Software services are increasingly migrating to the cloud, requiring trust in actors with direct access to the hardware, software and data comprising the service. A distributed datastore storing critical data sits at the core of many services; a prime example being etcd in Kubernetes. Trusted execution environments can secure this data from cloud providers during execution, but it is complex to build trustworthy data storage systems using such mechanisms. We present the design and evaluation of the Ledger-backed Secure Key-Value datastore (LSKV), a distributed datastore that provides an etcd-like API but can use trusted execution mechanisms to keep cloud providers outside the trust boundary. LSKV provides a path to transition traditional systems towards confidential execution, provides competitive performance compared to etcd, and helps clients to gain trust in intermediary services. LSKV forms a foundational core, lowering the barriers to building more trustworthy systems.

翻译：随着软件服务日益向云端迁移，需要信任能够直接访问构成服务的硬件、软件和数据的参与者。存储关键数据的分布式数据存储位于许多服务的核心；一个典型的例子是Kubernetes中的etcd。可信执行环境可以在执行期间保护此类数据免受云提供商的侵害，但使用此类机制构建可信赖的数据存储系统十分复杂。本文介绍了账本支持的安全键值数据存储（LSKV）的设计与评估，这是一种分布式数据存储，它提供了类似etcd的API，但可以利用可信执行机制将云提供商排除在信任边界之外。LSKV为传统系统向机密执行过渡提供了一条路径，与etcd相比具有有竞争力的性能，并帮助客户端建立对中介服务的信任。LSKV构成了一个基础核心，降低了构建更可信赖系统的门槛。