Distributed Memory Integrity Trees

Ensuring the correct execution of a program running on untrusted computing platforms, wherein the OS, hypervisor, and all off-CPU-chip hardware, including memory, are untrusted, (also) requires protecting the integrity of the memory content against replay attacks. This requires dedicated tracking structures and in-chip state storage. For this purpose, integrity trees are used in various forms, varying in complexity, size, and performance; yet, existing integrity trees do not address distributed, shared-memory computations, for which one must also ensure the integrity of the coherence state of the memory. Observing that a block not residing at a given node merely needs to be known by that node as such, we present the novel Distributed Integrity Tree (DIT) method, and show that it can be used effectively to extend existing integrity trees to parallel and distributed environments. Using DIT, we constructed a Distributed Merkle Tree, a Distributed Bonsai Merkle Tree, and a distributed Intel SGX's Memory Encryption Engine integrity mechanism. All these extensions entail negligible overhead.