Abstract
We introduce Avocado, a secure in-memory distributed storage system that provides strong security, fault-tolerance, consistency (linearizability) and performance for untrusted cloud environments. Avocado achieves these properties based on TEEs, which, however, are primarily designed for securing limited physical memory (enclave) within a single-node system. Avocado overcomes this limitation by extending the trust of a secure single-node enclave to the distributed environment over an untrusted network, while ensuring that replicas are kept consistent and fault-tolerant in a malicious environment. To achieve these goals, we design and implement Avocado underpinning on the cross-layer contributions involving the network stack, the replication protocol, scalable trust establishment, and memory management. Avocado is practical: In comparison to BFT, Avocado provides confidentiality with fewer replicas and is significantly faster—4.5× to 65× for YCSB read and write heavy workloads, respectively.
Citation
@article{ avocado,
author = {Maurice Bailleu and Dimitra Giantsidi and Vasilis Gavrielatos and Do Le Quoc and Vijay Nagarajan and Pramod Bhatotia},
title = {Avocado: A Secure {In-Memory} Distributed Storage System},
booktitle = {2021 USENIX Annual Technical Conference (USENIX ATC 21)},
year = {2021},
isbn = {978-1-939133-23-6},
pages = {65--79},
url = {https://www.usenix.org/conference/atc21/presentation/bailleu},
publisher = {USENIX Association},
month = jul
}