Blockchain technology promises to revolutionize manufacturing industries. For example, several supply-chain use-cases may benefit from transparent asset tracking and automated processes using smart contracts. Several real-world deployments exist where the transparency aspect of a blockchain is both an advantage and a disadvantage at the same time. The exposure of assets and business interaction represent critical risks. However, there are typically no confidentiality guarantees to protect the smart contract logic as well as the processed data. Trusted execution environments (TEE) are an emerging technology available in both edge or mobile-grade processors (e.g., Arm TrustZone) and server-grade processors (e.g., Intel SGX). TEEs shield both code and data from malicious attackers. This practical experience report presents TZ4Fabric, an extension of Hyperledger Fabric to leverage Arm TrustZone for the secure execution of smart contracts. Our design minimizes the trusted computing base executed by avoiding the execution of a whole Hyperledger Fabric node inside the TEE, which continues to run in untrusted environment. Instead, we restrict it to the execution of only the smart contract. The TZ4Fabric prototype exploits the open-source OP-TEE framework, as it supports deployments on cheap low-end devices (e.g., Raspberry Pis). Our experimental results highlight the performance trade-off due to the additional security guarantees provided by Arm TrustZone. TZ4Fabric will be released as open-source.
翻译:链链技术有可能使制造业发生革命性。例如,若干供应链使用案例可能受益于使用智能合同的透明资产跟踪和自动化流程。一些现实世界部署,因为链链的透明度一方面是一种优势,另一方面也是一个劣势。资产和商业互动暴露代表了重大风险。然而,通常没有保密保证来保护智能合同逻辑和处理的数据。信任的执行环境(TEE)是边缘或移动级处理器(例如Arm TrustZone)和服务器级处理器(例如,Intel SGX)中的一种新兴技术。一些实际部署存在,因为屏蔽链中的透明度一方面是优势,另一方面也是劣质袭击者提供代码和数据。这份实际经验报告向TZ4Fabric展示了超力加力的Fabric扩展,以利用Arm Trustone来安全执行智能合同。我们的设计通过避免在TEE内部执行整个超力型开端的Fabric节点将持续在不受信任的环境中运行。相反,我们将它限制地将其执行到只有智能的O-rbliereal Trust 。T-Trading the Pal Exliflishal trust for the the ex