Journal
MIDDLEWARE'19: PROCEEDINGS OF THE 2019 MIDDLEWARE'19: 20TH INTERNATIONAL MIDDLEWARE CONFERENCE
Volume -, Issue -, Pages 14-27Publisher
ASSOC COMPUTING MACHINERY
DOI: 10.1145/3361525.3361533
Keywords
SGX; multi-tenant; security; key-value Cache
Funding
- National Key Research and Development Program of China [2016YFB1000502]
- NSFC [61972245]
Ask authors/readers for more resources
With in-memory key-value caches such as Redis and Memcached being a key component for many systems to improve throughput and reduce latency, cloud caches have been widely adopted for small companies to deploy their own cache systems. However, data security is still a major concern, which affects the adoption of cloud caches. Tenant's data stored in a multi-tenant cloud environment faces threats from both co-located other tenants, as well as the untrusted cloud provider. We proposed EnclaveCache, which is a multi-tenant key-value cache that provides data confidentiality and privacy leveraging Intel Software Guard Extensions (SGX). Enclave-Cache utilizes multiple SGX enclaves to enforce data isolation among co-located tenants. With a carefully designed key distribution procedure, EnclaveCache ensures that a tenant-specific encryption key is securely guarded by an enclave to perform cryptography operations towards tenant's data. Experimental results show that EnclaveCache achieves comparable performance to traditional key-value caches (with secure communication) with a performance overhead of 13% while ensuring security guarantees and better scalability.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available