Aria: Tolerating Skewed Workloads in Secure In-memory Key-value Stores

摘要

The recent advent of the hardware trusted execution environment (TEE), e.g., Intel SGX, enables encrypted and integrity-verified in-memory key-value (KV) stores. However, due to the architectural limitations of the hardware, it is non-trivial to build a secure in-memory KV store with SGX without compromising the performance. The reason comes from (i) the limited memory capacity the SGX TEE provides, and (ii) being unaware of the access patterns of skewed workloads, which are commonly seen in the real world.In this paper, we present Aria, a secure in-memory KV store based on SGX. Our goal is to utilize the limited resource while still achieving high performance. Aria places KV pairs and index structures directly in the untrusted memory and introduces the security metadata in the TEE to conduct protection. The core component of Aria is Secure Cache, a software-based cache layer, which uses the limited memory resource to guarantee the confidentiality and integrity (including freshness) of Aria. Secure Cache keeps the frequently accessed security metadata in the TEE memory at fine-granularity and evicts rarely-used ones to the untrusted memory. With Secure Cache, we have the opportunities to explore strategies that are impossible in SGX implementation. By decoupling the security metadata management from the index structure, Aria supports various index schemes. We implement Aria with the indexes of both a hash table and a B-tree. Experiments show that Aria improves throughput by up to 104% compared to the state-of-the-art system.