In cloud environments, security is a major concern to organisations that must comply with strict confidentiality and integrity policies. Security has emerged as a commercial imperative for cloud computing across a wide range of applications domains. The lack of principled security guarantees therefore becomes the primary barrier to the broad adoption of cloud computing.
In our work, we explore a new technological direction for making cloud environments more secure. Modern CPUs support trusted execution mechanisms such Intel's Software Guard Extensions (SGX) and ARM's TrustZone that permit user applications to execute in untrusted cloud environments, while maintaining the confidentiality and integrity of sensitive data. User applications are protected by secure enclaves, which transparently shield the application code and data from the rest of the system, including higher privileged systems software. Compared to existing cryptographic approaches, trusted execution bears the promise to offer strong security in cloud environments without the performance overhead of data encryption and decryption in software.
An open research challenge is how today's cloud computing stacks and applications should exploit trusted execution mechanisms to improve security. In the SeReCa and SecureCloud research projects, together with our academic collaborators at the Technical University Dresden, the Technical University Braunschweig and the University of Neuchatel, we are interested in two directions: