Loading [MathJax]/extensions/MathZoom.js
ADAM-CS: Advanced Asynchronous Monotonic Counter Service | IEEE Conference Publication | IEEE Xplore
Access provided by:
MIT Libraries
Sign Out
Access provided by:
MIT Libraries
Sign Out
ADVANCED SEARCH
Conferences >2021 51st Annual IEEE/IFIP In...

ADAM-CS: Advanced Asynchronous Monotonic Counter Service

PDF
André Martin; Cong Lian; Franz Gregor; Robert Krahn; Valerio Schiavoni; Pascal Felber
All Authors

Abstract:

Trusted execution environments (TEEs) offer the technological breakthrough to allow several applications to be deployed and executed over untrusted public cloud environme...Show More

Metadata

Abstract:

Trusted execution environments (TEEs) offer the technological breakthrough to allow several applications to be deployed and executed over untrusted public cloud environments. Although TEEs (e. g., Intel SGX, ARM TrustZone, AMD SEV) provide several mechanisms to ensure confidentiality and integrity of data and code, they do not offer freshness out of the box, a critical aspect yet often overlooked, for instance, to protect against rollback attacks. Monotonic counters are a popular way to detect rollbacks, as their counter values cannot be decremented. However, counter increments are slow (i.e., 10th of milliseconds), making their use impractical for distributed services and applications processing thousands of transactions simultaneously, for which an order of magnitude improvement is needed. ADAM-CS is an asynchronous monotonic counter service to protect such high-traffic applications against rollback attacks. Leveraging a set of distributed monotonic counters and specific algorithms, ADAM-CS minimizes the maximum vulnerability window (MVW), i.e., the amount of transactions an adversary could successfully rollback. Thanks to its asynchronous nature, ADAM-CS supports thousands of increments per second without introducing additional latency in the transactions performed by applications. Our measurements indicate that we can keep the MVW well below 10ms while supporting a throughput of more than 21K requests/s when using eight counters.
Published in: 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Date of Conference: 21-24 June 2021
Date Added to IEEE Xplore: 06 August 2021
ISBN Information:

ISSN Information:

DOI: 10.1109/DSN48987.2021.00053
Conference Location: Taipei, Taiwan
References is not available for this document.
Contents

I. Introduction

Trusted execution environments (TEEs), ., Intel SGX [1],[2], give developers a set of hardware tools to protect their applications from various threats against the confidentiality and integrity of their data and code. TEEs allow developers to deploy and run systems in untrusted environments, such as public clouds, tolerating strong adversarial models under minimal trust constraints. Developers only need to trust the processor manufacturers. Unfortunately, TEEs do not protect against rollback attacks, in which an attacker tries to rollback an application state from a previous state to gain some benefits. Examples of such attacks include using already-expired software licenses ., version downgrade attacks), undoing certain transactions, or revert to old software versions to exploit known bugs [3]–[5]. While some solutions exist to protect TEEs against rollbacks [6],[7], they present a few drawbacks. LCM [7] relies on clients to ensure state continuity. Rote [6] assumes that at least one replica survives power outages to maintain the counter value.

Select All
1.
I. Anati, S. Gueron, P. S. Johnson and R. V. Scarlata, "Innovative technology for CPU based attestation and sealing", Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP ’13), 2013.
Google Scholar
2.
F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, et al., "Innovative instructions and software model for isolated execution", Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP ’13), 2013.
CrossRef Google Scholar
3.
B. Möller, T. Duong and K. Kotowicz, "This POODLE bites: exploiting the SSL 3.0 fallback", Security Advisory, 2014.
Google Scholar
4.
Y. Chen, Y. Zhang, Z. Wang and T. Wei, "Downgrade attack on TrustZone", arXiv preprint arXiv:1707.05082, 2017.
Google Scholar
5.
E. S. Alashwali and K. Rasmussen, "What’s in a downgrade? A taxonomy of downgrade attacks in the TLS protocol and application protocols using TLS", International Conference on Security and Privacy in Communication Systems (SecureComm ’18), 2018.
CrossRef Google Scholar
6.
S. Matetic, M. Ahmed, K. Kostiainen, A. Dhar, D. Sommer, A. Gervais, et al., "ROTE: Rollback protection for trusted execution", Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), pp. 1289-1306, Aug. 2017, [online] Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/matetic.
Google Scholar
7.
M. Brandenburger, C. Cachin, M. Lorenz and R. Kapitza, "Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory", 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’17), 2017.
View Article
Google Scholar
8.
TPM Library Part 1: Architecture Family ”2.0” Level 00 Revision 01.38, Mar 2019, [online] Available: http://www.trustedcomputinggroup.org/resources/tpmlibrary specification.
Google Scholar
9.
IBM’s TPM 2.0 TSS, Mar 2019, [online] Available: https://sourceforge.net/projects/ibmtpm20tss/.
Google Scholar
10.
R. Strackx and F. Piessens, "Ariadne: A minimal approach to state continuity", Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), pp. 875-892, Aug. 2016, [online] Available: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/strackx.
Google Scholar
11.
Azure Confidential Computing, Mar 2021, [online] Available: https://azure.microsoft.com/en-us/solutions/confidential-compute.
Google Scholar
12.
Intel Software Guard Extensions (Intel SGX) Developer Guide, Mar 2020, [online] Available: https://download.01.org/intel-sgx/sgx-linux/2.11/docs/Intel_SGXDeveloper Guide.pdf.
Google Scholar
13.
S. Wang, W. Wang, Q. Bao, P. Wang, X. Wang and D. Wu, "Binary Code Retrofitting and Hardening Using SGX", Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation (FEAST ’17), 2017.
CrossRef Google Scholar
14.
S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O’Keeffe, M. L. Stillwell et al., "SCONE: Secure Linux Containers with Intel SGX", Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’16), 2016.
Google Scholar
15.
F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar- Ruiz, et al., "VC3: Trustworthy data analytics in the cloud using SGX", IEEE Symposium on Security and Privacy (S ’15), 2015.
View Article
Google Scholar
16.
A. Baumann, M. Peinado and G. Hunt, "Shielding Applications from an Untrusted Cloud with Haven", ACM Transactions on Computer Systems (TOCS ’15), 2015.
CrossRef Google Scholar
17.
C.-C. Tsai, D. E. Porter and M. Vij, "Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX", Proceedings of the USENIX Annual Technical Conference (ATC ’17), 2017.
Google Scholar
18.
C. Priebe, D. Muthukumaran, J. Lind, H. Zhu, S. Cui, V. A. Sartakov, et al., "SGX-LKL: Securing the host OS interface for trusted execution", arXiv:1908.11143, 2019.
Google Scholar
19.
Musl Libc, Mar 2021, [online] Available: https://musl.libc.org.
Google Scholar
20.
R. Koo and S. Toueg, "Checkpointing and Rollback-Recovery for Distributed Systems", IEEE Transactions on Software Engineering, 1987.
View Article
Google Scholar
21.
S. Ananthanarayanan, M. S. Ardekani, D. Haenikel, B. Varadarajan, S. Soriano, D. Patel, et al., "Keeping Master Green at Scale", Proceedings of the 14th ACM european conference on Computer Systems (EuroSys ’19), 2019.
CrossRef Google Scholar
22.
A. Sriraman, A. Dhanotia and T. F. Wenisch, "SoftSKU: Optimizing Server Architectures for Microservice Diversity @Scale", Proceedings of the 46th International Symposium on Computer Architecture (ISCA ’19), 2019.
CrossRef Google Scholar
23.
G. Kakivaya, L. Xun, R. Hasha, S. B. Ahsan, T. Pfleiger, R. Sinha, et al., "Service Fabric: A Distributed Platform for Building Microservices in the Cloud", Proceedings of the 13th ACM european conference on Computer Systems (EuroSys ’18), 2018.
CrossRef Google Scholar
24.
F. Gregor, W. Ozga, S. Vaucher, R. Pires, D. Le Quoc, S. Arnautov, et al., "Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders", 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’20), 2020.
View Article
Google Scholar
25.
N. D. Matsakis and F. S. Klock, "The rust language", ACM SIGAda Ada Letters, 2014.
CrossRef Google Scholar
26.
Hyper.rs, Mar 2019, [online] Available: https://hyper.rs.
Google Scholar
27.
G. Tene, wrk2: a HTTP benchmarking tool based mostly on wrk, 2020, [online] Available: https://github.com/giltene/wrk2.
Google Scholar
28.
R. C. Merkle, "Protocols for public key cryptosystems", IEEE Symposium on Security and Privacy (S ’80), 1980.
View Article
Google Scholar
29.
SQLite, Sep 2019, [online] Available: https://www.sqlite.org/.
Google Scholar
30.
C. Correia, M. Correia and L. Rodrigues, "Omega: a Secure Event Ordering Service for the Edge", 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’20), 2020.
View Article
Google Scholar

Contact IEEE to Subscribe
More Like This
Speedy Cloud: Cloud Computing with Support for Hardware Acceleration Services

IEEE Transactions on Cloud Computing

Published: 2019

High Throughput Hardware Implementation of Secure Hash Algorithm (SHA-3) Finalist: BLAKE

2011 Frontiers of Information Technology

Published: 2011

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.