TY - GEN
T1 - T-Lease
T2 - 11th ACM Symposium on Cloud Computing, SoCC 2020
AU - Trach, Bohdan
AU - Faqeh, Rasha
AU - Oleksenko, Oleksii
AU - Ozga, Wojciech
AU - Bhatotia, Pramod
AU - Fetzer, Christof
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/10/12
Y1 - 2020/10/12
N2 - A lease is an important primitive for building distributed protocols, and it is ubiquitously employed in distributed systems. However, the scope of the classic lease abstraction is restricted to the trusted computing infrastructure. Unfortunately, this important primitive cannot be employed in the untrusted computing infrastructure because the trusted execution environments (TEEs) do not provide a trusted time source. In the untrusted environment, an adversary can easily manipulate the system clock to violate the correctness properties of lease-based systems. We tackle this problem by introducing trusted lease - -a lease that maintains its correctness properties even in the presence of a clock-manipulating attacker. To achieve these properties, we follow a "trust but verify"approach for an untrusted timer, and transform it into a trusted timing primitive by leveraging two hardware-assisted ISA extensions (Intel TSX and SGX) available in commodity CPUs. We provide a design and implementation of trusted lease in a system called T-Lease - -the first trusted lease system that achieves high security, performance, and precision. For the application developers, T-Lease exposes an easy-to-use generic APIs that facilitate its usage to build a wide range of distributed protocols.
AB - A lease is an important primitive for building distributed protocols, and it is ubiquitously employed in distributed systems. However, the scope of the classic lease abstraction is restricted to the trusted computing infrastructure. Unfortunately, this important primitive cannot be employed in the untrusted computing infrastructure because the trusted execution environments (TEEs) do not provide a trusted time source. In the untrusted environment, an adversary can easily manipulate the system clock to violate the correctness properties of lease-based systems. We tackle this problem by introducing trusted lease - -a lease that maintains its correctness properties even in the presence of a clock-manipulating attacker. To achieve these properties, we follow a "trust but verify"approach for an untrusted timer, and transform it into a trusted timing primitive by leveraging two hardware-assisted ISA extensions (Intel TSX and SGX) available in commodity CPUs. We provide a design and implementation of trusted lease in a system called T-Lease - -the first trusted lease system that achieves high security, performance, and precision. For the application developers, T-Lease exposes an easy-to-use generic APIs that facilitate its usage to build a wide range of distributed protocols.
UR - http://www.scopus.com/inward/record.url?scp=85095422241&partnerID=8YFLogxK
U2 - 10.1145/3419111.3421273
DO - 10.1145/3419111.3421273
M3 - Conference contribution
AN - SCOPUS:85095422241
T3 - SoCC 2020 - Proceedings of the 2020 ACM Symposium on Cloud Computing
SP - 387
EP - 400
BT - SoCC 2020 - Proceedings of the 2020 ACM Symposium on Cloud Computing
PB - Association for Computing Machinery, Inc
Y2 - 19 October 2020 through 21 October 2020
ER -