EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX

Lixia Chen; Jian Li; Ruhui Ma; Haibing Guan; Hans Arno Jacobsen

doi:10.1145/3361525.3361533

EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX

Lixia Chen, Jian Li, Ruhui Ma, Haibing Guan, Hans Arno Jacobsen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

16 Scopus citations

Abstract

With in-memory key-value caches such as Redis and Memcached being a key component for many systems to improve throughput and reduce latency, cloud caches have been widely adopted for small companies to deploy their own cache systems. However, data security is still a major concern, which affects the adoption of cloud caches. Tenant’s data stored in a multi-tenant cloud environment faces threats from both co-located other tenants, as well as the untrusted cloud provider. We proposed EnclaveCache, which is a multi-tenant key-value cache that provides data confidentiality and privacy leveraging Intel Software Guard Extensions (SGX). EnclaveCache utilizes multiple SGX enclaves to enforce data isolation among co-located tenants. With a carefully designed key distribution procedure, EnclaveCache ensures that a tenant-specific encryption key is securely guarded by an enclave to perform cryptography operations towards tenant’s data. Experimental results show that EnclaveCache achieves comparable performance to traditional key-value caches (with secure communication) with a performance overhead of 13% while ensuring security guarantees and better scalability.

Original language	English
Title of host publication	Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference
Publisher	Association for Computing Machinery, Inc
Pages	14-27
Number of pages	14
ISBN (Electronic)	9781450370097
DOIs	https://doi.org/10.1145/3361525.3361533
State	Published - 9 Dec 2019
Externally published	Yes
Event	20th ACM/IFIP/USENIX Middleware Conference, Middleware 2019 - Davis, United States Duration: 9 Dec 2019 → 13 Dec 2019

Publication series

Name	Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference

Conference

Conference	20th ACM/IFIP/USENIX Middleware Conference, Middleware 2019
Country/Territory	United States
City	Davis
Period	9/12/19 → 13/12/19

Keywords

Key-value Cache
Multi-tenant
SGX
Security

Access to Document

10.1145/3361525.3361533

Cite this

Chen, L., Li, J., Ma, R., Guan, H., & Jacobsen, H. A. (2019). EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX. In Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference (pp. 14-27). (Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference). Association for Computing Machinery, Inc. https://doi.org/10.1145/3361525.3361533

@inproceedings{bc5d1560300e4bb99452ad3b89db73aa,

title = "EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX",

abstract = "With in-memory key-value caches such as Redis and Memcached being a key component for many systems to improve throughput and reduce latency, cloud caches have been widely adopted for small companies to deploy their own cache systems. However, data security is still a major concern, which affects the adoption of cloud caches. Tenant{\textquoteright}s data stored in a multi-tenant cloud environment faces threats from both co-located other tenants, as well as the untrusted cloud provider. We proposed EnclaveCache, which is a multi-tenant key-value cache that provides data confidentiality and privacy leveraging Intel Software Guard Extensions (SGX). EnclaveCache utilizes multiple SGX enclaves to enforce data isolation among co-located tenants. With a carefully designed key distribution procedure, EnclaveCache ensures that a tenant-specific encryption key is securely guarded by an enclave to perform cryptography operations towards tenant{\textquoteright}s data. Experimental results show that EnclaveCache achieves comparable performance to traditional key-value caches (with secure communication) with a performance overhead of 13% while ensuring security guarantees and better scalability.",

keywords = "Key-value Cache, Multi-tenant, SGX, Security",

author = "Lixia Chen and Jian Li and Ruhui Ma and Haibing Guan and Jacobsen, {Hans Arno}",

note = "Publisher Copyright: {\textcopyright} 2019 Association for Computing Machinery.; 20th ACM/IFIP/USENIX Middleware Conference, Middleware 2019 ; Conference date: 09-12-2019 Through 13-12-2019",

year = "2019",

month = dec,

day = "9",

doi = "10.1145/3361525.3361533",

language = "English",

series = "Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference",

publisher = "Association for Computing Machinery, Inc",

pages = "14--27",

booktitle = "Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference",

}

Chen, L, Li, J, Ma, R, Guan, H & Jacobsen, HA 2019, EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX. in Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference. Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference, Association for Computing Machinery, Inc, pp. 14-27, 20th ACM/IFIP/USENIX Middleware Conference, Middleware 2019, Davis, United States, 9/12/19. https://doi.org/10.1145/3361525.3361533

EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX. / Chen, Lixia; Li, Jian; Ma, Ruhui et al.
Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference. Association for Computing Machinery, Inc, 2019. p. 14-27 (Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - EnclaveCache

T2 - 20th ACM/IFIP/USENIX Middleware Conference, Middleware 2019

AU - Chen, Lixia

AU - Li, Jian

AU - Ma, Ruhui

AU - Guan, Haibing

AU - Jacobsen, Hans Arno

PY - 2019/12/9

Y1 - 2019/12/9

N2 - With in-memory key-value caches such as Redis and Memcached being a key component for many systems to improve throughput and reduce latency, cloud caches have been widely adopted for small companies to deploy their own cache systems. However, data security is still a major concern, which affects the adoption of cloud caches. Tenant’s data stored in a multi-tenant cloud environment faces threats from both co-located other tenants, as well as the untrusted cloud provider. We proposed EnclaveCache, which is a multi-tenant key-value cache that provides data confidentiality and privacy leveraging Intel Software Guard Extensions (SGX). EnclaveCache utilizes multiple SGX enclaves to enforce data isolation among co-located tenants. With a carefully designed key distribution procedure, EnclaveCache ensures that a tenant-specific encryption key is securely guarded by an enclave to perform cryptography operations towards tenant’s data. Experimental results show that EnclaveCache achieves comparable performance to traditional key-value caches (with secure communication) with a performance overhead of 13% while ensuring security guarantees and better scalability.

AB - With in-memory key-value caches such as Redis and Memcached being a key component for many systems to improve throughput and reduce latency, cloud caches have been widely adopted for small companies to deploy their own cache systems. However, data security is still a major concern, which affects the adoption of cloud caches. Tenant’s data stored in a multi-tenant cloud environment faces threats from both co-located other tenants, as well as the untrusted cloud provider. We proposed EnclaveCache, which is a multi-tenant key-value cache that provides data confidentiality and privacy leveraging Intel Software Guard Extensions (SGX). EnclaveCache utilizes multiple SGX enclaves to enforce data isolation among co-located tenants. With a carefully designed key distribution procedure, EnclaveCache ensures that a tenant-specific encryption key is securely guarded by an enclave to perform cryptography operations towards tenant’s data. Experimental results show that EnclaveCache achieves comparable performance to traditional key-value caches (with secure communication) with a performance overhead of 13% while ensuring security guarantees and better scalability.

KW - Key-value Cache

KW - Multi-tenant

KW - SGX

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85077975507&partnerID=8YFLogxK

U2 - 10.1145/3361525.3361533

DO - 10.1145/3361525.3361533

M3 - Conference contribution

AN - SCOPUS:85077975507

T3 - Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference

SP - 14

EP - 27

BT - Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference

PB - Association for Computing Machinery, Inc

Y2 - 9 December 2019 through 13 December 2019

ER -

Chen L, Li J, Ma R, Guan H, Jacobsen HA. EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX. In Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference. Association for Computing Machinery, Inc. 2019. p. 14-27. (Middleware 2019 - Proceedings of the 2019 20th International Middleware Conference). doi: 10.1145/3361525.3361533

EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this