tr i nc small trusted hardware for large distributed
play

Tr I nc: Small Trusted Hardware for Large Distributed Systems Dave - PowerPoint PPT Presentation

Jan 25, 2023 •367 likes •1.62k views

Tr I nc: Small Trusted Hardware for Large Distributed Systems Dave Levin University of Maryland John R. Douceur Jacob R. Lorch Microsoft Research Thomas Moscibroda Trust in distributed systems Selfish Malicious Participants Participants

  1. Implementing a trusted log in Tr I nc Append(data): Bind new data to the attest(11, , ) end of the log 10 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  2. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log 10 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  3. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  4. Implementing a trusted log in Tr I nc Append(data): Bind new data to the < > 10,11, end of the log 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  5. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, < > 10,11, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  6. Implementing a trusted log in Tr I nc Append(data): Bind new data to the lookup 10 end of the log 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, < > 10,11, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  7. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log lookup 10 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, < > 10,11, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  8. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log lookup 10 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, < > 10,11, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  9. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, < > 10,11, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  10. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, < > 10,11, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  11. Implementing a trusted log in Tr I nc Append(data): Bind new data to the end of the log 10 11 Lookup(sequence num): No equivocating on what is or is not stored < > 3,8, < > 8,9, < > < > 9,10, 9,10, Fast lookups Few hardware accesses < > 10,11, Untrusted storage 13 TrInc – NSDI 2009 Dave Levin

  12. Tr I nc-A2M • Attested Append-only Memory (A2M) • Stores logs in trusted storage • Accesses trusted storage for all methods • A2M shown to solve • Byzantine fault tolerance using fewer nodes • SUNDR file system • Quorum/Update protocol • By construction, Tr I nc solves these systems, too 14 TrInc – NSDI 2009 Dave Levin

  13. What can Tr I nc do? • Trusted append-only logs • Prevent under-reporting in BitTorrent • Reduces communication in PeerReview • BFT with fewer nodes and messages • Ensure fresh data in DHTs • Prevent Sybil attacks 15 TrInc – NSDI 2009 Dave Levin

  14. What can Tr I nc do? • Trusted append-only logs • Prevent under-reporting in BitTorrent • Reduces communication in PeerReview • BFT with fewer nodes and messages • Ensure fresh data in DHTs • Prevent Sybil attacks 15 TrInc – NSDI 2009 Dave Levin

  15. BitTorrent primer 16 TrInc – NSDI 2009 Dave Levin

  16. BitTorrent primer File pieces Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  17. BitTorrent primer 1 1 0 1 1 0 File pieces Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  18. BitTorrent primer Does not have piece 2 1 1 0 1 1 0 File pieces Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  19. BitTorrent primer 1 1 0 1 1 0 File pieces Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  20. BitTorrent primer 1 1 0 1 1 0 File pieces 1 0 1 1 0 1 Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  21. BitTorrent primer 1 1 0 1 0 1 File pieces 1 1 0 1 0 1 Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  22. BitTorrent primer 1 1 0 1 1 0 1 0 1 1 0 1 Interested File pieces 1 1 0 1 0 1 Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  23. BitTorrent primer 1 1 0 1 1 0 1 0 1 1 0 1 Interested File pieces 1 1 0 1 1 0 Interested 1 0 1 1 0 1 Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  24. BitTorrent primer 1 1 0 1 1 0 1 0 1 1 0 1 Interested File pieces 1 1 0 1 1 0 Interested 1 0 1 1 0 1 Fast, users share the work 16 TrInc – NSDI 2009 Dave Levin

  25. Piece under-reporting is equivocation [SIGCOMM’08] Yields prolonged interest from others and faster download times 17 TrInc – NSDI 2009 Dave Levin

  26. Piece under-reporting is equivocation 17 TrInc – NSDI 2009 Dave Levin

  27. Piece under-reporting is equivocation 17 TrInc – NSDI 2009 Dave Levin

  28. Piece under-reporting is equivocation Ack 17 TrInc – NSDI 2009 Dave Levin

  29. Piece under-reporting is equivocation Ack 17 TrInc – NSDI 2009 Dave Levin

  30. Piece under-reporting is equivocation I received 17 TrInc – NSDI 2009 Dave Levin

  31. Piece under-reporting is equivocation I never received I received 17 TrInc – NSDI 2009 Dave Levin

  32. Applying TrInc • What does the counter represent? • The number of pieces received • To what do peers attest? • Their bitfield • The most recent piece received • When do peers attest? • When they receive • When they sync their counters 18 TrInc – NSDI 2009 Dave Levin

  33. Tr I nc-BitTorrent 19 TrInc – NSDI 2009 Dave Levin

  34. Tr I nc-BitTorrent 19 TrInc – NSDI 2009 Dave Levin

  35. Tr I nc-BitTorrent I have and most recently received 1 19 TrInc – NSDI 2009 Dave Levin

  36. Tr I nc-BitTorrent I have and most recently received 1 I have and most recently received 2 I have and most recently received 3 19 TrInc – NSDI 2009 Dave Levin

  37. Tr I nc-BitTorrent I have and most recently received 1 I have and most recently received 2 I have and most recently received 3  Counter matches the bitfield size 19 TrInc – NSDI 2009 Dave Levin

  38. Tr I nc-BitTorrent I have and most recently received 1 I have and most recently received 2 I have and most recently received 3  Counter matches the bitfield size 19 TrInc – NSDI 2009 Dave Levin

  39. Tr I nc-BitTorrent I have and most recently received 1 I have and most recently received 2 I have and most recently received 3  Counter matches the bitfield size  Attests to most recent piece 19 TrInc – NSDI 2009 Dave Levin

  40. Tr I nc-BitTorrent I have and most recently received 1 I have and most recently received 2 I have and most recently received 3  Counter matches the bitfield size  Attests to most recent piece 19 TrInc – NSDI 2009 Dave Levin

  41. Why attest to the latest piece? 20 TrInc – NSDI 2009 Dave Levin

  42. Why attest to the latest piece? 20 TrInc – NSDI 2009 Dave Levin

  43. Why attest to the latest piece? I have 1 20 TrInc – NSDI 2009 Dave Levin

  44. Why attest to the latest piece? I have 1 20 TrInc – NSDI 2009 Dave Levin

  45. Why attest to the latest piece? I have 1 20 TrInc – NSDI 2009 Dave Levin

  46. Why attest to the latest piece? I have 1 I have 2 I have 2 20 TrInc – NSDI 2009 Dave Levin

  47. Why attest to the latest piece? Looks good I have 1 to me Looks good I have 2 to me Looks good I have 2 to me 20 TrInc – NSDI 2009 Dave Levin

  48. Why attest to the latest piece? Looks good I have 1 to me Looks good I have 2 to me Looks good I have 2 to me 20 TrInc – NSDI 2009 Dave Levin

  49. Why attest to the latest piece? Looks good I have 1 to me Looks good I have 2 to me Looks good I have 2 to me Lesson: Without the full log, must ensure proper behavior at each step 20 TrInc – NSDI 2009 Dave Levin

  50. Macrobenchmarks • TrInc-BitTorrent • Solves piece under-reporting • TrInc-A2M • Reduces hardware requirements • Higher throughput • TrInc-PeerReview • Reduces the communication necessary to achieve fault detection 21 TrInc – NSDI 2009 Dave Levin

  51. Contributions 1 Tr I nc – A new, practical primitive for eliminating equivocation 2 2 Applications of Tr I nc 3 Implementation in currently available hardware 22 TrInc – NSDI 2009 Dave Levin

  52. Contributions 1 Tr I nc – A new, practical primitive for eliminating equivocation 2 Applications of Tr I nc 3 3 Implementation in currently available hardware 22 TrInc – NSDI 2009 Dave Levin

  53. Implementation • Gemalto .NET Smartcard • Crypto unit (RSA & 3-DES) • 32-bit micro-controller • 80 KB persistent memory • A few dozen lines of C# • Case studies • TrInc-A2M • TrInc-PeerReview • TrInc-BitTorrent 23 TrInc – NSDI 2009 Dave Levin

  54. Tr I nc microbenchmarks 250 Operation time (msec) 200 150 100 50 0 noop Asym Attest Asym Attest Symm attest Symm Attest Verify (advance) (status) (advance) (status) 24 TrInc – NSDI 2009 Dave Levin

  55. Tr I nc microbenchmarks 250 Operation time (msec) 200 150 100 50 0 noop Asym Attest Asym Attest Symm attest Symm Attest Verify (advance) (status) (advance) (status) 24 TrInc – NSDI 2009 Dave Levin

  56. Tr I nc microbenchmarks 32 msec to write a counter 250 Operation time (msec) 200 150 100 50 0 noop Asym Attest Asym Attest Symm attest Symm Attest Verify (advance) (status) (advance) (status) 24 TrInc – NSDI 2009 Dave Levin

  57. Tr I nc microbenchmarks 32 msec to write a counter 250 Operation time (msec) 200 Only 2x 150 100 50 0 noop Asym Attest Asym Attest Symm attest Symm Attest Verify (advance) (status) (advance) (status) 24 TrInc – NSDI 2009 Dave Levin

  58. Why so slow? • Fundamentally new application of trusted hardware • Typically used for bootstrapping • Tr I nc makes it intrinsic to the protocol • It can be faster • There just has not been the call for it prior to Tr I nc 25 TrInc – NSDI 2009 Dave Levin

Recommend

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model Cloud Storage Requirements Privacy

1.11k views • 55 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

707 views • 45 slides
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklins 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have trusted hardware?

315 views • 27 slides
&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) &amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating scenarios 1. Outsourced ML Data

781 views • 21 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware F LORIAN T RAMR &amp; D AN B ONEH ICLR, New Orleans May 7 th 2019 2 Securely outsourcing ML inference with hardware isolation - Intel SGX input X -

554 views • 10 slides
Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N.

Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N.

Protecting Password Databases using Trusted Hardware Klaudia Krawiecka, Andrew Paverd, N. Asokan Aalto University, Finland This work was supported by the Cloud Security Services (CloSer) project funded by Tekes - the Finnish Funding

351 views • 20 slides
Practical Applications of Client-Side Trusted Computing David Goltzsche, 2018-04-23 3rd year PhD

Practical Applications of Client-Side Trusted Computing David Goltzsche, 2018-04-23 3rd year PhD

Practical Applications of Client-Side Trusted Computing David Goltzsche, 2018-04-23 3rd year PhD student at distributed systems group, TU Braunschweig, Germany Research area: trusted execution, distributed systems Advisor: Rdiger Kapitza

939 views • 12 slides
Motivation Large-scale distributed systems becoming more common multiple datacenters, cloud

Motivation Large-scale distributed systems becoming more common multiple datacenters, cloud

Census: Location-Aware Membership Management for Large-Scale Distributed Systems James Cowling Dan R. K. Ports Barbara Liskov Raluca Ada Popa Abhijeet Gaikwad* MIT CSAIL *cole Centrale Paris Motivation Large-scale distributed systems

606 views • 48 slides
Efficient and Fair MPC using Blockchain and Trusted Hardware Souradyuti Paul Ananya Shrivastava

Efficient and Fair MPC using Blockchain and Trusted Hardware Souradyuti Paul Ananya Shrivastava

Efficient and Fair MPC using Blockchain and Trusted Hardware Souradyuti Paul Ananya Shrivastava (IIT Bhilai) (IIT Gandhinagar) Latincrypt 2019 Santiago, Chile October 3, 2019 Outline Multiparty Computation (MPC) Security

613 views • 22 slides
Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck 1st RISE Annual Conference, November 14, 2018 A primer on software security Secure program:

952 views • 79 slides
Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada, KTH Pointsec Mobile Technologies TPM Introduction Microcontroller affixed to the motherboard. Cryptographic functions like key storage

834 views • 35 slides
Divide And Conquer Small And Large Instance Small instance. Sort a list that has n &lt;=

Divide And Conquer Small And Large Instance Small instance. Sort a list that has n &lt;=

Divide And Conquer Small And Large Instance Small instance. Sort a list that has n &lt;= 10 elements. Find the minimum of n &lt;= 2 elements. Distinguish between small and large instances. Large instance. Small instances

86 views • 6 slides
Divide And Conquer Small And Large Instance Small instance. Sort a list that has n &lt;=

Divide And Conquer Small And Large Instance Small instance. Sort a list that has n &lt;=

Divide And Conquer Small And Large Instance Small instance. Sort a list that has n &lt;= 10 elements. Find the minimum of n &lt;= 2 elements. Distinguish between small and large instances. Large instance. Small instances

243 views • 9 slides
Large XML on Small Devices: Large XML on Small Devices: Techniques Developed Techniques

Large XML on Small Devices: Large XML on Small Devices: Techniques Developed Techniques

Large XML on Small Devices: Large XML on Small Devices: Techniques Developed Techniques Developed in the Fuego Core Project in the Fuego Core Project Helsinki-Rutgers Ph.D. Workshop 2007 Tancred Lindholm, Jaakko Kangasharju

280 views • 27 slides
Ensuring Compliance With Small Business Set-aside Requirements: Lessons For Small and Large

Ensuring Compliance With Small Business Set-aside Requirements: Lessons For Small and Large

Ensuring Compliance With Small Business Set-aside Requirements: Lessons For Small and Large Businesses June 7, 2011 Presented by Dismas Locaria Venable, LLP Lynne Gummo SC&amp;H Group, LLC Phone: (410) 403-1500 Toll Free: (800)

467 views • 21 slides
Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for

Hardware Enclaves &amp; In Intel SGX CS261 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms 2 Hardware Enclaves HW abstractions for distributing trusted execution to untrusted platforms

1.06k views • 18 slides
Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken

Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken

Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken wiss. Gesamtprojektleiter bmb+f Projekt Verisoft www.verisoft.de You all know how to design hardware... Hardware verification is the process

472 views • 44 slides
RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me

RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me

RustZone: Writing Trusted Applications in Rust Eric Evenchick Black Hat Asia 2018 About Me Principal Research Consultant @ Atredis Partners Founder, Developer of Open Source Hardware Things @ Linklayer Labs Outline Trusted

847 views • 30 slides
| | | 4 x i 1 x i +1 x i large seeds small seeds

| | | 4 x i 1 x i +1 x i large seeds small seeds

Chapter 10: Competition in large communities d d | | | 4 x i 1 x i +1 x i large seeds small seeds Niche space model 2 2 e [ x d ]2 e x 2 R d x 2 2 2 2 e

425 views • 11 slides
The Rise of Distributed Systems Computer hardware prices falling, power increasing If cars

The Rise of Distributed Systems Computer hardware prices falling, power increasing If cars

2/19/2016 The Rise of Distributed Systems Computer hardware prices falling, power increasing If cars did same, Rolls Royce would cost 1 dollar and get 1 billion miles per gallon (with 200 page manual to open door) Distributed Computing

395 views • 8 slides
STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico

STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico

STAN Current State and Future Work Scalable Hardware-Aided Trusted Data Management Nico Weichbrodt, 2019-09-03/04 Moving Databases to the Cloud Everyone moves to the cloud Higher scalability and availability But: no trust in the cloud

502 views • 15 slides
Extra Small 900 1120 Small 1238 1739 Medium 1770 2418 Large 3100 3998 Extra Large 4546

Extra Small 900 1120 Small 1238 1739 Medium 1770 2418 Large 3100 3998 Extra Large 4546

Extra Small 900 1120 Small 1238 1739 Medium 1770 2418 Large 3100 3998 Extra Large 4546 7070 Sweden Finland Canada UK Netherlands

429 views • 29 slides
A Simple and Small Distributed File System Based on article TidyFS: A Simple and Small

A Simple and Small Distributed File System Based on article TidyFS: A Simple and Small

A Simple and Small Distributed File System Based on article TidyFS: A Simple and Small Distriburted File System by Dennis Fetterly, Maya Haridasan, Michael Isard, Swaminathan Sundararaman. 1. Parallel computations on clusters 2. Shared

373 views • 21 slides

More recommend