem by introducing trusted lease---a lease that maintains its correctness properties even in the presence of a clock-manipulating attacker. To achieve these properties, we follow a "trust but verify" approach for an untrusted timer, and transform it into a trusted timing primitive by leveraging two hardware-assisted ISA extensions (Intel TSX and SGX) available in commodity CPUs. We provide a design and implementation of trusted lease in a system called T-Lease---the first trusted lease system that achieves high security, performance, and precision. For the application developers, T-Lease exposes an easy-to-use generic APIs that facilitate its usage to build a wide range of distributed protocols.

Supplementary Material

MP4 File (p387-trach-presentation.mp4)

Download
410.62 MB

References

[1]

Azure Stack. https://azure.microsoft.com/en-us/overview/azure-stack/, accessed on 10/08/2020.

[2]

Data-in-use protection on IBM Cloud using Intel SGX. https://www.ibm.com/cloud/blog/data-use-protection-ibm-cloud-using-intel-sgx, accessed on 10/08/2020.

[3]

Intel Multi-Buffer Crypto for IPsec Library. https://github.com/intel/intel-ipsec-mb, accessed on 10/08/2020.

[4]

vdso(7) - Linux manual page. https://man7.org/linux/man-pages/man7/vdso.7.html, accessed on 10/08/2020.

[5]

A. Adya, W. J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. R. Douceur, J. Howell, J. R. Lorch, M. Theimer, and R. P. Wattenhofer. Farsite: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2002.

[6]

A. Adya, D. Myers, J. Howell, J. Elson, C. Meek, V. Khemani, S. Fulger, P. Gu, L. Bhuvanagiri, J. Hunter, R. Peon, L. Kai, A. Shraer, A. Merchant, and K. Lev-Ari. Slicer: Auto-Sharding for Datacenter Applications. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2016.

[7]

M. K. Aguilera, A. Merchant, M. Shah, A. Veitch, and C. Karamanolis. Sinfonia: A New Paradigm for Building Scalable Distributed Systems. In ACM Symposium on Operating Systems Principles (SOSP), 2007.

[8]

F. Alder, N. Asokan, A. Kurnikov, A. Paverd, and M. Steiner. S-FaaS: Trustworthy and Accountable Function-as-a-Service Using Intel SGX. In ACM SIGSAC Conference on Cloud Computing Security Workshop (CCSW), 2019.

Digital Library

[9]

F. M. Anwar and M. B. Srivastava. Applications and Challenges in Securing Time. In USENIX Workshop on Cyber Security Experimentation and Test, (CSET), 2019.

[10]

S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe, M. L. Stillwell, D. Goltzsche, D. Eyers, R. Kapitza, P. Pietzuch, and C. Fetzer. SCONE: Secure Linux Containers with Intel SGX. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2016.

[11]

W. Arthur and D. Challener. A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security. Apress, 2015.

[12]

M. Bailleu, D. Dragoti, P. Bhatotia, and C. Fetzer. Tee-perf: A profiler for trusted execution environments. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2019.

[13]

M. Bailleu, J. Thalheim, P. Bhatotia, C. Fetzer, M. Honda, and K. Vaswani. SPEICHER: Securing LSM-based Key-Value Stores using Shielded Execution. In USENIX Conference on File and Storage Technologies (FAST), 2019.

[14]

M. Burrows. The Chubby Lock Service for Loosely-coupled Distributed Systems. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2006.

[15]

S. Chen, X. Zhang, M. K. Reiter, and Y. Zhang. Detecting Privileged Side-Channel Attacks in Shielded Execution with DéJà Vu. In Asia Conference on Computer and Communications Security (ASIA CCS), 2017.

[16]

Corbett et al. Spanner: Google's Globally-Distributed Database. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2012.

[17]

V. Costan and S. Devadas. Intel SGX Explained. IACR Cryptology ePrint Archive, 2016.

[18]

V. Costan and S. Devadas. Intel SGX Explained. Cryptology ePrint Archive, Report 2016/086, 2016.

[19]

DPDK Project. DPDK Getting Started Guide for Linux, 2019.

[20]

A. Dragojevic, D. Narayanan, E. Nightingale, M. Renzelmann, A. Shamis, A. Badam, and M. Castro. No compromises: distributed transactions with consistency, availability, and performance. In ACM Symposium on Operating Systems Principles (SOSP), 2015.

Digital Library

[21]

C. Fetzer and F. Cristian. A Highly Available Local Leader Election Service. IEEE Transactions on Software Engineering, 1999.

[22]

S. Ghemawat, H. Gobioff, and S.-T. Leung. The Google File System. In ACM Symposium on Operating Systems Principles (SOSP), 2003.

[23]

C. Gray and D. Cheriton. Leases: An Efficient Fault-tolerant Mechanism for Distributed File Cache Consistency. In ACM Symposium on Operating Systems Principles (SOSP), 1989.

[24]

H. S. Gunawi, M. Hao, T. Leesatapornwongsa, T. Patana-anake, T. Do, J. Adityatama, K. J. Eliazar, A. Laksono, J. F. Lukman, V. Martin, and A. D. Satria. What Bugs Live in the Cloud? A Study of 3000+ Issues in Cloud Systems. In ACM Symposium on Cloud Computing (SoCC), 2014.

Digital Library

[25]

M. Hamburg, P. Kocher, and M. E. Marson. Analysis of Intel's Ivy Bridge digital random number generator. Technical report, Cryptography Research, Inc., 2012.

[26]

P. Huang, C. Guo, J. R. Lorch, L. Zhou, and Y. Dang. Capturing and Enhancing in Situ System Observability for Failure Detection. In USENIX Conference on Operating Systems Design and Implementation (OSDI), 2018.

[27]

P. Hunt, M. Konar, F. P. Junqueira, and B. Reed. ZooKeeper: Wait-free Coordination for Internet-scale Systems. In USENIX Annual Technical Conference (USENIX ATC), 2010.

[28]

F. Hupfeld, B. Kolbeck, J. Stender, M. Högqvist, T. Cortes, J. Martí, and J. Malo. FaTLease: scalable fault-tolerant lease negotiation with Paxos. Cluster Computing, 2009.

[29]

Intel Corporation. IA-PC HPET (High Precision Event Timers), 2004.

[30]

Intel Corporation. Intel^® Software Guard Extensions SDK for Linux OS, 2017.

[31]

Intel Corporation. Intel® Digital Random Number Generator (DRNG) Software Implementation Guide, Revision 2.1, October 2018.

[32]

Intel Corporation. Intel^® 64 and IA-32 Architectures Software Developer's Manual, 2018.

[33]

J. J. Kistler and M. Satyanarayanan. Disconnected Operation in the Coda File System. In ACM Symposium on Operating Systems Principles (SOSP), 1991.

[34]

R. Kotla, T. Rodeheffer, I. Roy, P. Stuedi, and B. Wester. Pasture: Secure offline data access using commodity trusted hardware. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2012.

[35]

R. Krahn, B. Trach, A. Vahldiek-Oberwagner, T. Knauth, P. Bhatotia, and C. Fetzer. Pesos: Policy enhanced secure object store. In Proceedings of the Thirteenth EuroSys Conference (EuroSys), 2018.

Digital Library

[36]

D. Kuvaiskii, R. Faqeh, P. Bhatotia, P. Felber, and C. Fetzer. HAFT: Hardware-assisted fault tolerance. In Proceedings of the Eleventh European Conference on Computer Systems (EuroSys), 2016.

Digital Library

[37]

D. Kuvaiskii, O. Oleksenko, S. Arnautov, B. Trach, P. Bhatotia, P. Felber, and C. Fetzer. SGXBOUNDS: Memory Safety for Shielded Execution. In European Conference on Computer Systems (EuroSys), 2017.

Digital Library

[38]

L. Lamport. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Longman Publishing Co., 2002.

[39]

B. W. Lampson. How to Build a Highly Available System Using Consensus. In International Workshop on Distributed Algorithms (WDAG), 1996.

[40]

D. Lee, D. Kohlbrenner, S. Shinde, K. Asanović, and D. Song. Keystone: An Open Framework for Architecting Trusted Execution Environments. In European Conference on Computer Systems (EuroSys), 2020.

[41]

D. Levin, J. R. Douceur, J. R. Lorch, and T. Moscibroda. TrInc: Small Trusted Hardware for Large Distributed Systems. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2009.

[42]

H. Liang, M. Li, Q. Zhang, Y. Yu, L. Jiang, and Y. Chen. Aurora: Providing Trusted System Services for Enclaves On an Untrusted System. CoRR, 2018.

[43]

S. Matetic, M. Ahmed, K. Kostiainen, A. Dhar, D. M. Sommer, A. Gervais, A. Juels, and S. Capkun. ROTE: rollback protection for trusted execution. In USENIX Security Symposium, (USENIX Security), 2017.

[44]

D. Mazières. A Toolkit for User-Level File Systems. In USENIX Annual Technical Conference (USENIX ATC), 2001.

[45]

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. In International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2013.

[46]

I. Moraru, D. G. Andersen, and M. Kaminsky. Paxos Quorum Leases: Fast Reads Without Sacrificing Writes. In ACM Symposium on Cloud Computing (SoCC), 2014.

Digital Library

[47]

A. Muthitacharoen, B. Chen, and D. Mazières. A Low-bandwidth Network File System. In ACM Symposium on Operating Systems Principles (SOSP), 2001.

Digital Library

[48]

R. Nishtala, H. Fugal, S. Grimm, M. Kwiatkowski, H. Lee, H. C. Li, R. McElroy, M. Paleczny, D. Peek, P. Saab, D. Stafford, T. Tung, and V. Venkataramani. Scaling Memcache at Facebook. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2013.

[49]

O. Oleksenko, D. Kuvaiskii, P. Bhatotia, P. Felber, and C. Fetzer. Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 2018.

Digital Library

[50]

O. Oleksenko, B. Trach, R. Krahn, M. Silberstein, and C. Fetzer. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In USENIX Annual Technical Conference (USENIX ATC), 2018.

[51]

B. Parno. Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers. ACM, 2014.

Digital Library

[52]

B. Parno, J. R. Lorch, J. R. Douceur, J. W. Mickens, and J. M. McCune. Memoir: Practical state continuity for protected modules. In IEEE Symposium on Security and Privacy, 2011.

Digital Library

[53]

S. Pinto and N. Santos. Demystifying Arm TrustZone: A Comprehensive Survey. ACM Computer Surveys, 2019.

Digital Library

[54]

R. Poddar, C. Lan, R. A. Popa, and S. Ratnasamy. SafeBricks: Shielding Network Functions in the Cloud. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2018.

[55]

D. L. Quoc, F. Gregor, R. Kunkel, S. Arnautov, P. Bhatotia, and C. Fetzer. secureTF: A secure tensorflow framework. In 21st International Middleware Conference (Middleware), 2020.

[56]

N. Santos, K. P. Gummadi, and R. Rodrigues. Towards Trusted Cloud Computing. In USENIX Workshop on Hot Topics in Cloud Computing (HotCloud), 2009.

[57]

M. Schwarz, S. Weiser, D. Gruss, C. Maurice, and S. Mangard. Malware guard extension: Using sgx to conceal cache attacks. Detection of Intrusions and Malware, and Vulnerability Assessment (DIVMA), 2017.

[58]

K. Shvachko, H. Kuang, S. Radia, and R. Chansler. The hadoop distributed file system. In IEEE Symposium on Mass Storage Systems and Technologies (MSST), 2010.

Digital Library

[59]

B. Trach, A. Krohmer, S. Arnautov, F. Gregor, P. Bhatotia, and C. Fetzer. Slick: Secure middleboxes using shielded execution. CoRR, abs/1709.04226, 2017.

[60]

B. Trach, A. Krohmer, F. Gregor, S. Arnautov, P. Bhatotia, and C. Fetzer. ShieldBox: Secure Middleboxes Using Shielded Execution. In Symposium on SDN Research (SOSR), 2018.

Digital Library

[61]

B. Trach, O. Oleksenko, F. Gregor, P. Bhatotia, and C. Fetzer. Clemmys: Towards secure remote execution in faas. In 12th ACM International Conference on Systems and Storage (SYSTOR), 2019.

Digital Library

[62]

C.-C. Tsai, D. E. Porter, and M. Vij. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In USENIX Annual Technical Conference (USENIX ATC), 2017.

[63]

J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In USENIX Security Symposium, 2018.

Digital Library

[64]

O. Weisse, J. Van Bulck, M. Minkin, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, R. Strackx, T. F. Wenisch, and Y. Yarom. Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution. Technical report, 2018.

[65]

D. Y. Yoon, M. Chowdhury, and B. Mozafari. Distributed Lock Management with RDMA: Decentralization Without Starvation. In International Conference on Management of Data (SIGMOD), 2018.

Digital Library

[66]

H. Yu, L. Breslau, and S. Shenker. A Scalable Web Cache Consistency Architecture. In Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM), 1999.

Digital Library

[67]

Y. Yu, P. Manolios, and L. Lamport. Model Checking TLA+ Specifications. In Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME), 1999.

Cited By

Ishiguro JShinjo YSoyama A(2024)Controlled Copying of Persistent Data Between end Users' SGX Enclaves over an Untrusted Network2024 International Symposium on Parallel Computing and Distributed Systems (PCDS)10.1109/PCDS61776.2024.10743591(1-10)Online publication date: 21-Sep-2024
https://doi.org/10.1109/PCDS61776.2024.10743591
Park JKang SLee SKim TPark JKwon YHuh J(2023)Hardware Hardened Sandbox Enclaves for Trusted Serverless ComputingACM Transactions on Architecture and Code Optimization10.1145/3632954Online publication date: 14-Nov-2023
https://dl.acm.org/doi/10.1145/3632954
Briongos SKarame GSoriente CWilde A(2023)No Forking Way: Detecting Cloning Attacks on Intel SGX ApplicationsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627187(744-758)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627187
Show More Cited By

Recommendations

Lease Accounting with SAP: IFRS 16 and ASC 842 SAP RE-FX and SAP Lease Administration by Nakisa (SAP PRESS)
Lease Data Center in the Light of Network Resources: An Economic Model
IMCCC '14: Proceedings of the 2014 Fourth International Conference on Instrumentation and Measurement, Computer, Communication and Control

Current data centers in cloud computing have flexible mechanisms to lease compute resources, but provide little control mechanism to share network resource. Traffic flows from different tenants' VMs will competing network resource on the substrate ...
Usage-based dhcp lease time optimization
IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement

The Dynamic Host Configuration Protocol (DHCP) is used to dynamically allocate address space to hosts on a local area network. Despite its widespread usage, few studies exist on DHCP usage patterns, and even less is known about the importance of setting ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SoCC '20: Proceedings of the 11th ACM Symposium on Cloud Computing

October 2020

535 pages

ISBN:9781450381376

DOI:10.1145/3419111

General Chair:
Rodrigo Fonseca
Microsoft and Brown University
,
Program Chairs:
Christina Delimitrou
Cornell University
,
Beng Chin Ooi
National University of Singapore

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Technische Universität Dresden
Deutsche Forschungsgemeinschaft
Horizon 2020

Conference

SoCC '20

Sponsor:

SoCC '20: ACM Symposium on Cloud Computing

October 19 - 21, 2020

Virtual Event, USA

Acceptance Rates

SoCC '20 Paper Acceptance Rate 35 of 143 submissions, 24%;

Overall Acceptance Rate 169 of 722 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
363
Total Downloads

Downloads (Last 12 months)60
Downloads (Last 6 weeks)2

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ishiguro JShinjo YSoyama A(2024)Controlled Copying of Persistent Data Between end Users' SGX Enclaves over an Untrusted Network2024 International Symposium on Parallel Computing and Distributed Systems (PCDS)10.1109/PCDS61776.2024.10743591(1-10)Online publication date: 21-Sep-2024
https://doi.org/10.1109/PCDS61776.2024.10743591
Park JKang SLee SKim TPark JKwon YHuh J(2023)Hardware Hardened Sandbox Enclaves for Trusted Serverless ComputingACM Transactions on Architecture and Code Optimization10.1145/3632954Online publication date: 14-Nov-2023
https://dl.acm.org/doi/10.1145/3632954
Briongos SKarame GSoriente CWilde A(2023)No Forking Way: Detecting Cloning Attacks on Intel SGX ApplicationsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627187(744-758)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627187
Sha MLi JWang SLi FTan K(2023)TEE-based General-purpose Computational Backend for Secure Delegated Data ProcessingProceedings of the ACM on Management of Data10.1145/36267571:4(1-28)Online publication date: 12-Dec-2023
https://doi.org/10.1145/3626757
Fernandez GBrito AHartono ASardar MFetzer CFu SCarnevale LRana OVillari M(2023)LLD: A Last-Level Defense for Application Integrity and ConfidentialityProceedings of the IEEE/ACM 16th International Conference on Utility and Cloud Computing10.1145/3603166.3632127(1-10)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3603166.3632127
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Fernandez GBrito AFetzer C(2023)Triad: Trusted Timestamps in Untrusted Environments2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom59040.2023.00037(169-176)Online publication date: 4-Dec-2023
https://doi.org/10.1109/CloudCom59040.2023.00037
Unnibhavi HCerdeira DBarbalace ASantos NBhatotia PIves ZBonifati AEl Abbadi A(2022)Secure and Policy-Compliant Query Processing on Heterogeneous Computational Storage ArchitecturesProceedings of the 2022 International Conference on Management of Data10.1145/3514221.3517913(1462-1477)Online publication date: 10-Jun-2022
https://dl.acm.org/doi/10.1145/3514221.3517913
Giantsidi DBailleu MCrooks NBhatotia P(2022)Treaty: Secure Distributed Transactions2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00015(14-27)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00015
Thalheim JUnnibhavi HPriebe CBhatotia PPietzuch PBarbalace ABhatotia PAlvisi LCadar C(2021)rkt-ioProceedings of the Sixteenth European Conference on Computer Systems10.1145/3447786.3456255(490-506)Online publication date: 21-Apr-2021
https://dl.acm.org/doi/10.1145/3447786.3456255
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents