STANlite – a database engine for secure data …...STANlite – a database engine for secure data processing at rack-scale level IEEE International Conference on Cloud Engineering

STANlite – a database engine for secure dataprocessing at rack-scale levelIEEE International Conference on Cloud Engineering (IC2E’18)V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza, April 20, 2018This work was partly supported by the DFG under priority program SPP2037

Institute of Operating Systemsand Computer Networks

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Intro

Data processing in cloud databases – commonly used practiceLeakage of security sensitive informationCompromising of data processing

Mechanisms of prevention:Own trusted infrastructureSecure processorsHomomorphic encryption

V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 2STANlite – a database engine for secure data processing at rack-scale level


Intro

Data processing in cloud databases – commonly used practiceLeakage of security sensitive informationCompromising of data processing

Mechanisms of prevention:Own trusted infrastructureSecure processorsHomomorphic encryption

Intel Software Guard eXtensions (SGX)Trusted execution in untrusted environments



Trusted execution in untrusted environments

SGX Enclaves – new system entities:Located in User spacePhysical pages are encryptedCannot be accessed by devices or software

Enclave

Hardware

Ecall CB table

sgx_ecall

CB function

Hypervisor

Operating System

App. App.

TCB

Hardware

Hypervisor

Operating System

App. App.

Without an enclave With an enclave

Trusted Computing Base



Trusted execution in untrusted environments

SGX Enclaves – new system entities:Located in User spacePhysical pages are encryptedCannot be accessed by devices or software

Enclave

Hardware

Ecall CB table

sgx_ecall

CB function

Hypervisor

Operating System

App. App.

TCB

Hardware

Hypervisor

Operating System

App. App.

Without an enclave With an enclave

Trusted Computing Base

⇒ Trusted execution on commodity hardware



Programming of enclaves

Challenges:Software should be self-contained and fully located inside an enclave

No dependencies

Some instructions are forbiddenNo System calls

ECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes

At least in 50 times slower than a system call [1, 2]

Paging





No dependenciesSome instructions are forbidden

No System calls

ECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes


Paging






No System callsECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes


Paging






No System callsECalls and OCalls – expensive switching mechanisms between trustedand untrusted modes


Paging



Enclave Page Cache (EPC) limit

0 100 2000

200

400

600

800

92

244.8

memset chunk size (MiB)

mem

setspeed

(MiB

/sec)

0

50

100

35.3

%



EPC limit

0 100 2000

200

400

600

800

92

244.8

memset chunk size (MiB)

mem

setspeed

(MiB

/sec)

0

50

100

35.3

%˜92 MiB are availableHeavyweight paging

Involves a kernelThreads should exitEncryption/decryptionIntegrity protection



STANlite

STANlite: a secure database for data processing in cloudsBuilt on top of SGX EnclavesProcesses large volumes of data without pagingECall-free high-performance communications over Remote DirectMemory Access (RDMA)



Agenda

Implementation of key components

Evaluation

Related works

Conclusion



STANlite

Enclaved software can access untrusted memoryThe database can manage own pages

Swap in and swap out on requestKeep frequently used content insideEvict rarely used content in encrypted form

Fix memory layout to prevent the heavyweightpaging

Database engine

Heap

Content

0x0

Evicted Pages

0xff..f

Encla

ve 9

2MiB

in si

ze

Database engine

EPC

DRAM

Process virtual memory

⇒ Special Virtual Memory Engine (VME)



Architecture

VME components:Warm StoreCold StoreLeast Recently Used list

Swapping:Encryption/DecryptionHash sums for rollbackattacks prevention

VME

C2C0C4C5

Warm Store

SQL Engine

XXC1XXC3XXXX

Cold Store

Enclave Virtual Memory Engine

encrypt

decrypt

write

read

Com

mun

icatio

n La

yer

Client

Client



Table of Contents


Evaluation

Related works

Conclusion



The basis

SQLite as SQL engine:

Low footprintRead/Write semantic

VME Integration:OS InterfaceDisabled Pager

Three VME modes

STAN

lite

Core

Back

end

Communication layer

SQL command processor

Pager

Interface

Virtual Machine

B-Tree

OS Interface

VME



VME mode: Integrity and Confidentiality (Integrity)

SQL Engine

C0C1C2C3C4C5

Cold StoreEnclave

write C4encrypt C4

CFI

read C1decrypt C1

VME



VME mode: +Cache (Caching)

SQL Engine

XXC1C2C3XXXX

Cold StoreEnclave VME

C0C5C4write C4

Warm Store

CFI

read C3decrypt

encrypt



VME mode: +Fetch (Fetching)

SQL Engine

XXC1C2C3XXXX

Cold StoreEnclave VME

C0C5C4fetch C4

fetch C1

Warm Store

CFI

fetch C5

X

decrypt C1



Table of Contents


Evaluation

Related works

Conclusion



Evaluation

Goals:Compare virtual memory engines in synthetic testsReal-life performance

Benchmarks:Microbenchmark: a database with random accessSpeedtest1 benchmark: compares different request typesTPC-C benchmark: real-life load

Setups:VME modes: Integrity, Caching, FetchingBaselines: Enclaved vanilla SQLite, Non-enclaved vanilla SQLite



Microbenchmark

0 100 200 300 400 5000

1

2

·106

Database Size (MiB)

RequestsperS

econd

SQLiteEncl. SQLite

IntegrityCachingFetching0

50

100%

CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR;INSERT INTO stest (BODY) VALUES(’<...>’))SELECT * FROM stest ORDER BY RANDOM() LIMIT 1



Microbenchmark

0 100 200 300 400 5000

1

2

·106

Database Size (MiB)

RequestsperS

econd

SQLiteEncl. SQLite


50

100%




Microbenchmark

0 100 200 300 400 5000

1

2

·106

Database Size (MiB)

RequestsperS

econd

SQLiteEncl. SQLite


50

100%




Microbenchmark

0 100 200 300 400 5000

1

2

·106

Database Size (MiB)

RequestsperS

econd

SQLiteEncl. SQLite


50

100%




Microbenchmark

0 100 200 300 400 5000

1

2

·106

Database Size (MiB)

RequestsperS

econd

SQLiteEncl. SQLite


50

100%




Speedtest1

VMEs show better performance (1.52×–2×) for:SELECT, UPDATE, DELETE, 4-way JOINs, subquery, ANALYZE

Enclaved SQLite shows better performance (1%–27%) for:INDEX, DELETE with refill, refillconsumes heap memory

Warm Cache improves performance (up to 2×):Integrity check, refill



TPC-C

0 5 10 15 200

1

2

3

·104

Number of Warehouses

TransactionperS

econd

SQLiteEncl. SQLite

CachingFetching

0

20

40

60

80

100

%



TPC-C

0 5 10 15 200

1

2

3

·104


TransactionperS

econd

SQLiteEncl. SQLite

CachingFetching

0

20

40

60

80

100

%



TPC-C

0 5 10 15 200

1

2

3

·104


TransactionperS

econd

SQLiteEncl. SQLite

CachingFetching

0

20

40

60

80

100

%



TPC-C

0 5 10 15 200

1

2

3

·104


TransactionperS

econd

SQLiteEncl. SQLite

CachingFetching

0

20

40

60

80

100

%



Table of Contents


Evaluation

Related works

Conclusion



Related work

Eleos – Paging for C++-based programsDifferent memory typesMultiple VME modes

Panoply, Graphene-SGX, SCONE – environments for legacyapplications

Increase Trusted Computing Base and memory consumptionGlamdring – code partitioning

We virtualise storage memory



Table of Contents


Evaluation

Related works

Conclusion



ConclusionIntel SGX

Trusted execution in untrusted environmentChallenges: EPC limit, ECalls

STANliteEnclaved in-memory databaseVirtual memory engineRDMA-based communication layer

EvaluationMicrobenchmark: 4.44×Speedtest1: 1.79×TPC-C (2GiB): 2.44×



References

M. Orenbach, P. Lifshits, M. Minkin, and M. Silberstein, “Eleos: ExitLess OS Servicesfor SGX Enclaves,” in EuroSys, 2017, pp. 238–253.

O. Weisse, V. Bertacco, and T. Austin, “Regaining Lost Cycles with HotCalls: A FastInterface for SGX Secure Enclaves,” in Proceedings of the 44th Annual InternationalSymposium on Computer Architecture, 2017, pp. 81–93.


Documents

STANlite – a database engine for secure data …...STANlite – a database engine for secure data processing at rack-scale level IEEE International Conference on Cloud Engineering