IceClave: A trusted execution environment for in-storage computing

Luyi Kang, Yuqi Xue, Weiwei Jia, Xiaohao Wang, Jongryool Kim, Changhwan Youn, Myeong Joon Kang, Hyung Jin Lim, Bruce Jacob, Jian Huang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In-storage computing with modern solid-state drives (SSDs) enables developers to offload programs from the host to the SSD. It has been proven to be an effective approach to alleviate the I/O bottleneck. To facilitate in-storage computing, many frameworks have been proposed. However, few of them treat the in-storage security as the first citizen. Specifically, since modern SSD controllers do not have a trusted execution environment, an offloaded (malicious) program could steal, modify, and even destroy the data stored in the SSD. In this paper, we first investigate the attacks that could be conducted by offloaded in-storage programs. To defend against these attacks, we build a lightweight trusted execution environment, named IceClave for in-storage computing. IceClave enables security isolation between in-storage programs and flash management functions that include flash address translation, data access control, and garbage collection, with TrustZone extensions. IceClave also achieves security isolation between in-storage programs by enforcing memory integrity verification of in-storage DRAM with low overhead. To protect data loaded from flash chips, IceClave develops a lightweight data encryption/decryption mechanism in flash controllers. We develop IceClave with a full system simulator. We evaluate IceClave with a variety of data-intensive applications such as databases. Compared to state-of-the-art in-storage computing approaches, IceClave introduces only 7.6% performance overhead, while enforcing security isolation in the SSD controller with minimal hardware cost. IceClave still keeps the performance benefit of in-storage computing by delivering up to 2.31× better performance than the conventional host-based trusted computing approach.

Original languageEnglish (US)
Title of host publicationMICRO 2021 - 54th Annual IEEE/ACM International Symposium on Microarchitecture, Proceedings
PublisherIEEE Computer Society
Pages199-211
Number of pages13
ISBN (Electronic)9781450385572
DOIs
StatePublished - Oct 18 2021
Event54th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2021 - Virtual, Online, Greece
Duration: Oct 18 2021Oct 22 2021

Publication series

NameProceedings of the Annual International Symposium on Microarchitecture, MICRO
ISSN (Print)1072-4451

Conference

Conference54th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2021
Country/TerritoryGreece
CityVirtual, Online
Period10/18/2110/22/21

ASJC Scopus subject areas

  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'IceClave: A trusted execution environment for in-storage computing'. Together they form a unique fingerprint.

Cite this