Building secure distributed applications the DECENT way

Remote attestation (RA) enables distributed applications that deploy trusted code to enclaves on untrusted hosts and authenticate these components remotely. However, trust relationships established by one component may impact the security of the other components that rely on it, making it difficult to reason about the end-to-end security of these applications. Furthermore, traditional RA approaches interact badly with modern web service design, which tends to employ small interacting microservices, short session lifetimes, and little or no state. This paper presents the Decent Application Platform, a framework for building secure decentralized applications. Decent applications authenticate and authorize distributed components using a protocol based on self-attestation certificates, a reusable credential based on remote attestation and verifiable by a third party. Decent components are authenticated not only based on their code, but also based on the other components they trust, ensuring that no transitively-connected components receive unauthorized information. We evaluate the expressiveness and performance of Decent with two applications: DecentRide, a ride-sharing service, and DecentHT, a distributed hash table. On the YCSB benchmark, we show that DecentHT achieves 7.5x higher throughput and 3.67x lower latency compared to a non-Decent implementation.