Autonomous Membership Service for Enclave Applications

by   Hung Dang, et al.

Trusted Execution Environment, or enclave, promises to protect data confidentiality and execution integrity of an outsourced computation on an untrusted host. Extending the protection to distributed applications that run on physically separated hosts, however, remains non-trivial. For instance, the current enclave provisioning model hinders elasticity of cloud applications. Furthermore, it remains unclear how an enclave process could verify if there exists another concurrently running enclave process instantiated using the same codebase, or count a number of such processes. In this paper, we seek an autonomous membership service for enclave applications. The application owner only needs to partake in instantiating the very first process of the application, whereas all subsequent process commission and decommission will be administered by existing and active processes of that very application. To achieve both safety and liveness, our protocol design admits unjust excommunication of a non-faulty process from the membership group. We implement the proposed membership service in a system called AMES. Our experimental study shows that AMES incurs an overhead of 5 execution.


page 1

page 2

page 3

page 4


GuaranTEE: Introducing Control-Flow Attestation for Trusted Execution Environments

The majority of cloud providers offers users the possibility to deploy T...

Stable and Consistent Membership at Scale with Rapid

We present the design and evaluation of Rapid, a distributed membership ...

ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud

With the proliferation of Trusted Execution Environments (TEEs) such as ...

SDSN@RT: a middleware environment for single-instance multi-tenant cloud applications

With the Single-Instance Multi-Tenancy (SIMT) model for composite Softwa...

Membership Encoding for Deep Learning

Machine learning as a service (MLaaS), and algorithm marketplaces are on...

Practical Verification of MapReduce Computation Integrity via Partial Re-execution

Big data processing is often outsourced to powerful, but untrusted cloud...

Aggregation and Embedding for Group Membership Verification

This paper proposes a group membership verification protocol preventing ...