Remote attestation (RA) authenticates code running in trusted execution environments (TEEs), allowing trusted code to be deployed even on untrusted hosts. However, trust relationships established by one component in a distributed application may impact the security of other components, making it difficult to reason about the security of the application as a whole. Furthermore, traditional RA approaches interact badly with modern web service design, which tends to employ small interacting microservices, short session lifetimes, and little or no state. This paper presents the Decent Application Platform, a framework for building secure decentralized applications. Decent applications authenticate and authorize distributed enclave components using a protocol based on self-attestation certificates, a reusable credential based on RA and verifiable by a third party. Components mutually authenticate each other not only based on their code, but also based on the other components they trust, ensuring that no transitively-connected components receive unauthorized information. While some other TEE frameworks support mutual authentication in some form, Decent is the only system that supports mutual authentication without requiring an additional trusted third party besides the trusted hardware's manufacturer. We have verified the secrecy and authenticity of Decent application data in ProVerif, and implemented two applications to evaluate Decent's expressiveness and performance: DecentRide, a ride-sharing service, and DecentHT, a distributed hash table. On the YCSB benchmark, we show that DecentHT achieves 7.5x higher throughput and 3.67x lower latency compared to a non-Decent implementation.
翻译:远程证明 (RA) 认证了在可信任的执行环境中运行的代码(TEEs), 允许即使是在不信任的东道方上部署可信任的代码。 但是,一个组成部分在分布式应用程序中建立的信任关系可能会影响其他组成部分的安全,因此很难解释整个应用程序的安全性。 此外,传统的RA 方法与现代网络服务设计发生不良互动,而现代网络服务设计往往使用小型互动的微观服务、短会期和很少或根本没有使用。本文展示了体面应用平台,这是一个建设安全分散应用程序的框架。体面应用认证并授权分布式飞地组件使用基于自证证书的协议,一个基于RA的可重新使用的认证证书,可能会影响其他组成部分的安全性,使得很难解释整个应用程序的安全性。 传统的RA方法不仅基于其代码,而且还基于其他组成部分,确保没有中转连接的组件获得未经授权的信息。 虽然其他一些TE框架支持某种形式的相互认证,但体面是支持相互认证的唯一系统,而不需要信任的硬件制造商以外的第三方。 我们核查了基于自我确认的保密性和真实性应用数据的真实性, 在 ProVIFD 标准化平台上, 展示了两个业绩。