Twine: An Embedded Trusted Runtime for WebAssembly - Presentation slides

Twine: An Embedded Trusted Runtime for WebAssembly - Presentation slides
Twine: An Embedded Trusted Runtime for WebAssembly Jämes Ménétrey Marcelo Pasin Pascal Felber Valerio Schiavoni University of Neuchâtel, Switzerland 19-22 April 2021 37th IEEE International Conference on Data Engineering 1
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Context Hardware VMM Company OS Software stack Trusted by cloud providers Your apps Trusted by you Developers Cloud providers Your apps Attack surface of your apps • We process and store important data in clouds • From cloud providers’ perspective: the users deploy untrusted apps on their trusted systems • From users’ perspective: they deploy trusted apps on systems they assume to be trustworthy 2
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Users’ apps shielding • Twine relies on a Trusted Execution Environment (TEE) • We focus on Intel Secure Guard Extensions (SGX), which provide: • Memory access protection, integrity • Persist non-volatile data • Attestation of code (local and remote) • Applications are isolated inside hardware enforced enclaves Enclave Hardware VMM Company OS Software stack Your apps 3
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Primer on Intel SGX Trusted Untrusted ① Enclave creation ② Call trusted function (ECALL) Call gates Trusted function ③ ⑤ Returns ⑥ Enclave destruction ④ Code execution • Hardware enforced security • Enclave memory access is restricted • Partitioned applications • Some instructions are illegal, e.g., syscall OS, VMM, … 4
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Interoperability • Relax the constraints imposed by the TEE, such as: • Programming languages • Programming paradigm (e.g., code partitioning) • No built-in system calls (e.g., printf) • Abstract the host OS and the TEE • Provide practical performance 5 Cloud providers Your apps OS TEEs Programming lang. Deploy
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 WebAssembly • WebAssembly is a standard for a lightweight bytecode format • A compilation target for most mainstream programming languages • Initially meant for the web, can be used anywhere today 6 Image: Standardising WASI, Mozilla, 2020 developer WebAssembly runtime clang -target wasm32-unknown-wasi user
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Challenge 1: Interface • Intel SGX does not allow system calls, but provides out calls (OCALLs) • WebAssembly does not provides POSIX-like library, but does have import/export functions capability • Solution: use WebAssembly System Interface (WASI) to wire application system calls to OS system calls through OCALLs 7 Process Enclave WASI Call gate System library Wasm Runtime App OS Twine architecture ① ② ③ ④ ⑤ ⑥
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Challenge 2: Performance • Interpreters are slower than native execution • Solution: Ahead of Time (AOT) compilation • Just in Time (JIT) compilation increases the complexity of the enclaves (e.g., using LLVM) 8 Developers env. .cpp .rs .go ① Source code ② Compilation into WebAssembly .wasm ③ Ahead of time compilation .aot Cloud env. Enclave ④ Deployment
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Our contribution • Twine is a trusted runtime executing WebAssembly bytecode in enclaves with a subset of WASI support • Adaptation of the runtime WebAssembly Micro Runtime (WAMR) • Twine provides non-volatile storage to store database engine artefacts 9 Hardware VMM Company OS Your apps Attack surface of your apps Twine (trusted) Twine (untrusted) Trusted by cloud providers Trusted by you Software stack
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Use case: SQLite • Compilation of SQLite into WebAssembly, • No source code modification except the usage of a virtual file system for using general I/O POSIX API (e.g., open, write, fsync, etc.) • File I/O operations are handled by Intel Protected File System (IPFS) transparently through WASI • Files are encrypted and decrypted thanks to IPFS 10 Process Enclave WASI Call gate System library Wasm Runtime OS ② Encryption ① ③ ④ ⑤
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Evaluation: SQLite, Speedtest1 Across all tests with database stored in files, the slowdowns are: 11 Insert Update Sequential Select Delete Random Select 0 5 10 35.1 22.4 Normalised run time J Lower is better Native: mem. (= 1) file WAMR: mem. file Twine: mem. file SGX-LKL: mem. file We made these Native WAMR SGX-LKL Twine 3.7x 2.6x 1.8x 2.5x 6.5x 1.0x
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Evaluation: SQLite, microbenchmark 12 0 50 100 150 0 1 2 EPC full Database size [MiB] Time [s] J Lower is better (a) Insertion 0 50 100 150 0 0.5 1 EPC full Database size [MiB] (b) Sequential reading 0 50 100 150 0 2 4 6 8 EPC full Database size [MiB] (c) Random reading Native: mem. file SGX-LKL: mem. file WAMR: mem. file Twine: mem. file • Enclave Page Cache (EPC) is a special memory area to store the enclaves’ code and data (size of 92 MiB) • Once full, encrypted memory pages are swapped out into the unprotected memory, which is a costly operation We made these
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Evaluation: SQLite, microbenchmark 13 Insertion Sequential Random 0 0.5 1 Type of query Normalised run time J Lower is better Twine: HW SW SGX-LKL: HW SW 2.5x 3.3x 0.9x Slowdowns 0 50 100 150 0 1 2 EPC full Database size [MiB] Time [s] J Lower is better (a) Insertion 0 50 100 150 0 0.5 1 EPC full Database size [MiB] (b) Sequential reading 0 50 100 150 0 2 4 6 8 EPC full Database size [MiB] (c) Random reading Native: mem. file SGX-LKL: mem. file WAMR: mem. file Twine: mem. file We made these
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Optimisations: Intel Protected File System • Optimisations: • Memory clearing operations have been removed • Memory copy operations have been reduced • Speedup compared to Intel’s version with SQLite: • Insertion: 1.5x • Sequential reading: 2.5x • Random reading: 4.1x 14 0 5 10 15 20 25 30 IPFS Optimised Time [s] (J Lower is better) SQLite inner work Read: other ops. OCALL memset
Jämes Ménétrey — Twine: An Embedded Trusted Runtime for WebAssembly — ICDE ‘21 Takeaway • Twine is a trusted runtime for running WebAssembly within SGX enclaves on untrusted clouds with practical performance. • Applications compiled into WebAssembly do not need to be modified, as long as the system calls are covered by WASI • File system I/O is seamlessly secured by Intel Protected File System • SQLite can be compiled into WebAssembly and executed on Twine Thanks for your attention! 15 I’m open source!

Check these out next

Twine: An Embedded Trusted Runtime for WebAssembly - Presentation slides

Recomendados

Más contenido relacionado

Similar a Twine: An Embedded Trusted Runtime for WebAssembly - Presentation slides(20)

Último(20)

Twine: An Embedded Trusted Runtime for WebAssembly - Presentation slides