A Framework for Building Secure, Scalable, Networked Enclaves

06/08/2022
by   Philipp Winter, et al.
0

In 2020, Amazon introduced Nitro enclaves – cloud-based secure enclaves that do not share hardware with untrustworthy code, therefore promising resistance against side channel attacks, which have plagued Intel's SGX for years. While their security properties are attractive, Nitro enclaves are difficult to write code for and are not meant to be used as a networked service, which greatly limits their potential. In this paper, we built a framework that allows for convenient and flexible use of Nitro enclaves by abstracting away complex aspects like remote attestation and end-to-end encryption between an enclave and a remote client. We demonstrate the practicality of our framework by designing and implementing two production-grade systems that solve real-world problems: remotely verifiable IP address pseudonymization and private telemetry. Our practical experience suggests that our framework enables quick prototyping, is flexible enough to accommodate different use cases, and inherits strong security and performance properties from the underlying Nitro enclaves.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
04/04/2020

Building secure distributed applications the DECENT way

Remote attestation (RA) enables distributed applications that deploy tru...
research
01/20/2021

secureTF: A Secure TensorFlow Framework

Data-driven intelligent applications in modern online services have beco...
research
09/24/2018

SPX: Preserving End-to-End Security for Edge Computing

Beyond point solutions, the vision of edge computing is to enable web se...
research
01/17/2018

Integrating Remote Attestation with Transport Layer Security

Intel(R) Software Guard Extensions (Intel(R) SGX) is a promising technol...
research
02/12/2019

TensorSCONE: A Secure TensorFlow Framework using Intel SGX

Machine learning has become a critical component of modern data-driven o...
research
03/20/2020

Efficient Oblivious Database Joins

A major algorithmic challenge in designing applications intended for sec...
research
11/03/2021

Secure Namespaced Kernel Audit for Containers

Despite the wide usage of container-based cloud computing, container aud...

Please sign up or login with your details

Forgot password? Click here to reset