Saved in:
Bibliographic Details
Main Authors: Jeffery, Andrew, Maffre, Julien, Howard, Heidi, Mortier, Richard
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.12623
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913434456555520
author Jeffery, Andrew
Maffre, Julien
Howard, Heidi
Mortier, Richard
author_facet Jeffery, Andrew
Maffre, Julien
Howard, Heidi
Mortier, Richard
contents Software services are increasingly migrating to the cloud, requiring trust in actors with direct access to the hardware, software and data comprising the service. A distributed datastore storing critical data sits at the core of many services; a prime example being etcd in Kubernetes. Trusted execution environments can secure this data from cloud providers during execution, but it is complex to build trustworthy data storage systems using such mechanisms. We present the design and evaluation of the Ledger-backed Secure Key-Value datastore (LSKV), a distributed datastore that provides an etcd-like API but can use trusted execution mechanisms to keep cloud providers outside the trust boundary. LSKV provides a path to transition traditional systems towards confidential execution, provides competitive performance compared to etcd, and helps clients to gain trust in intermediary services. LSKV forms a foundational core, lowering the barriers to building more trustworthy systems.
format Preprint
id arxiv_https___arxiv_org_abs_2407_12623
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle LSKV: A Confidential Distributed Datastore to Protect Critical Data in the Cloud
Jeffery, Andrew
Maffre, Julien
Howard, Heidi
Mortier, Richard
Distributed, Parallel, and Cluster Computing
Software services are increasingly migrating to the cloud, requiring trust in actors with direct access to the hardware, software and data comprising the service. A distributed datastore storing critical data sits at the core of many services; a prime example being etcd in Kubernetes. Trusted execution environments can secure this data from cloud providers during execution, but it is complex to build trustworthy data storage systems using such mechanisms. We present the design and evaluation of the Ledger-backed Secure Key-Value datastore (LSKV), a distributed datastore that provides an etcd-like API but can use trusted execution mechanisms to keep cloud providers outside the trust boundary. LSKV provides a path to transition traditional systems towards confidential execution, provides competitive performance compared to etcd, and helps clients to gain trust in intermediary services. LSKV forms a foundational core, lowering the barriers to building more trustworthy systems.
title LSKV: A Confidential Distributed Datastore to Protect Critical Data in the Cloud
topic Distributed, Parallel, and Cluster Computing
url https://arxiv.org/abs/2407.12623