This project contains two modified key-value stores, RocksDB and LotusDB, to be put into confidential VMs. RocksDB is a LSM-tree-based KV store, while LotusDB combines LSM trees and B+ trees.
Given that Confidential VMs only protect data in memory instead of data on disks, as data go to disks, we need to modify RocksDB and LotusDB to encrypt and authenticate the data. For freshness guarantee, we assume the existence of trusted disks. So some data go to trusted disks to obtain freshness guarantee for the overall system, while other data go to untrusted disks.
To run the key-value stores, please see the README.md in lotusdb/ or rocksdb/.
If you use this framework in your research, please kindly cite the following paper.
Xiang Li, Huanchen Zhang, and Mingyu Gao. TwinStore: Secure Key-Value Stores Made Faster with Hybrid Trusted/Untrusted Storage.