Autonomous Membership Service for Enclave Applications
This addresses the challenge of elasticity and process verification in distributed enclave applications for cloud computing, representing an incremental improvement over existing provisioning models.
The paper tackles the problem of managing distributed enclave applications by proposing an autonomous membership service that allows existing processes to commission and decommission new ones, reducing owner involvement, with experimental results showing an overhead of 5% - 16% compared to vanilla enclave execution.
Trusted Execution Environment, or enclave, promises to protect data confidentiality and execution integrity of an outsourced computation on an untrusted host. Extending the protection to distributed applications that run on physically separated hosts, however, remains non-trivial. For instance, the current enclave provisioning model hinders elasticity of cloud applications. Furthermore, it remains unclear how an enclave process could verify if there exists another concurrently running enclave process instantiated using the same codebase, or count a number of such processes. In this paper, we seek an autonomous membership service for enclave applications. The application owner only needs to partake in instantiating the very first process of the application, whereas all subsequent process commission and decommission will be administered by existing and active processes of that very application. To achieve both safety and liveness, our protocol design admits unjust excommunication of a non-faulty process from the membership group. We implement the proposed membership service in a system called AMES. Our experimental study shows that AMES incurs an overhead of 5% - 16% compared to vanilla enclave execution.