BLOXY: Providing Transparent and Generic BFT-Based Ordering Services for Blockchains

With the wide-spread use of blockchain technology, Byzantine fault-tolerant (BFT) protocols are explored as a means to achieve consensus on which transactions should be processed next. BFT protocols are not a one-size-fits-all solution: they should be chosen according to the blockchain's use case, which can range from supply chain management to decentralised storage, requiring specialisation e.g. regarding throughput, latency, or level of decentralisation. Previously, consensus protocols were usually hardcoded into the blockchain infrastructure and could not be exchanged, therefore inhibiting flexible use of an otherwise generic blockchain infrastructure. Hyperledger Fabric claims to provide modular consensus and support for crash-fault and Byzantine fault tolerant protocols. However, integrating a BFT protocol has shown that Fabric's architecture is currently not well-suited for this fault model as it requires substantial changes and thereby breaks Fabric's modularity. This also has to be repeated for each integrated BFT protocol. In this paper, we present Bloxy, a blockchain-aware trusted proxy running on the replica that encapsulates all BFT client functionality. Bloxy enables transparent access to generic BFT frameworks and preserves Fabric's modularity even for the Byzantine fault model. It runs inside a trusted execution environment based on Intel's Software Guard Extensions. Bloxy offers blockchain-specific communication mechanisms as well as short-term block storage to handle crashes or disconnects to ensure that all nodes receive block updates. We implemented two Bloxy-based ordering services based on PBFT and the hybrid BFT protocol Hybster. Our evaluation shows that our approach increases throughput by up to 71% compared to directly integrated BFT protocols

Towards Low-Latency Byzantine Agreement Protocols Using RDMA

Byzantine fault tolerance (BFT) protocols can mitigate attacks and errors and are increasingly investigated as consensus protocols in blockchains. However, they are traditionally considered costly in terms of message complexity and latency due to the required multiple rounds of message exchanges. With the availability of Remote Direct Memory Access (RDMA) in data centers, message exchange latency can be reduced compared to TCP, as RDMA enables kernel bypassing and thereby avoids intermediate data copying. Retaining the performance benefits for RDMA during its integration, however, is non-trivial and error-prone. While the use of RDMA has previously been explored for key/value stores, databases and distributed file systems, agreement protocols especially for BFT have so far been neglected. We investigate the usage of RDMA in the Reptor BFT protocol for low-latency agreement and show first steps towards an RDMA-enabled consensus protocol. For this, we present RUBIN, a framework offering similar functionality to the Java NIO selector, which can handle multiple network connections efficiently with a single thread and is employed in several BFT protocol implementations such as BFT-SMART and UpRight

Edgar: Offloading Function Execution to the Ultimate Edge: Technical Report

Web applications are on the rise and rapidly evolve into mature replacements for their native counterparts. This trend is mainly driven by the attainment of platform-independence and instant deployability. While web applications are getting more and more complex, scalability and responsiveness remain key challenges that are addressed by rather costly approaches such as cloud computing. In this paper, we present Edgar, a novel middleware for web applications that enables client-side execution of code usually requiring server-side deployment due to missing trust in clients. Following the paradigm of Function-as-a-Service, applications consist of functions that can be distributed to browsers. Other nearby browsers can discover these functions and then directly invoke them on a peer-to-peer basis. Thus, client-side resources are used to provision the web application, which generates lower costs for service providers. Offering premium services such as liberation from ads can be used to incentivise users to provide their resources. In case of resource shortage or unresponsive clients, execution falls back to a cloud-based infrastructure. Edgar combines WebAssembly for executing workloads written in different languages at near-native speed, WebRTC for browser-to-browser communication and Intel SGX to establish trust in other browser’s computations.We evaluate Edgar by implementing a digital assistant as well as a recommendation system. Our evaluation shows that Edgar generates lower costs than traditional deployments, scales linearly with increasing client numbers and manages unresponsive clients well

AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting

Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and Web-Assembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios – volunteer computing, serverless computing, and pay-by-computation for the web – shows a maximum accounting overhead of 10%

TrApps: Secure Compartments in the Evil Cloud

The cloud computing paradigm enables the flexible and scalable outsourcing of workloads. However, cloud customers are often reluctant to entrust their sensitive data with cloud providers. This is due to the fact that the infrastructure is owned by another company and a resulting loss of control. With the recent advent of powerful ARM hardware targeted for data centres, there is the opportunity of using trusted execution technology provided by ARM TrustZone to enhance the protection of cloud customer's data. In this paper we propose TrApps, a secure platform for general-purpose trusted execution in an untrusted cloud with multiple isolated tenants based on the ARM TrustZone technology. Our system targets the parallel execution of partitioned applications of distinct tenants with lean security-sensitive components, and is based on a minimal trusted code base in the secure world of ARM TrustZone when compared to similar systems. In our evaluation we show the feasibility of our approach, and demonstrate its performance with trusted execution of memcached with an overhead of only 36.9% compared to the vanilla implementation and execution

CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions

By regularly querying Web search engines, users (unconsciously) disclose large amounts of their personal data as part of their search queries, among which some might reveal sensitive information (e.g. health issues, sexual, political or religious preferences). Several solutions exist to allow users querying search engines while improving privacy protection. However, these solutions suffer from a number of limitations: some are subject to user re-identification attacks, while others lack scalability or are unable to provide accurate results. This paper presents CYCLOSA, a secure, scalable and accurate private Web search solution. CYCLOSA improves security by relying on trusted execution environments (TEEs) as provided by Intel SGX. Further, CYCLOSA proposes a novel adaptive privacy protection solution that reduces the risk of user re- identification. CYCLOSA sends fake queries to the search engine and dynamically adapts their count according to the sensitivity of the user query. In addition, CYCLOSA meets scalability as it is fully decentralized, spreading the load for distributing fake queries among other nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real query and the fake queries separately, in contrast to other existing solutions that mix fake and real query results

Worst-Case Energy Consumption Analysis for Energy-Constrained Embedded Systems

Abstract—The fact that energy is a scarce resource in many embedded real-time systems creates the need for energy-aware task schedulers, which not only guarantee timing constraints but also consider energy consumption. Unfortunately, existing approaches to analyze the worst-case execution time (WCET) of a task usually cannot be directly applied to determine its worst-case energy consumption (WCEC) due to execution time and energy consumption not being closely correlated on many state-of-the-art processors. Instead, a WCEC analyzer must take into account the particular energy characteristics of a target platform. In this paper, we present 0g, a comprehensive approach to WCEC analysis that combines different techniques to speed up the analysis and to improve results. If detailed knowledge about the energy costs of instructions on the target platform is available, our tool is able to compute upper bounds for the WCEC by statically analyzing the program code. Otherwise, a novel ap-proach allows 0g to determine the WCEC by measurement after having identified a set of suitable program inputs based on an auxiliary energy model, which specifies the energy consumption of instructions in relation to each other. Our experiments for three target platforms show that 0g provides precise WCEC estimates. I