research-article

Securely deploying distributed computation systems on peer-to-peer networks

Authors:

Frank Piessens,

Raoul StrackxAuthors Info & Claims

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

Pages 328 - 337

https://doi.org/10.1145/3297280.3297315

Published: 08 April 2019 Publication History

Abstract

More and more off-the-shelf processors support the dynamic construction of Trusted Execution Environments. For instance, Intel Software Guard Extensions (Intel SGX) supports the construction of so-called enclaves on modern Intel Core processors. Hence, it is interesting to design and evaluate practical security architectures that leverage this new technology.

One of the possibilities of this new technology is that it enables deployment of traditional distributed applications that require a group of mutually trusting machines, on top of a group of mutually distrusting machines such as a peer-to-peer network. This paper proposes and evaluates an Intel SGX based approach to securely deploy a subset of distributed systems called distributed computation systems in a peer-to-peer fashion, with strong confidentiality and integrity guarantees and without modification of the original system.

The approach is evaluated by applying it to distcc, a distributed compiler. This result of this process is a new program called p2pcc, a distributed peer-to-peer compiler. We created two different versions of p2pcc. In the first version, any process spawned on one of the untrusted peers runs in its own enclave, thus providing a very fine-grained form of isolation. Our evaluation shows that the performance cost on today's Intel SGX implementation is too high. The second version of p2pcc groups all processes running on behalf of the same user within the same enclave, thus providing coarser isolation, but still providing strong isolation on all security boundaries. Our evaluation shows that the second approach has good performance while providing strong security guarantees even on current SGX processors.

Our results provide evidence that deploying existing distributed computation systems in a peer-to-peer fashion is practical.

References

[1]

Adil Ahmad, Kyungtae Kim, Muhammad Ihsanulhaq Sarfaraz, and Byoungyoung Lee. 2018. OBLIVIATE: A Data Oblivious File System for Intel SGX. (2018).

[2]

Ittai Anati, Shay Gueron, S Johnson, and V Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP'13), Vol. 13. ACM, New York, NY, USA.

[3]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, David Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). USENIX Association, Berkeley, CA, USA, 689--703.

Digital Library

[4]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In USENIX Symposium on Operating Systems Design and Implementation (OSDI'14).

Digital Library

[5]

Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel {SGX}. In Proceedings of the 27th USENIX Conference on Security Symposium. USENIX Association, 1213--1227.

Digital Library

[6]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. CoRR abs/1702.07521 (2017).

[7]

Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. 2016. SecureKeeper: Confidential ZooKeeper Using Intel SGX. In Proceedings of the 17th International Middleware Conference (Middleware '16). ACM, New York, NY, USA, Article 14, 13 pages.

Digital Library

[8]

Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1041--1056.

Digital Library

[9]

Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten Lai. 2018. SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution. (Feb. 2018).

[10]

Whitfield Diffie and Martin Hellman. 1976. New directions in cryptography. IEEE transactions on Information Theory 22, 6 (1976), 644--654.

Digital Library

[11]

Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang. 2015. M2R: Enabling Stronger Privacy in MapReduce Computation. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 447--462.

Digital Library

[12]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. 2003. Terra: A virtual machine-based platform for trusted computing, In Operating Systems Review. ACM SIGOPS Operating Systems Review 37, 193--206. Issue 5.

Digital Library

[13]

Github. {n. d.}. Most forked C/C++ repositories. https://github.com/search?l=c&p=1&q=stars%3A%3E1&s=forks&type=Repositories.

[14]

Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache Attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security (EuroSec' 17). ACM, New York, NY, USA, Article 2, 6 pages.

Digital Library

[15]

J.A. Halderman, S.D. Schoen, N. Heninger, W. Clarkson, W. Paul, J.A. Calandrino, A.J. Feldman, J. Appelbaum, and E.W. Felten. 2008. Lest we remember: Cold boot attacks on encryption keys. In USENIX Security Symposium (SSYM'08). ACM, New York, NY, USA, 45--60.

Digital Library

[16]

Gernot Heiser and Ben Leslie. 2010. The OKL4 Microvisor: Convergence point of microkernels and hypervisors. In Proceedings of the first ACM asia-pacific workshop on Workshop on systems. ACM, 19--24.

Digital Library

[17]

Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum. 2006. MINIX 3: A Highly Reliable, Self-repairing Operating System. SIGOPS Oper. Syst. Rev. 40, 3 (July 2006), 80--89.

Digital Library

[18]

Hewlett-Packard Corporation, Intel Corporation, Microsoft Corporation, Phoenix Technologies Ltd., and Toshiba Corporation. {n. d.}. Advanced Configuration and Power Interface Specification. www.acpi.info/DOWNLOADS/ACPIspec30.pdf.

[19]

Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP' 13). ACM, New York, NY, USA, 11.

Digital Library

[20]

Intel. {n. d.}. Remote Attestation - end to end example. https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example.

[21]

Florian Kelbert, Franz Gregor, Rafael Pires, Stefan Köpsell, Marcelo Pasin, Aurélien Havet, Valerio Schiavoni, Pascal Felber, Christof Fetzer, and Peter Pietzuch. 2017. SecureCloud: Secure big data processing in untrusted clouds. In Proceedings of the Conference on Design, Automation & Test in Europe. European Design and Automation Association, 282--285.

Digital Library

[22]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, et al. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles (SOSP'09). ACM, New York, NY, USA, 207--220.

Digital Library

[23]

Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: a security architecture for tiny embedded devices. In Proceedings of the Ninth European Conference on Computer Systems (EuroSys'14). ACM, New York, NY, USA, 10.

Digital Library

[24]

Hugo Krawczyk. 2003. SIGMA: The 'SIGn-and-MAc'approach to authenticated Diffie-Hellman and its use in the IKE protocols. In Annual International Cryptology Conference. Springer, 400--425.

[25]

Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent B Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. In USENIX Security. 523--539.

Digital Library

[26]

Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In 26th USENIX Security Symposium, USENIX Security. 16--18.

Digital Library

[27]

Jochen Liedtke. 1996. Toward Real Microkernels. Commun. ACM 39, 9 (1996), 77.

Digital Library

[28]

Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB Reduction and Attestation. In Proceedings of the IEEE Symposium on Security and Privacy (S&P' 10). IEEE Computer Society, Washington, DC, USA, 143--158.

Digital Library

[29]

Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An Execution Infrastructure for TCB Minimization. In Proceedings of the ACM European Conference in Computer Systems (EuroSys'08). ACM, New York, NY, USA, 315--328.

Digital Library

[30]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP' 13). ACM, New York, NY, USA, Article 10, 8 pages.

Digital Library

[31]

Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, and Frank Piessens. 2013. Sancus: Low-Cost Trustworthy Extensible Networked Devices with a Zero-Software Trusted Computing Base. In 22nd USENIX Security Symposium (SSYM' 13). USENIX Association.

Digital Library

[32]

Martin Pool. {n. d.}. distcc: a fast, free distributed C/C++ compiler. https://distcc.github.io/.

[33]

C. Priebe. 2018. SGX-LKL. https://github.com/lsds/sgx-lkl.

[34]

Ravi Sahita, Ulhas Warrier, and Prashant Dewan. 2009. Protecting Critical Applications on Mobile Platforms. Intel Technology Journal 13, 2 (June 2009), 16--35.

[35]

Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy Data Analytics in the Cloud using SGX. In 36th IEEE Symposium on Security and Privacy. IEEE - Institute of Electrical and Electronics Engineers.

Digital Library

[36]

Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'17).

[37]

Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In NDSS.

[38]

Dmitry Sklyarov. 2017. Intel ME: The Way of Static Analysis. http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html.

[39]

Raoul Strackx, Pieter Philippaerts, and Frédéric Vogels. 2015. Idea: Towards an inverted cloud. In International Symposium on Engineering Secure Software and Systems. Springer, 111--118.

[40]

Raoul Strackx, Frank Piessens, and Bart Preneel. 2010. Efficient Isolation of Trusted Subsystems in Embedded Systems. In Security and Privacy in Communication Networks (SecureComm'10) (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering), Sushil Jajodia and Jianying Zhou (Eds.), Vol. 50. Springer Berlin Heidelberg, 344--361.

[41]

R. Ta-Min, L. Litty, and D. Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th symposium on Operating systems design and implementation (OSDI'06). USENIX Association, Berkeley, CA, USA, 279--292.

Digital Library

[42]

Andrew S Tanenbaum and Albert S Woodhull. 1987. Operating systems: design and implementation. Vol. 2. Prentice-Hall Englewood Cliffs, NJ.

Digital Library

[43]

Chia-Che Tsai, Donald E Porter, and Mona Vij. 2017. Graphene-SGX: A practical library OS for unmodified applications on SGX. In Proceedings of the USENIX Annual Technical Conference (ATC). 8.

Digital Library

[44]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In Proceedings of the 27th USENIX Security Symposium. USENIX Association.

Digital Library

[45]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 36th IEEE Symposium on Security and Privacy. IEEE.

Digital Library

Cited By

Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Lanckriet EBusi MDevriese D(2023)$\pi_{\mathbf{RA}}$: A $\pi\text{-calculus}$ for Verifying Protocols that Use Remote Attestation2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00019(537-551)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00019

Index Terms

Securely deploying distributed computation systems on peer-to-peer networks
1. Security and privacy
  1. Systems security
    1. Distributed systems security
2. Software and its engineering

Recommendations

Securing peer-to-peer media streaming systems from selfish and malicious behavior
MDS '07: Proceedings of the 4th on Middleware doctoral symposium

We present a flexible framework for throttling attackers in peer-to-peer media streaming systems. In such systems, selfish nodes (e.g., free riders) and malicious nodes (e.g., DoS attackers) can overwhelm the system by issuing too many requests in a ...
Denial-of-service resilience in peer-to-peer file sharing systems
SIGMETRICS '05: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems

Peer-to-peer (p2p) file sharing systems are characterized by highly replicated content distributed among nodes with enormous aggregate resources for storage and communication. These properties alone are not sufficient, however, to render p2p networks ...
ReDS: A Framework for Reputation-Enhanced DHTs

Distributed hash tables (DHTs), such as Chord and Kademlia, offer an efficient means to locate resources in peer-to-peer networks. Unfortunately, malicious nodes on a lookup path can easily subvert such queries. Several systems, including Halo (based on ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

April 2019

2682 pages

ISBN:9781450359337

DOI:10.1145/3297280

Conference Chairs:
Chih-Cheng Hung
Kennesaw State University, Marietta, Georgia
,
George A. Papadopoulos
University of Cyprus, Nicosia, Cyprus

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC '19

Sponsor:

SIGAPP

SAC '19: The 34th ACM/SIGAPP Symposium on Applied Computing

April 8 - 12, 2019

Limassol, Cyprus

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
181
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)1

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Lanckriet EBusi MDevriese D(2023)$\pi_{\mathbf{RA}}$: A $\pi\text{-calculus}$ for Verifying Protocols that Use Remote Attestation2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00019(537-551)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00019

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten