TNIC: A Trusted NIC Architecture

TL;DR

TNIC is a hardware-verified network interface architecture that enhances trustworthiness and performance in distributed systems operating in untrusted cloud environments.

Contribution

The paper introduces TNIC, a minimal, formally verified silicon root-of-trust at the network interface level, enabling trustworthy, high-performance distributed systems in untrusted settings.

Findings

Up to 6x performance improvement over CPU-centric TEE systems

Formal verification of safety and security properties of TNIC

Development of a generic API and recipe for trustworthy distributed systems

Abstract

We introduce TNIC, a trusted NIC architecture for building trustworthy distributed systems deployed in heterogeneous, untrusted (Byzantine) cloud environments. TNIC builds a minimal, formally verified, silicon root-of-trust at the network interface level. We strive for three primary design goals: (1) a host CPU-agnostic unified security architecture by providing trustworthy network-level isolation; (2) a minimalistic and verifiable TCB based on a silicon root-of-trust by providing two core properties of transferable authentication and non-equivocation; and (3) a hardware-accelerated trustworthy network stack leveraging SmartNICs. Based on the TNIC architecture and associated network stack, we present a generic set of programming APIs and a recipe for building high-performance, trustworthy, distributed systems for Byzantine settings. We formally verify the safety and security properties of our TNIC while demonstrating its use by building four trustworthy distributed systems. Our evaluation of TNIC shows up to 6x performance improvement compared to CPU-centric TEE systems.