Nimble: Rollback Protection for Confidential Cloud Services

Sebastian Angel, Aditya Basu, Weidong Cui, Trent Jaeger, Stella Lau, Srinath Setty, Sudheesh Singanamalla

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

This paper introduces Nimble, a cloud service that helps applications running in trusted execution environments (TEEs) to detect rollback attacks (i.e., detect whether a data item retrieved from persistent storage is the latest version). To achieve this, Nimble realizes an append-only ledger service by employing a simple state machine running in a TEE in conjunction with a crash fault-tolerant storage service. Nimble then replicates this trusted state machine to ensure the system is available even if a minority of state machines crash. A salient aspect of Nimble is a new reconfiguration protocol that allows a cloud provider to replace the set of nodes running the trusted state machine whenever it wishes—without affecting safety. We have formally verified Nimble’s core protocol in Dafny, and have implemented Nimble such that its trusted state machine runs in multiple TEE platforms (Intel SGX and AMD SNP-SEV). Our results show that a deployment of Nimble on machines running in different availability zones can achieve from tens of thousands of requests/sec with an end-to-end latency of under 3.2 ms (based on an in-memory key-value store) to several thousands of requests/sec with a latency of 30ms (based on Azure Table).

Original languageEnglish (US)
Title of host publicationProceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023
PublisherUSENIX Association
Pages193-208
Number of pages16
ISBN (Electronic)9781939133342
StatePublished - 2023
Event17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023 - Boston, United States
Duration: Jul 10 2023Jul 12 2023

Publication series

NameProceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023

Conference

Conference17th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2023
Country/TerritoryUnited States
CityBoston
Period7/10/237/12/23

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems

Cite this