View
19
Download
0
Category
Preview:
Citation preview
STANlite – a database engine for secure dataprocessing at rack-scale levelIEEE International Conference on Cloud Engineering (IC2E’18)V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza, April 20, 2018This work was partly supported by the DFG under priority program SPP2037
Institute of Operating Systemsand Computer Networks
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Intro
Data processing in cloud databases – commonly used practiceLeakage of security sensitive informationCompromising of data processing
Mechanisms of prevention:Own trusted infrastructureSecure processorsHomomorphic encryption
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 2STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Intro
Data processing in cloud databases – commonly used practiceLeakage of security sensitive informationCompromising of data processing
Mechanisms of prevention:Own trusted infrastructureSecure processorsHomomorphic encryption
Intel Software Guard eXtensions (SGX)Trusted execution in untrusted environments
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 2STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Trusted execution in untrusted environments
SGX Enclaves – new system entities:Located in User spacePhysical pages are encryptedCannot be accessed by devices or software
Enclave
Hardware
Ecall CB table
sgx_ecall
CB function
Hypervisor
Operating System
App. App.
TCB
Hardware
Hypervisor
Operating System
App. App.
Without an enclave With an enclave
Trusted Computing Base
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 3STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Trusted execution in untrusted environments
SGX Enclaves – new system entities:Located in User spacePhysical pages are encryptedCannot be accessed by devices or software
Enclave
Hardware
Ecall CB table
sgx_ecall
CB function
Hypervisor
Operating System
App. App.
TCB
Hardware
Hypervisor
Operating System
App. App.
Without an enclave With an enclave
Trusted Computing Base
⇒ Trusted execution on commodity hardware
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 3STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Programming of enclaves
Challenges:Software should be self-contained and fully located inside an enclave
No dependencies
Some instructions are forbiddenNo System calls
ECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes
At least in 50 times slower than a system call [1, 2]
Paging
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Programming of enclaves
Challenges:Software should be self-contained and fully located inside an enclave
No dependenciesSome instructions are forbidden
No System calls
ECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes
At least in 50 times slower than a system call [1, 2]
Paging
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Programming of enclaves
Challenges:Software should be self-contained and fully located inside an enclave
No dependenciesSome instructions are forbidden
No System callsECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes
At least in 50 times slower than a system call [1, 2]
Paging
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Programming of enclaves
Challenges:Software should be self-contained and fully located inside an enclave
No dependenciesSome instructions are forbidden
No System callsECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes
At least in 50 times slower than a system call [1, 2]
Paging
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Enclave Page Cache (EPC) limit
0 100 2000
200
400
600
800
92
244.8
memset chunk size (MiB)
mem
setspeed
(MiB
/sec)
0
50
100
35.3
%
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 5STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
EPC limit
0 100 2000
200
400
600
800
92
244.8
memset chunk size (MiB)
mem
setspeed
(MiB
/sec)
0
50
100
35.3
%˜92 MiB are availableHeavyweight paging
Involves a kernelThreads should exitEncryption/decryptionIntegrity protection
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 5STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
STANlite
STANlite: a secure database for data processing in cloudsBuilt on top of SGX EnclavesProcesses large volumes of data without pagingECall-free high-performance communications over Remote DirectMemory Access (RDMA)
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 6STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Agenda
Implementation of key components
Evaluation
Related works
Conclusion
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 7STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
STANlite
Enclaved software can access untrusted memoryThe database can manage own pages
Swap in and swap out on requestKeep frequently used content insideEvict rarely used content in encrypted form
Fix memory layout to prevent the heavyweightpaging
Database engine
Heap
Content
0x0
Evicted Pages
0xff..f
Encla
ve 9
2MiB
in si
ze
Database engine
EPC
DRAM
Process virtual memory
⇒ Special Virtual Memory Engine (VME)
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 8STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Architecture
VME components:Warm StoreCold StoreLeast Recently Used list
Swapping:Encryption/DecryptionHash sums for rollbackattacks prevention
VME
C2C0C4C5
Warm Store
SQL Engine
XXC1XXC3XXXX
Cold Store
Enclave Virtual Memory Engine
encrypt
decrypt
write
read
Com
mun
icatio
n La
yer
Client
Client
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 9STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Table of Contents
Implementation of key components
Evaluation
Related works
Conclusion
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 10STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
The basis
SQLite as SQL engine:
Low footprintRead/Write semantic
VME Integration:OS InterfaceDisabled Pager
Three VME modes
STAN
lite
Core
Back
end
Communication layer
SQL command processor
Pager
Interface
Virtual Machine
B-Tree
OS Interface
VME
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 11STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
VME mode: Integrity and Confidentiality (Integrity)
SQL Engine
C0C1C2C3C4C5
Cold StoreEnclave
write C4encrypt C4
CFI
read C1decrypt C1
VME
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 12STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
VME mode: +Cache (Caching)
SQL Engine
XXC1C2C3XXXX
Cold StoreEnclave VME
C0C5C4write C4
Warm Store
CFI
read C3decrypt
encrypt
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 13STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
VME mode: +Fetch (Fetching)
SQL Engine
XXC1C2C3XXXX
Cold StoreEnclave VME
C0C5C4fetch C4
fetch C1
Warm Store
CFI
fetch C5
X
decrypt C1
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 14STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Table of Contents
Implementation of key components
Evaluation
Related works
Conclusion
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 15STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Evaluation
Goals:Compare virtual memory engines in synthetic testsReal-life performance
Benchmarks:Microbenchmark: a database with random accessSpeedtest1 benchmark: compares different request typesTPC-C benchmark: real-life load
Setups:VME modes: Integrity, Caching, FetchingBaselines: Enclaved vanilla SQLite, Non-enclaved vanilla SQLite
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 16STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Microbenchmark
0 100 200 300 400 5000
1
2
·106
Database Size (MiB)
RequestsperS
econd
SQLiteEncl. SQLite
IntegrityCachingFetching0
50
100%
CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR;INSERT INTO stest (BODY) VALUES(’<...>’))SELECT * FROM stest ORDER BY RANDOM() LIMIT 1
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Microbenchmark
0 100 200 300 400 5000
1
2
·106
Database Size (MiB)
RequestsperS
econd
SQLiteEncl. SQLite
IntegrityCachingFetching0
50
100%
CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR;INSERT INTO stest (BODY) VALUES(’<...>’))SELECT * FROM stest ORDER BY RANDOM() LIMIT 1
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Microbenchmark
0 100 200 300 400 5000
1
2
·106
Database Size (MiB)
RequestsperS
econd
SQLiteEncl. SQLite
IntegrityCachingFetching0
50
100%
CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR;INSERT INTO stest (BODY) VALUES(’<...>’))SELECT * FROM stest ORDER BY RANDOM() LIMIT 1
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Microbenchmark
0 100 200 300 400 5000
1
2
·106
Database Size (MiB)
RequestsperS
econd
SQLiteEncl. SQLite
IntegrityCachingFetching0
50
100%
CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR;INSERT INTO stest (BODY) VALUES(’<...>’))SELECT * FROM stest ORDER BY RANDOM() LIMIT 1
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Microbenchmark
0 100 200 300 400 5000
1
2
·106
Database Size (MiB)
RequestsperS
econd
SQLiteEncl. SQLite
IntegrityCachingFetching0
50
100%
CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR;INSERT INTO stest (BODY) VALUES(’<...>’))SELECT * FROM stest ORDER BY RANDOM() LIMIT 1
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Speedtest1
VMEs show better performance (1.52×–2×) for:SELECT, UPDATE, DELETE, 4-way JOINs, subquery, ANALYZE
Enclaved SQLite shows better performance (1%–27%) for:INDEX, DELETE with refill, refillconsumes heap memory
Warm Cache improves performance (up to 2×):Integrity check, refill
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 18STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
TPC-C
0 5 10 15 200
1
2
3
·104
Number of Warehouses
TransactionperS
econd
SQLiteEncl. SQLite
CachingFetching
0
20
40
60
80
100
%
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
TPC-C
0 5 10 15 200
1
2
3
·104
Number of Warehouses
TransactionperS
econd
SQLiteEncl. SQLite
CachingFetching
0
20
40
60
80
100
%
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
TPC-C
0 5 10 15 200
1
2
3
·104
Number of Warehouses
TransactionperS
econd
SQLiteEncl. SQLite
CachingFetching
0
20
40
60
80
100
%
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
TPC-C
0 5 10 15 200
1
2
3
·104
Number of Warehouses
TransactionperS
econd
SQLiteEncl. SQLite
CachingFetching
0
20
40
60
80
100
%
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Table of Contents
Implementation of key components
Evaluation
Related works
Conclusion
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 20STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Related work
Eleos – Paging for C++-based programsDifferent memory typesMultiple VME modes
Panoply, Graphene-SGX, SCONE – environments for legacyapplications
Increase Trusted Computing Base and memory consumptionGlamdring – code partitioning
We virtualise storage memory
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 21STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
Table of Contents
Implementation of key components
Evaluation
Related works
Conclusion
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 22STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
ConclusionIntel SGX
Trusted execution in untrusted environmentChallenges: EPC limit, ECalls
STANliteEnclaved in-memory databaseVirtual memory engineRDMA-based communication layer
EvaluationMicrobenchmark: 4.44×Speedtest1: 1.79×TPC-C (2GiB): 2.44×
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 23STANlite – a database engine for secure data processing at rack-scale level
Design of STANlite Implementation of key components Evaluation Related works Conclusion
References
M. Orenbach, P. Lifshits, M. Minkin, and M. Silberstein, “Eleos: ExitLess OS Servicesfor SGX Enclaves,” in EuroSys, 2017, pp. 238–253.
O. Weisse, V. Bertacco, and T. Austin, “Regaining Lost Cycles with HotCalls: A FastInterface for SGX Secure Enclaves,” in Proceedings of the 44th Annual InternationalSymposium on Computer Architecture, 2017, pp. 81–93.
V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 24STANlite – a database engine for secure data processing at rack-scale level
Recommended