GDPRuler

Repository structure

sev_demo: Folder containing documentation for setting up an ubuntu based AMD SEV VM and perform proof tests.

policy_compiler: Folder containing the policy compiler.

configs: Folder containing sample configs for data owner, data controller, data processor (3rd party) and regulator.

controller: Folder containing the core code of the data controller.

KVs: Folder containing the KVs submodules.

scripts: Folder containing python wrapper scripts for all considered bare-metal execution variants.

sev-tool: Submodule providing AMD SEV functionalities

ycsb_trace_generator: Submodule containing a modified version of GDPRBench (YCSB-based) to produce workload traces

Build instructions

0. Dev environment

To enter the development environment with all the required dependencies, use:

$ nix develop

For the logging experiments you might want to allocate an entire block device and create an ext4 filesystem on top where you must also configure you log file path to be. An example execution to do that is the following:

$ sudo mkfs.ext4 /dev/nvme1n1
$ mkdir -p /scratch/dimitrios/gdpruler_fs
$ sudo mount /dev/nvme1n1 /scratch/dimitrios/gdpruler_fs -t ext4
$ sudo chown $USER:$(id -gn $USER) /scratch/dimitrios/gdpruler_fs 

1. Make sure you have fetched all the submodules:

$ git submodule update --init --recursive

2. Build the Logging subsystem:

$ cd gdpr-logger
$ mkdir build
$ cd build
$ cmake .. -D CMAKE_BUILD_TYPE=Release
$ make -j$(nproc)

3. Build the GDPR controller:

$ cd controller
$ cmake -S . -B build -D CMAKE_BUILD_TYPE=Release
$ cmake --build build

Useful options:

• Enable/disable the encryption with -D ENCRYPTION_ENABLED=ON/OFF (defaults to ON)
• Enable/disable AddressSanitizer with -D ASAN_ENABLED=ON/OFF (defaults to OFF)
• Enable/disable ThreadSanitizer with -D TSAN_ENABLED=ON/OFF (defaults to OFF)

4. Compile redis (to build the redis-server binary):

$ cd KVs/redis
$ make BUILD_TLS=yes MALLOC=libc
# Optional command to test the success of the installation
$ make test

Native sample execution

1. Create the workload traces (~5-10mins):

$ cd ycsb_trace_generator
$ bash workload_generator.sh

This will create the trace files for the workloads in the workload_traces directory.

2. Run the KV server.

• For redis:

$ cd KVs/redis/src
$ ./redis-server --protected-mode no

• For rocksdb:

$ cd controller/build
$ ./rocksdb_server [port] [db_file_location]

3. Run the controller.

For the native passthrough controller:

$ python3 scripts/passthrough.py --db [redis/rocksdb]

For the native GDPR controller:

$ python3 scripts/GDPRuler.py --db [redis/rocksdb]

For more command line options, please consult scripts/passthrough.py and scripts/GDPRuler.py.

4. Run the client(s) with a desired workload:

$ python3 scripts/client.py --workload [workload_trace_name] --clients [num_of_clients] --config [user_config/user_config_directory]

For more command line options, please consult scripts/client.py.

VM Setup instructions

For instructions on how to set up the client and server SEV VMs, please consult the respective README.

VM sample execution

TODO @dimstav23