PDF
Presentation
Video
Code
Abstract
Distributed systems ubiquitously rely on Crash Fault Tolerance (CFT) replication protocols for performance when (benign) faults occur. Unfortunately, CFT protocols are inadequate for modern untrusted cloud environments, where the underlying cloud infrastructure can be compromised by an adversary and fail in arbitrary ways (Byzantine failures).
Today’s modern hardware, with many core servers, RDMA-capable networks and trusted execution environments, challenges the conventional wisdom on CFT protocol design. In this paper, we explore the synergy between modern hardware and the security and performance of strongly consistent replication protocols. In other words, can we leverage (and how) modern cloud hardware to harden the security properties of a CFT protocol for Byzantine settings while achieving high performance?
To answer the question, we propose Recipe, a generic approach to transform existing CFT protocols to tolerate Byzantine failures in untrusted cloud environments. Recipe leverages the advances in confidential computing and direct network I/O to guarantee non-equivocation and transferable authentication in the presence of Byzantine actors while offering performance and resource overheads on par with CFT protocols. Importantly, Recipe’s APIs are generic and can easily be adapted to existing codebases — we have transformed a range of leader-/leaderless-based CFT protocols enforcing different (e.g., total order/per-key) ordering semantics. Our evaluation based on the transformation of four CFT protocols (Raft, ABD, Chain Replication, and AllConcur) against the state-of-the-art BFT protocols shows that Recipe can increase throughput up to 5.9×—24×, while requiring fewer replicas, i.e., 2𝑓+1 replicas instead of 3𝑓+1 replicas to tolerate 𝑓 faults. Lastly, we provide a correctness analysis for the safety and liveness properties of our transformation of CFT protocols operating in Byzantine settings.