SERECA: Hardware-Assisted Cloud Security

In cloud environments, security is a major concern to organisations that must comply with strict confidentiality and integrity policies. Security has emerged as a commercial imperative for cloud computing across a wide range of applications domains. The lack of principled security guarantees therefore becomes the primary barrier to the broad adoption of cloud computing.

In our work, we explore a new technological direction for making cloud environments more secure. Modern CPUs support trusted execution mechanisms such Intel's Software Guard Extensions (SGX) and ARM's TrustZone that permit user applications to execute in untrusted cloud environments, while maintaining the confidentiality and integrity of sensitive data. User applications are protected by secure enclaves, which transparently shield the application code and data from the rest of the system, including higher privileged systems software. Compared to existing cryptographic approaches, trusted execution bears the promise to offer strong security in cloud environments without the performance overhead of data encryption and decryption in software.

An open research challenge is how today's cloud computing stacks and applications should exploit trusted execution mechanisms to improve security. In the SeReCa and SecureCloud research projects, together with our academic collaborators at the Technical University Dresden, the Technical University Braunschweig and the University of Neuchatel, we are interested in two directions:

How to protect existing cloud applications using trusted execution?

  • We investigate how legacy C/C++ applications can be partitioned automatically to execute as part of secure enclaves. Based on a combination of static and dynamic analysis, we automatically partition applications at the source-code level to make them compatible with trusted execution.
  • We explore how to execute existing Linux applications as part of secure enclaves using a secure container abstraction. The work on SCONE shows that it is possible to execute cloud-based micro-services in enclaves with low performance overhead.
  • We examine how existing cloud-based micro-services can be protected using secure enclaves. The work on SecureKeeper demonstrates how to protect a ZooKeeper deployment using trusted execution.

How to design future cloud applications with trusted execution support?

  • We carry out research work into approaches that use secure enclaves to increase the accountability of future cloud services.
  • We investigate how unikernels can be used to construct future secure cloud services that are protected by trusted execution.
  • We are interested in novel attacks that are specific to a trusted execution model. The work on AsyncShock illustrates how an attacker can subvert the OS scheduler to exploit data races within enclave code.
Funder
European Commission
Categories
Team
Dan O'Keeffe (Royal Holloway University, UK)
Florian Kelbert (Elastic, UK)
Pierre-Louis Aublin (Keio University, Japan)

Related Publications

Troxy: Transparent Access to Byzantine Fault-Tolerant Systems, Li, Bijun, Weichbrodt Nico, Behl Johannes, Aublin Pierre-Louis, Distler Tobias, and Kapitza Ruediger , 48th International Conference on Dependable Systems and Networks (DSN), 06/2018, Luxembourg, Luxembourg, (2018)  (388.77 KB)
EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution, Goltzsche, David, Ruesch Signe, Nieke Manuel, Vaucher Sebastien, Weichbrodt Nico, Schiavoni Valerio, Aublin Pierre-Louis, Costa Paolo, Fetzer Christof, Felber Pascal, et al. , 48th International Conference on Dependable Systems and Networks (DSN), 06/2018, Luxembourg, Luxembourg, (2018)  (568.71 KB)
Glamdring: Automatic Application Partitioning for Intel SGX, Lind, Joshua, Priebe Christian, Muthukumaran Divya, O'Keeffe Dan, Aublin Pierre-Louis, Kelbert Florian, Reiher Tobias, Goltzsche David, Eyers David, Kapitza Ruediger, et al. , 2017 USENIX Annual Technical Conference (ATC), 07/2017, Santa Clara, CA, USA, (2017)  (982.27 KB)
TrustJS: Trusted Client-side Execution of JavaScript, Goltzsche, David, Wulf Colin, Muthukumaran Divya, Rieck Konrad, Pietzuch Peter, and Kapitza Rüdiger , 10th European Workshop on Systems Security (EuroSec), 04/2017, Belgrade, Serbia, (2017)  (167.53 KB)
SecureKeeper: Confidential ZooKeeper using Intel SGX, Brenner, Stefan, Wulf Colin, Lorenz Matthias, Weichbrodt Nico, Goltzsche David, Fetzer Christof, Pietzuch Peter, and Kapitza Rüdiger , ACM/IFIP/USENIX International Conference on Middleware (Middleware), 12/2016, Trento, Italy, (2016)  (547.99 KB)
SCONE: Secure Linux Containers with Intel SGX, Arnautov, Sergei, Trach Bohdan, Gregor Franz, Knauth Thomas, Martin Andre, Priebe Christian, Lind Joshua, Muthukumaran Divya, O'Keeffe Daniel, Stillwell Mark L., et al. , 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 11/2016, Savannah, GA, USA, (2016)  (375.43 KB)
AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves, Weichbrodt, Nico, Kurmus Anil, Pietzuch Peter, and Kapitza Rüdiger , 21st European Symposium on Research in Computer Security (ESORICS), 10/2016, Heraklion, Greece, (2016)  (510.38 KB)