Explore a cutting-edge secure storage system called Speicher in this 21-minute conference talk from FAST '19. Dive into the innovative approach of using shielded execution and Intel SGX to provide strong confidentiality, integrity, and data freshness guarantees for LSM-based Key-Value stores. Learn how Speicher extends trust beyond secure SGX enclave memory to protect data on untrusted storage media, even during system crashes, reboots, or migrations. Discover the design of an authenticated and confidentiality-preserving LSM data structure, the implementation of asynchronous trusted counters for data freshness, and the development of a direct I/O library to overcome SGX enclave I/O bottlenecks. Gain insights into Speicher's performance evaluation using the RocksDB benchmark and understand how it achieves a balance between strong security guarantees and maintaining a small trusted computing base.
Overview
Syllabus
FAST '19 - SPEICHER: Securing LSM-based Key-Value Stores using Shielded Execution
Taught by
USENIX