Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Securing Cloud File Systems with Trusted Execution

Quinn Burke, Yohan Beugin, Blaine Hoak, Rachel King, Eric Pauley, Ryan Sheatsley, Mingli Yu, Ting He, Thomas La Porta, Patrick McDaniel

TL;DR

This paper introduces <monospace>BFS, a cloud file system that leverages the security capabilities provided by TEEs to bootstrap new security protocols that deliver strong security guarantees, high-performance, and a transparent POSIX-like interface to clients.

Abstract

Cloud file systems offer organizations a scalable and reliable file storage solution. However, cloud file systems have become prime targets for adversaries, and traditional designs are not equipped to protect organizations against the myriad of attacks that may be initiated by a malicious cloud provider, co-tenant, or end-client. Recently proposed designs leveraging cryptographic techniques and trusted execution environments (TEEs) still force organizations to make undesirable trade-offs, consequently leading to either security, functional, or performance limitations. In this paper, we introduce BFS, a cloud file system that leverages the security capabilities provided by TEEs to bootstrap new security protocols that deliver strong security guarantees, high-performance, and a transparent POSIX-like interface to clients. BFS delivers stronger security guarantees and up to a 2.5X speedup over a state-of-the-art secure file system. Moreover, compared to the industry standard NFS, BFS achieves up to 2.2X speedups across micro-benchmarks and incurs <1X overhead for most macro-benchmark workloads. BFS demonstrates a holistic cloud file system design that does not sacrifice an organizations' security yet can embrace all of the functional and performance advantages of outsourcing.

Securing Cloud File Systems with Trusted Execution

TL;DR

This paper introduces <monospace>BFS, a cloud file system that leverages the security capabilities provided by TEEs to bootstrap new security protocols that deliver strong security guarantees, high-performance, and a transparent POSIX-like interface to clients.

Abstract

Cloud file systems offer organizations a scalable and reliable file storage solution. However, cloud file systems have become prime targets for adversaries, and traditional designs are not equipped to protect organizations against the myriad of attacks that may be initiated by a malicious cloud provider, co-tenant, or end-client. Recently proposed designs leveraging cryptographic techniques and trusted execution environments (TEEs) still force organizations to make undesirable trade-offs, consequently leading to either security, functional, or performance limitations. In this paper, we introduce BFS, a cloud file system that leverages the security capabilities provided by TEEs to bootstrap new security protocols that deliver strong security guarantees, high-performance, and a transparent POSIX-like interface to clients. BFS delivers stronger security guarantees and up to a 2.5X speedup over a state-of-the-art secure file system. Moreover, compared to the industry standard NFS, BFS achieves up to 2.2X speedups across micro-benchmarks and incurs <1X overhead for most macro-benchmark workloads. BFS demonstrates a holistic cloud file system design that does not sacrifice an organizations' security yet can embrace all of the functional and performance advantages of outsourcing.
Paper Structure (29 sections, 11 figures)

This paper contains 29 sections, 11 figures.

Table of Contents

  1. Introduction
  2. Background
  3. Cloud File Systems
  4. Trusted Execution Environments
  5. Security Model
  6. Design Challenges
  7. BFS Design
  8. Isolating Data and Metadata
  9. Trusted File System Core
  10. Secure I/O Channels
  11. Partitioned Block Layer
  12. Balancing Security and Performance
  13. Providing Shielding Support
  14. Authenticated Dispatch
  15. Shielded Block Layer
  16. ...and 14 more sections

Figures (11)

  • Figure 1: System components and workflow. ➊ Clients perform file I/O by having the ➋ untrusted host proxy RPC messages to the ➌ BFS server and ➍ storage nodes.
  • Figure 2: BFS design. Clients request ➊ file-level I/O by communicating with the BFS server through an RPC interface. The BFS server handles the client requests by ➋ updating the file system data structures within the TEE. The BFS server coordinates with the untrusted host to store and retrieve the underlying ➌ blocks on storage nodes through a ➍ block RPC interface.
  • Figure 3: This message format captures the intuition behind our secure protocols for isolating file data and metadata.
  • Figure 4: By authenticating RPC opcodes, using a tailored MAC construction and Merkle tree, and guarding control transfer, BFS shields against host-interface attacks.
  • Figure 5: BFS security protocols. $C$, $T$, and $S$ represent the client, BFS server, and storage node. Sequence numbers are denoted by $s$.
  • ...and 6 more figures