TNIC: A Trusted NIC Architecture
Dimitra Giantsidi, Julian Pritzi, Felix Gust, Antonios Katsarakis, Atsushi Koshiba, Pramod Bhatotia
TL;DR
TNIC presents a three-layer NIC-centric solution to build trustworthy distributed systems in Byzantine cloud environments by moving trust into a minimal, formally verifiable silicon root of trust on SmartNIC hardware. It couples a hardware-attestation kernel and a RoCE protocol kernel with a kernel-bypass network stack and a developer API to enable a generic CFT-to-BFT transformation via transferable authentication and non-equivocation. The approach is formally verified using the Tamarin Prover and demonstrated across four Byzantine-focused systems, achieving substantial latency and throughput gains over CPU-centric TEE baselines. The work offers a practical pathway to scalable, high-performance, trustworthy distributed deployments in heterogeneous cloud settings.
Abstract
We introduce TNIC, a trusted NIC architecture for building trustworthy distributed systems deployed in heterogeneous, untrusted (Byzantine) cloud environments. TNIC builds a minimal, formally verified, silicon root-of-trust at the network interface level. We strive for three primary design goals: (1) a host CPU-agnostic unified security architecture by providing trustworthy network-level isolation; (2) a minimalistic and verifiable TCB based on a silicon root-of-trust by providing two core properties of transferable authentication and non-equivocation; and (3) a hardware-accelerated trustworthy network stack leveraging SmartNICs. Based on the TNIC architecture and associated network stack, we present a generic set of programming APIs and a recipe for building high-performance, trustworthy, distributed systems for Byzantine settings. We formally verify the safety and security properties of our TNIC while demonstrating its use by building four trustworthy distributed systems. Our evaluation of TNIC shows up to 6x performance improvement compared to CPU-centric TEE systems.