SECURE ENCLAVES FOR REACTIVE CLOUD APPLICATIONS

Technische Universität Carolo-Wilhelmina zu Braunschweig (TUB) is one of the leading universities of technology in Germany. The academic community comprises about 16,000 students and 3,600 university employees. The core disciplines are engineering, natural sciences, life sciences, and information technologies. They are closely linked to other disciplines of humanities and economic, social, and educational sciences. As one of its parts, the Institute of Operating Systems and Computer Networking (IBR)74 conducts research particularly on distributed systems, corresponding networking and communication systems, architectures, and protocols.

Dependability of distributed systems, in particular in the area of could computing, is one of the main concerns of the proposing work group. The IBR comprises 4 professorships and over 20 PhD students. The institute was and is active in several EU-funded and state-funded projects, including the FP7 projects GINSENG, V-Charge, WISEBED, SPITFIRE, and especially TClouds. All in all, the university has been participating in many projects under different Framework Programmes of the EU. In order to foster and support such projects, TUB established a unit specialised on the organization and management of EU projects, the European Office

Role in the project

TUB will lead WP1, which investigates system support for secure enclaves based on ARM TrustZone and Intel SGX. Within WP 1, with its expertise, TUB will especially lead the implementation of secure enclaves based on ARM TrustZone by extending the existing software architecture. In addition to that, TUB will lead the coordination between these secure enclaves across multiple data centre sites in WP2. TUB will also contribute to the deployment mechanisms of distributed secure enclaves and, by technical work, to WP4-6. In particular, TUB will design efficient replication and recovery support for SERECA applications and the essential parts of the platform.

Relevant publications

  • R¨udiger Kapitza, Johannes Behl, Christian Cachin, Tobias Distler, Simon Kuhnle, Seyed Vahid Mohammadi, Wolfgang Schrder-Preikschat and Klaus Stengel. CheapBFT: Resource-efficient Byzantine Fault Tolerance, in Proceedings of the EuroSys 2012 Conference (EuroSys’12), European Chapter of ACM SIGOPS, 2012
  • Tobias Distler and R¨udiger Kapitza. Increasing Performance in Byzantine Fault-Tolerant Systems with On- Demand Replica Consistency, in Proceedings of the EuroSys 2011 Conference (EuroSys’11), European Chapter of ACM SIGOPS, 2011
  • Tobias Distler, R¨udiger Kapitza, Ivan Popov, Hans P. Reiser and Wolfgang Schrder-Preikschat. SPARE: Replicas on Hold, in Proceedings of the 18th Network and Distributed System Security Symposium (NDSS’11), Internet Society (ISOC), 2011.
  • Reiser, Hans P., and R¨udiger Kapitza. Hypervisor-based efficient proactive recovery, in Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems (SRDS’07), IEEE, 2007.
  • Holger Schmidt, Jan-Patrick Elsholz, Vladimir Nikolov, Franz J. Hauck and R¨udiger Kapitza. OSGi4C: Enabling OSGi for the Cloud, in 4th International Conference on COMmunication System softWAre and MiddlewaRE (COMSWARE’09), ACM, 2009.

Relevant experience

The members of the Distributed Systems Group of the IBR investigated various aspects of system-centric middleware with a focus on adaptive as well as fault- and intrusion-tolerant middleware. In the context of the AspectIX project (DFG funded), they targeted the development of middleware supporting fault-tolerant and adaptive services by means of a truly distributed object concept, while DFG-funded VM-FIT project aimed at the virtualisation-aided provision of intrusion-tolerant services.

In the context of the FP7 project TClouds, the group carried out research in the field of dependable and resourceefficient concepts and systems that are able the facilitate trustworthy cloud computing. In particular, configurable hardware-aided solutions were build for improving the performance of Byzantine-tolerant agreement protocols. Furthermore, it was explored how to assemble service-tailored virtual machines with a minimal Trusted Computing Base using a safe runtime environment.

Infrastructures

At the moment, TUB is maintaining 3 clusters of 11 powerful server machines in total to provide computing resources for running distributed applications on top. Cluster 1 contains 4 homogeneous servers, and each of them is equipped with two 6-core 2.4 GHz Intel Xeon processors and 24 GB of system memory. Cluster 2 is made up of 2 servers with two 8-core 2.6 GHz Intel Xeon processors and 64 GB memory each. Cluster 3 consists of 5 server machines, and each server machine has two 6-core 2.5 GHz Intel Xeon processors and 16 GB memory. All three clusters together constitute the cloud infrastructure, which can provide the capability of high performance computing in SERECA.

Key personnel

Prof. Dr. Rüdiger Kapitza

Is professor at the Technische Universitat Carolo-Wilhelmina zu Braunschweig. There he leads the Distributed Systems Group of the Institute of Operating Systems and Computer Networking since January, 2012. He received his M.Sc. and Ph.D. degree from the Department of Computer Sciences, University of Erlangen- Nuremberg in 2001 and 2007, respectively. From 2007 until 2011 he led the Distributed Systems Group at the Department of Computer Sciences 4, University of Erlangen-Nuremberg, as assistant professor. Since his time as PhD student he has lead project work at the national level. First in the DFG-funded AspectIX project, next shortly after finishing his PhD as a principal investigator in REFIT, DanceOS, and recently BATS. DanceOS is a project of the DFG priority program 1500 with multiple partners, whereas BATS is an interdisciplinary research group composed of researchers from computer sciences, electrical engineering, and biology. At the EU-level he leads TUB in the FP7 IP TClouds. R¨udiger Kapitza is author of more than 60 peer-reviewed publications, steering committee member of the IFIP DAIS conference, program committee member of numerous venues including IEE EDCC, ACM/Usenix Middleware and ACM EuroSys. More details about him can be found at http://www.ibr.cs.tu-bs.de/users/kapitza.

Bijun Li (F)

Has been working as a research assistant in the Distributed Systems Group of the Institute of Operating Systems and Computer Networking at the Technische Universit¨at Braunschweig since 2013. She received her M.Eng. from Gyeongsang National University, South Korea, Department of Informatics. Her research interests focus on cloud reliability, especially on the reliable coordination of distributed applications. As part of the research work in SERECA she will focus on distributed coordination of secure enclaves as well as enclave distribution itself. More information about her can be found at https://www.ibr.cs.tu-bs.de/users/bli.

Stefan Brenner (M)

Has been working as a research assistant in the Distributed Systems Group of the Institute of Operating Systems and Computer Networking at the Technische Universit¨at Braunschweig since the end of 2012. Earlier in 2012 he obtained a M.Sc. in computer science, studying at Ulm university with a focus on distributed systems and operating systems. In the scope of the project, Mr. Brenner will focus on system support for secure enclaves. Further information about him is available at http://www.ibr.cs.tu-bs.de/users/brenner.

Action acronym: SERECA
Action full title: "Secure Enclaves for REactive Cloud Applications"
Objective: ICT-07-2014: Advanced Cloud Infrastructures and Services
Grant agreement no: 645011