Enclave-guarded Raft on Byzantine Faulty Nodes

王伟力

WANG Weili

12032870

硕士

0809 电子科学与技术

08 工学

张殷乾

计算机科学与工程系

2023-05-13

2023-06-29

南方科技大学

深圳

    Ubiquitous consensus algorithms play a fundamental role in distributed systems---they serve as the building block of countless distributed applications, such as replicated state machines, blockchains, and distributed databases. Per different fault tolerance requirements, consensus algorithms can be classified into crash fault-tolerant (CFT) and Byzantine fault-tolerant (BFT) protocols. CFT protocols are widely used in practice, but they are vulnerable to malicious attacks. BFT protocols, on the other hand, are more secure, but they are more complex and less efficient due to the extra defense mechanism. How to design a secure consensus protocol with high performance is still an open research problem.

    This thesis presents a critical analysis of building highly secure, performant, and confidential BFT consensus by integrating off-the-shelf CFT protocols with trusted execution environments (TEEs). TEEs, like Intel Software Guard eXtensions (SGX), are CPU extensions that offer applications a secure execution environment with strong integrity and confidentiality guarantees, by leveraging techniques like hardware-assisted isolation, memory encryption, and remote attestation. It has been speculated that when implementing a CFT protocol inside Intel SGX, one would achieve security properties similar to BFT. However, we show in this thesis that simply combining CFT with SGX does not directly yield a secure BFT protocol, given the wide range of attack vectors on SGX. We systematically study the fallacies in such a strawman design and propose solutions to enforce safety and liveness. We also present ENGRAFT (ENclave-Guarded Raft), a secure enclave-guarded Raft implementation that, firstly, achieves consensus on a cluster of 2f+1 machines tolerating up to f nodes exhibiting Byzantine-fault behavior (but well-behaved enclaves); and secondly, allows the reuse of a production-quality Raft implementation, BRaft, in the development of a highly performant BFT system.

        无处不在的共识算法在分布式系统中扮演着基础性的角色——它们是无数分布式应用程序（如复制状态机、区块链和分布式数据库）的构建基础。根据不同的容错要求，共识算法可以进一步细分为崩溃容错协议和拜占庭容错协议。在生产实践上，崩溃容错协议已被广泛使用，但它们易受到恶意攻击；拜占庭容错协议引入了额外的防御机制来容忍任意错误的发生，因此它们更复杂、效率也更低。如何设计一个高性能且安全的共识协议仍然是一个开放性研究问题。

        本文重点分析了如何将现有的崩溃容错协议与可信执行环境相结合，构建高安全、高性能和机密的拜占庭容错系统。可信执行环境（如英特尔SGX技术）通过利用硬件隔离、内存加密和远程证明等技术，为应用程序提供具有完整性和机密性保证的执行环境。通常认为，在SGX内部实现一个崩溃容错协议能实现拜占庭容错。然而，本文工作表明，由于SGX的攻击向量范围广泛，简单地将崩溃容错协议与SGX结合并不能直接产生安全的拜占庭容错协议。在系统性地分析SGX和崩溃容错协议的结合所存在的安全及活性问题后，我们针对性地提出了加强安全性和活性的解决方案。同时，我们提出了一个基于可信执行环境的拜占庭容错系统——ENGRAFT，这是一个安全的，由可信执行环境保护的Raft协议实现。首先，它在一个由2f+1台机器组成的集群上可以容忍f个拜占庭节点；其次，它允许在开发高性能拜占庭容错系统时重用高质量的Raft实现——BRaft。

Consensus Algorithms Trusted Execution Environments Byzantine Fault Tolerance Distributed Systems

共识算法 可信执行环境 拜占庭容错 分布式系统

英语

独立培养

2020

2023-06

[1] SCHNEIDER F B. Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial[J/OL]. ACM Computing Surveys (CSUR), 1990, 22(4): 299–319. DOI: 10.1145/ 98163.98167.
[2] CASTRO M, LISKOV B. Practical Byzantine Fault Tolerance[C/OL]//3rd Symposium on Op- erating Systems Design and Implementation (OSDI 99). New Orleans, LA: USENIX Associa- tion, 1999. https://www.usenix.org/conference/osdi-99/practical-byzantine-fault-tolerance.
[3] LAMPORT L. The Part-Time Parliament[J/OL]. ACM Transactions on Computer Systems (TOCS), 1998, 16(2): 133–169. DOI: 10.1145/279227.279229.
[4] ONGARO D, OUSTERHOUT J. In Search of an Understandable Consensus Algorithm[C]// 2014 USENIX Annual Technical Conference (USENIX ATC 14). 2014: 305-319.
[5] BAILLEU M, GIANTSIDI D, GAVRIELATOS V, et al. Avocado: A Secure In-Memory Dis- tributed Storage System[C]//2021 USENIX Annual Technical Conference (USENIX ATC 21). 2021: 65-79.
[6] Signal Secure Value Recovery[EB/OL]. https://signal.org/blog/secure-value-recovery.
[7] GAO M, DANG H, CHANG E C. TEEKAP: Self-Expiring Data Capsule Using Trusted Execution Environment[C/OL]//ACSAC ’21: Annual Computer Security Applications Con- ference. New York, NY, USA: Association for Computing Machinery, 2021: 235–247.https://doi.org/10.1145/3485832.3485919.
[8] RUSSINOVICH M, ASHTON E, AVANESSIANS C, et al. CCF: A Framework for BuildingConfidential Verifiable Replicated Services[Z]. 17.
[9] JANGID M K, CHEN G, ZHANG Y, et al. Towards Formal Verification of State Continuity forEnclave Programs[C/OL]//30th USENIX Security Symposium. USENIX Association, 2021:573-590. https://www.usenix.org/conference/usenixsecurity21/presentation/jangid.
[10] SCHWARZ M, LIPP M, MOGHIMI D, et al. ZombieLoad: Cross-Privilege-Boundary Data Sampling[C/OL]//CCS ’19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: Association for Computing Machinery,2019: 753–768. https://doi.org/10.1145/3319535.3354252.
[11] VAN SCHAIK S, MILBURN A, ÖSTERLUND S, et al. RIDL: Rogue In-Flight Data Load[C]//2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019: 88-105.
[12] CHEN G, CHEN S, XIAO Y, et al. SGXPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution[C/OL]//2019 IEEE European Symposium on Security and Privacy(EuroS P). 2019: 142-157. DOI: 10.1109/EuroSP.2019.00020.
[13] Intel Software Security Guidance[EB/OL]. https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/overview.html.
[14] MATETIC S, AHMED M, KOSTIAINEN K, et al. ROTE: Rollback Protection for TrustedExecution[C]//26th USENIX Security Symposium (USENIX Security 17). 2017: 1289-1306.
[15] BRaft[EB/OL]. https://github.com/baidu/braft.
[16] Intel Product Specifications[EB/OL]. https://ark.intel.com/content/www/us/en/ark/search/fea turefilter.html.
[17] The Support of Trustworthy Monotonic Counters on SGX Platforms[EB/OL]. https://www.in tel.com/content/www/us/en/support/articles/000057968/software/intel-security-products.html.
[18] STRACKX R, PIESSENS F. Ariadne: A Minimal Approach to State Continuity[C/OL]//25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016: 875-892. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/pres entation/strackx.
[19] DECOUCHANT J, KOZHAYA D, RAHLI V, et al. DAMYSUS: Streamlined BFT Consensus Leveraging Trusted Components[C/OL]//EuroSys ’22: Proceedings of the Seventeenth Euro- pean Conference on Computer Systems. New York, NY, USA: Association for Computing Machinery, 2022: 1–16. https://doi.org/10.1145/3492321.3519568.
[20] LAMPORT L. Paxos Made Simple[J]. ACM SIGACT News (Distributed Computing Column), 2001: 51-58.
[21] TiKV[EB/OL]. https://tikv.org.
[22] ONGARO D. Consensus: Bridging Theory and Practice[M]. Stanford University, 2014.
[23] LAMPORT L, SHOSTAK R, PEASE M. The Byzantine Generals Problem[J]. ACM Transac- tions on Programming Languages and Systems, 1982: 382-401.
[24] HOEKSTRA M, LAL R, PAPPACHAN P, et al. Using Innovative Instructions to Create Trust- worthy Software Solutions[C]//HASP ’13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. New York, NY, USA, 2013.
[25] MOGHIMI A, IRAZOQUI G, EISENBARTH T. Cachezoom: How SGX Amplifies the Power of Cache Attacks[C]//Cryptographic Hardware and Embedded Systems–CHES 2017: 19th In- ternational Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings. Springer, 2017: 69-90.
[26] XU Y, CUI W, PEINADO M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems[C]//2015 IEEE Symposium on Security and Privacy. IEEE, 2015: 640-656.
[27] SCHUSTER F, COSTA M, FOURNET C, et al. VC3: Trustworthy Data Analytics in the Cloud Using SGX[C]//2015 IEEE Symposium on Security and Privacy. IEEE, 2015: 38-54.
[28] BRENNER S, WULF C, GOLTZSCHE D, et al. SecureKeeper: Confidential ZooKeeper Using Intel SGX[C/OL]//Proceedings of the 17th International Middleware Conference. Trento Italy: ACM, 2016: 1-13. DOI: 10.1145/2988336.2988350.
[29] PRIEBE C, VASWANI K, COSTA M. EnclaveDB: A Secure Database Using SGX[C]//2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018: 264-278.
[30] KIM S, HAN J, HA J, et al. Enhancing Security and Privacy of Tor’s Ecosystem by Using Trusted Execution Environments[C/OL]//14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17). Boston, MA: USENIX Association, 2017: 145-161. https://www.usenix.org/conference/nsdi17/technical-sessions/presentation/kim-seongmin.
[31] PODDAR R, LAN C, POPA R A, et al. SafeBricks: Shielding Network Functions in the Cloud [C/OL]//15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18). Renton, WA: USENIX Association, 2018: 201-216. https://www.usenix.org/conference/ nsdi18/presentation/poddar.
[32] DUAN H, WANG C, YUAN X, et al. LightBox: Full-Stack Protected Stateful Middlebox at Lightning Speed[C/OL]//CCS ’19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: Association for Computing Machinery, 2019: 2351–2367. https://doi.org/10.1145/3319535.3339814.
[33] ZHENG W, DAVE A, BEEKMAN J G, et al. Opaque: An Oblivious and Encrypted Distributed Analytics Platform[C]//14th USENIX Symposium on Networked Systems Design and Imple- mentation (NSDI 17). 2017: 283-298.
[34] KIM T, PARK J, WOO J, et al. ShieldStore: Shielded In-Memory Key-Value Storage with SGX [C]//Proceedings of the Fourteenth EuroSys Conference 2019. 2019: 1-15.
[35] OHRIMENKO O, SCHUSTER F, FOURNET C, et al. Oblivious Multi-Party Machine Learning on Trusted Processors[C]//25th USENIX Security Symposium (USENIX Security 16). 2016: 619-636.
[36] TRAMÈR F, BONEH D. Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware[C/OL]//7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, May 6-9, 2019. OpenReview.net, 2019. https://openreview.net /forum?id=rJVorjCcKQ.
[37] SHAON F, KANTARCIOGLU M, LIN Z, et al. SGX-BigMatrix: A Practical Encrypted Data Analytic Framework with Trusted Processors[C]//Proceedings of the 2017 ACM SIGSAC Con- ference on Computer and Communications Security. 2017: 1211-1228.
[38] YUAN R, XIA Y B, CHEN H B, et al. ShadowEth: Private Smart Contract on Public Blockchain [J]. Journal of Computer Science and Technology, 2018, 33(3): 542-556.
[39] CHENG R, ZHANG F, KOS J, et al. Ekiden: A Platform for Confidentiality-Preserving, Trust- worthy, and Performant Smart Contracts[C]//2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2019: 185-200.
[40] PARNO B, LORCH J R, DOUCEUR J R, et al. Memoir: Practical State Continuity for Protected Modules[C]//2011 IEEE Symposium on Security and Privacy. 2011: 379-394.
[41] STRACKX R, JACOBS B, PIESSENS F. ICE: A Passive, High-Speed, State-Continuity Scheme[C]//ACSAC ’14: Proceedings of the 30th Annual Computer Security Applications Conference. New York, NY, USA, 2014: 106–115.
[42] CHUN B G, MANIATIS P, SHENKER S, et al. Attested Append-Only Memory: Making Adversaries Stick to Their Word[J/OL]. SIGOPS Oper. Syst. Rev., 2007, 41(6): 189–204. DOI: 10.1145/1323293.1294280.
[43] LEVIN D, DOUCEUR J J, LORCH J, et al. TrInc: Small Trusted Hardware for Large Dis- tributed Systems[C]//Proceedings of the 6th USENIX Symposium on Networked Systems De- sign and Implementation (NSDI). Proceedings of the 6th usenix symposium on networked systems design and implementation (nsdi) ed. 2009: 1-14.
[44] VERONESE G S, CORREIA M, BESSANI A N, et al. Efficient Byzantine Fault-Tolerance [J/OL]. IEEE Transactions on Computers, 2013, 62(1): 16-30. DOI: 10.1109/TC.2011.221.
[45] KOTLA R, ALVISI L, DAHLIN M, et al. Zyzzyva: Speculative Byzantine Fault Tolerance [C]//Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles. 2007: 45-58.
[46] KAPITZA R, BEHL J, CACHIN C, et al. CheapBFT: Resource-Efficient Byzantine Fault Tol- erance[C/OL]//EuroSys ’12: Proceedings of the 7th ACM European Conference on Computer Systems. New York, NY, USA, 2012: 295–308. DOI: 10.1145/2168836.2168866.
[47] BEHL J, DISTLER T, KAPITZA R. Hybrids on Steroids: SGX-Based High Performance BFT [C/OL]//EuroSys ’17: Proceedings of the Twelfth European Conference on Computer Systems. New York, NY, USA, 2017: 222–237. DOI: 10.1145/3064176.3064213.
[48] LIU J, LI W, KARAME G O, et al. Scalable Byzantine Consensus via Hardware-Assisted Secret Sharing[J/OL]. IEEE Transactions on Computers, 2019, 68(1): 139-151. DOI: 10.1109/TC.2 018.2860009.
[49] YIN M, MALKHI D, REITER M K, et al. HotStuff: BFT Consensus with Linearity and Re- sponsiveness[C]//Proceedings of the 2019 ACM Symposium on Principles of Distributed Com- puting. 2019: 347-356.
[50] Errors Found in Distributed Protocols[EB/OL]. https://github.com/dranov/protocol-bugs-list.
[51] LISKOV B, COWLING J. Viewstamped Replication Revisited[Z]. 2012.
[52] MORARU I, ANDERSEN D G, KAMINSKY M. There is More Consensus in Egalitarian Parliaments[C]//Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles. 2013: 358-372.
[53] The Coq Proof Assistant[EB/OL]. https://coq.inria.fr.
[54] WILCOX J R, WOOS D, PANCHEKHA P, et al. Verdi: A Framework for Implementing and Formally Verifying Distributed Systems[C/OL]//PLDI ’15: Proceedings of the 36th ACM SIG- PLAN Conference on Programming Language Design and Implementation. New York, NY, USA, 2015: 357–368. DOI: 10.1145/2737924.2737958.
[55] WOOS D, WILCOX J R, ANTON S, et al. Planning for Change in a Formal Verification of the Raft Consensus Protocol[C]//Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs. 2016: 154-165.
[56] SERGEY I, WILCOX J R, TATLOCK Z. Programming and Proving with Distributed Protocols [J]. Proceedings of the ACM on Programming Languages, 2017, 2(POPL): 1-30.
[57] LAMPORT L. Specifying Systems: Vol. 388[M]. Addison-Wesley Boston, 2002.
[58] L. Lamport. The Temporal Logic of Actions[J]. ACM Transactions on Programming Languages and Systems (TOPLAS), 1994, 16(3): 872-923.
[59] YU Y, MANOLIOS P, LAMPORT L. Model Checking TLA+ Specifications[C]//Advanced Re- search Working Conference on Correct Hardware Design and Verification Methods. Springer, 1999: 54-66.
[60] NEWCOMBE C, RATH T, ZHANG F, et al. How Amazon Web Services Uses Formal Methods [J]. Communications of the ACM, 2015, 58(4): 66-73.
[61] TLA+ Proof System (TLAPS)[EB/OL]. http://tla.msr-inria.inria.fr/tlaps/content/Home.html.
[62] COUSINEAU D, DOLIGEZ D, LAMPORT L, et al. TLA+ Proofs[C]//FM 2012: Formal Methods: 18th International Symposium, Paris, France, August 27-31, 2012. Proceedings 18. Springer, 2012: 147-154.
[63] LAMPORT L, MERZ S, DOLIGEZ D. TLAPS Proof of Basic Paxos[EB/OL]. https://github.c om/tlaplus/tlapm/blob/main/examples/paxos/Paxos.tla.
[64] CHAND S, LIU Y A, STOLLER S D. Formal Verification of Multi-Paxos for Distributed Consensus[C]//FM 2016: Formal Methods: 21st International Symposium, Limassol, Cyprus, November 9-11, 2016, Proceedings. Springer, 2016: 119-136.
[65] BURROWS M. The Chubby Lock Service for Loosely-Coupled Distributed Systems[C]// Proceedings of the 7th symposium on Operating systems design and implementation. 2006: 335-350.
[66] CHANDRA T D, GRIESEMER R, REDSTONE J. Paxos Made Live: An Engineering Perspec- tive[C]//Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing. 2007: 398-407.
[67] SCHULTZ W, DARDIK I, TRIPAKIS S. Formal Verification of a Distributed Dynamic Re- configuration Protocol[C]//Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs. 2022: 143-152.
[68] LAMPORT L. Byzantizing Paxos by Refinement[C]//Distributed Computing: 25th Interna- tional Symposium, DISC 2011, Rome, Italy, September 20-22, 2011. Proceedings 25. Springer, 2011: 211-224.
[69] JEHL L. Formal Verification of Hotstuff[C]//Formal Techniques for Distributed Objects, Com- ponents, and Systems: 41st IFIP WG 6.1 International Conference, FORTE 2021, Held as Part of the 16th International Federated Conference on Distributed Computing Techniques, Dis- CoTec 2021, Valletta, Malta, June 14–18, 2021, Proceedings. Springer, 2021: 197-204.
[70] LEINO K R M. Dafny: An Automatic Program Verifier for Functional Correctness[C]//Logic for Programming, Artificial Intelligence, and Reasoning: 16th International Conference, LPAR- 16, Dakar, Senegal, April 25–May 1, 2010, Revised Selected Papers 16. Springer, 2010: 348- 370.
[71] BARNETT M, CHANG B Y E, DELINE R, et al. Boogie: A Modular Reusable Verifier for Object-Oriented Programs[C]//Formal Methods for Components and Objects: 4th International Symposium, FMCO 2005, Amsterdam, The Netherlands, November 1-4, 2005, Revised Lec- tures 4. Springer, 2006: 364-387.
[72] Z3 SMT Solver[EB/OL]. https://github.com/Z3Prover/z3.
[73] HAWBLITZEL C, HOWELL J, KAPRITSOS M, et al. IronFleet: Proving Practical Distributed Systems Correct[C]//Proceedings of the 25th Symposium on Operating Systems Principles. 2015: 1-17.
[74] PADON O, MCMILLAN K L, PANDA A, et al. Ivy: Safety Verification by Interactive Gener- alization[C]//Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. 2016: 614-630.
[75] PADON O, LOSA G, SAGIV M, et al. Paxos Made EPR: Decidable Reasoning about Distributed Protocols[J]. Proceedings of the ACM on Programming Languages, 2017, 1 (OOPSLA): 1-31.
[76] LAMPORT L, MALKHI D, ZHOU L. Vertical Paxos and Primary-Backup Replication[C]// Proceedings of the 28th ACM symposium on Principles of distributed computing. 2009: 312- 313.
[77] LAMPORT L. Fast Paxos[J]. Distributed Computing, 2006, 19: 79-103.
[78] LAMPORT L, MALKHI D, ZHOU L. Stoppable Paxos[J]. TechReport, Microsoft Research, 2008.
[79] TAUBE M, LOSA G, MCMILLAN K L, et al. Modularity for Decidability of Deductive Veri- fication with Applications to Distributed Systems[C]//Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation. 2018: 662-677.
[80] PADON O, HOENICKE J, LOSA G, et al. Reducing Liveness to Safety in First-Order Logic [J]. Proceedings of the ACM on Programming Languages, 2017, 2(POPL): 1-33.
[81] CEN S, ZHANG B. Trusted Time and Monotonic Counters with Intel Soft- ware Guard Extensions Platform Services[J]. Online at: https://software. intel. com/sites/default/files/managed/1b/a2/Intel-SGX-Platform-Services. pdf, 2017.
[82] ERMOLOV M, GORYACHY M. How to Hack a Turned-off Computer, or Running Unsigned Code in Intel Management Engine[J]. Black Hat Europe, 2017.
[83] INTEL-SA-00307: Intel CSME Advisory[EB/OL]. https://www.intel.com/content/www/us/e n/support/articles/000056085/software/chipset-software.html.
[84] The Intel Converged Security and Management Engine IOMMU Hardware Issue - CVE-2019- 0090 and CVE-2020-0566[EB/OL]. https://www.intel.com/content/dam/www/public/us/en/s ecurity-advisory/documents/cve-2019-0090-whitepaper.pdf.
[85] PARNO B. Bootstrapping Trust in a “Trusted” Platform[C]//HOTSEC’08: Proceedings of the 3rd Conference on Hot Topics in Security. USA: USENIX Association, 2008.
[86] REITER M K. Secure Agreement Protocols: Reliable and Atomic Group Multicast in Rampart [C/OL]//CCS ’94: Proceedings of the 2nd ACM Conference on Computer and Communications Security. New York, NY, USA: Association for Computing Machinery, 1994: 68–80. https: //doi.org/10.1145/191177.191194.
[87] KNAUTH T, STEINER M, CHAKRABARTI S, et al. Integrating Remote Attestation with Transport Layer Security[A]. 2018.
[88] WEICHBRODT N, AUBLIN P L, KAPITZA R. SGX-Perf: A Performance Analysis Tool for Intel SGX Enclaves[C/OL]//Proceedings of the 19th International Middleware Conference. Rennes France: ACM, 2018: 201-213. DOI: 10.1145/3274808.3274824.
[89] WEISSE O, BERTACCO V, AUSTIN T. Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves[C/OL]//Proceedings of the 44th Annual International Symposium on Computer Architecture. Toronto ON Canada: ACM, 2017: 81-93. DOI: 10.1145/3079856.30 80208.
[90] Open Enclave SDK[EB/OL]. https://openenclave.io. 67
[91] Damysus Source Code[EB/OL]. https://github.com/vrahli/damysus.
[92] Data Plane Development Kit (DPDK)[EB/OL]. https://www.dpdk.org.
[93] Storage Performance Development Kit (SPDK)[EB/OL]. https://spdk.io.
[94] BAILLEU M, THALHEIM J, BHATOTIA P, et al. SPEICHER: Securing LSM-Based Key- Value Stores Using Shielded Execution[C]//17th USENIX Conference on File and Storage Technologies (FAST 19). 2019: 173-190.
[95] THALHEIM J, UNNIBHAVI H, PRIEBE C, et al. Rkt-IO: A Direct I/O Stack for Shielded Execution[C/OL]//Proceedings of the Sixteenth European Conference on Computer Systems. Online Event United Kingdom: ACM, 2021: 490-506. DOI: 10.1145/3447786.3456255.
[96] BIONDO A, CONTI M, DAVI L, et al. The Guard’s Dilemma: Efficient Code-Reuse Attacks Against Intel SGX[C/OL]//27th USENIX Security Symposium (USENIX Security 18). Balti- more, MD: USENIX Association, 2018: 1213-1227. https://www.usenix.org/conference/usen ixsecurity18/presentation/biondo.
[97] LEE J, JANG J, JANG Y, et al. Hacking in Darkness: Return-Oriented Programming against Secure Enclaves[C/OL]//26th USENIX Security Symposium (USENIX Security 17). Vancou- ver, BC: USENIX Association, 2017: 523-539. https://www.usenix.org/conference/usenixse curity17/technical-sessions/presentation/lee-jaehyuk.
[98] WEICHBRODT N, KURMUS A, PIETZUCH P, et al. AsyncShock: Exploiting Synchronisa- tion Bugs in Intel SGX Enclaves[C]//ASKOXYLAKIS I, IOANNIDIS S, KATSIKAS S, et al. Computer Security – ESORICS 2016. Cham: Springer International Publishing, 2016: 440- 457.

电子科学与技术

TP309.1

人工提交

Wang WL. Enclave-guarded Raft on Byzantine Faulty Nodes[D]. 深圳. 南方科技大学,2023.