Abstract
Distributed transaction processing is a fundamental building block for large-scale data management in the cloud. Given the threats of security violations in untrusted cloud environments, our work focuses on: How to design a distributed transactional KV store that achieves high-performance serializable transactions, while providing strong security properties?We introduce Treaty, a secure distributed transactional KV storage system that supports serializable ACID transactions while guaranteeing strong security properties: confidentiality, integrity, and freshness. Treaty leverages trusted execution environments (TEEs) to bootstrap its security properties, but it extends the trust provided by the limited enclave (volatile) memory region within a single node to build a secure (stateful) distributed transactional KV store over the untrusted storage, network and machines. To achieve this, Treaty embodies a secure two-phase commit protocol co-designed with a high-performance network library for TEEs. Further, Treaty ensures secure and crash-consistent persistency of committed transactions using a stabilization protocol. Our evaluation on a real hardware testbed based on the YCSB and TPC-C benchmarks shows that Treaty incurs reasonable overheads, while achieving strong security properties.
Citation
@inproceedings{ treaty,
author={Giantsidi, Dimitra and Bailleu, Maurice and Crooks, Natacha and Bhatotia, Pramod},
booktitle={2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
title={Treaty: Secure Distributed Transactions},
year={2022},
volume={},
number={},
pages={14-27},
keywords={Protocols;Buildings;Distributed databases;Benchmark testing;Libraries;Hardware;Computer crashes},
doi={10.1109/DSN53405.2022.00015}
}