We built a MyRocks fork hat runs in secure enclaves

[Felix S]

Hi all,

thanks for the great work with MyRocks and RocksDB! Over the last two years or so, our team has built a MyRocks fork that can run securely and fast inside Intel SGX enclaves. It's called EdgelessDB. We're keen to get your thoughts and feedback.

(Briefly, SGX enclaves are isolated execution environments that can be created on many recent Intel CPUs. Enclaves are strongly isolated from their host system, including the OS, and keep their data and code encrypted in memory at runtime. Enclaves can request a cryptographic certificate from the CPU for their initial contents, configuration, and output. Further, enclaves can ask the CPU for a deterministic secret key to "seal" data to disk.)

Our motivation for creating EdgelessDB was to increase data security. We wanted to have a DB that maintains data integrity and confidentiality even if the host computer is under an active attacker's control. 

To this end, EdgelessDB ensures that data never leaves the enclave in plaintext. Data that is written to disk is encrypted using an integrity-providing scheme. For this, we modified RocksDB in several ways. Most notably, we encrypt blocks in SST files using AES-GCM. We use a distinct key for each file and use each block's offset in the file as IV. (The file keys are derived from a master key, which is persisted using SGX's sealing feature.) This way, we avoid having to maintain Merkle trees, but still get overall integrity protection for SST files. This for example prevents attackers outside the enclave to replay or rearrange blocks within SST files. We also protect the WAL and the Manifest file. Maybe this encryption scheme is also of independent interest.

MySQL clients connect to EdgelessDB via TLS as normal. However, EdgelessDB provides a REST API via which the client can obtain the CPU's certificate for its TLS public key. From the CPU certificate, the client learns 

1. that the DB is indeed running inside an enclave, 
2. the hash of the DB's executable and configuration,
3. the hash of a file called manifest.json.

Manifest.json is a special feature of EdgelessDB. The file defines the initial state of the DB, including public key-based access control. By examining manifest.json, a client can make sure that the DB is configured as expected, before using it. The feature also enables multi-party data processing scenarios: One can use manifest.json to specify what certain parties or services can do. For example, party A and B may only be able to send data, whereas party C may only be able to run certain analytics.

Hope you'll find this interesting. We also just published a blog post with Azure with more details and preliminary benchmarks.

-Felix