A lease is an important primitive for building distributed protocols, and it is ubiquitously employed in distributed systems. However, the scope of the classic lease abstraction is restricted to the trusted computing infrastructure. Unfortunately, this important primitive cannot be employed in the untrusted computing infrastructure because the trusted execution environments (TEEs) do not provide a trusted time source. In the untrusted environment, an adversary can easily manipulate the system clock to violate the correctness properties of lease-based systems. We tackle this problem by introducing trusted lease -- a lease that maintains its correctness properties even in the presence of a clock-manipulating attacker. To achieve these properties, we follow a "trust but verify" approach for an untrusted timer, and transform it into a trusted timing primitive by leveraging two hardware-assisted ISA extensions (Intel TSX and SGX) available in commodity CPUs. We provide a design and implementation of trusted lease in a system called T-Lease -- the first trusted lease system that achieves high security, performance, and precision. For the application developers, T-Lease exposes an easy-to-use generic APIs that facilitate its usage to build a wide range of distributed protocols.
翻译:租赁是建造分布式协议的重要原始设备, 且在分布式系统中广泛使用。 但是, 经典租赁抽象的范围仅限于信任的计算机基础设施。 不幸的是, 这一重要原始设备无法在不信任的计算机基础设施中使用, 因为信任的执行环境(TEEs) 无法提供信任的时间源。 在不信任的环境中, 对手可以很容易地操纵系统时钟, 以破坏基于租赁的系统的正确性能。 我们通过引入信任的租赁来解决这个问题, 即便在有时钟控制攻击器的情况下, 也保持其正确性能的租赁。 为了实现这些特性, 我们遵循一种“ 信任但核查” 的方法, 并通过利用商品 CUPS 中现有的两个硬件辅助 ISA 扩展( Intel TSX 和 SGX ) 来将它转化为信任的时间原始化。 我们提供了在名为 T-Lis 的系统中的可靠租赁的设计和实施。 这个系统是第一个获得高度安全、 性能和精确性能的可靠租赁系统。 对于应用程序开发者来说, T-Lease 暴露了一种容易使用通用的通用 API 协议的范围, 以方便其使用。
相关内容
微信扫码咨询专知VIP会员