SERECA: Hardware-Assisted Cloud Security

In cloud environments, security is a major concern to organisations that must comply with strict confidentiality and integrity policies. Security has emerged as a commercial imperative for cloud computing across a wide range of applications domains. The lack of principled security guarantees therefore becomes the primary barrier to the broad adoption of cloud computing.

In our work, we explore a new technological direction for making cloud environments more secure. Modern CPUs support trusted execution mechanisms such Intel's Software Guard Extensions (SGX) and ARM's TrustZone that permit user applications to execute in untrusted cloud environments, while maintaining the confidentiality and integrity of sensitive data. User applications are protected by secure enclaves, which transparently shield the application code and data from the rest of the system, including higher privileged systems software. Compared to existing cryptographic approaches, trusted execution bears the promise to offer strong security in cloud environments without the performance overhead of data encryption and decryption in software.

An open research challenge is how today's cloud computing stacks and applications should exploit trusted execution mechanisms to improve security. In the SeReCa and SecureCloud research projects, together with our academic collaborators at the Technical University Dresden, the Technical University Braunschweig and the University of Neuchatel, we are interested in two directions:

How to protect existing cloud applications using trusted execution?

  • We investigate how legacy C/C++ applications can be partitioned automatically to execute as part of secure enclaves. Based on a combination of static and dynamic analysis, we automatically partition applications at the source-code level to make them compatible with trusted execution.
  • We explore how to execute existing Linux applications as part of secure enclaves using a secure container abstraction. The work on SCONE shows that it is possible to execute cloud-based micro-services in enclaves with low performance overhead.
  • We examine how existing cloud-based micro-services can be protected using secure enclaves. The work on SecureKeeper demonstrates how to protect a ZooKeeper deployment using trusted execution.

How to design future cloud applications with trusted execution support?

  • We carry out research work into approaches that use secure enclaves to increase the accountability of future cloud services.
  • We investigate how unikernels can be used to construct future secure cloud services that are protected by trusted execution.
  • We are interested in novel attacks that are specific to a trusted execution model. The work on AsyncShock illustrates how an attacker can subvert the OS scheduler to exploit data races within enclave code.
Funder
European Commission
Categories
Cloud ComputingSystems Security
Team
Christian Priebe (Apple, UK)
Dan O'Keeffe (Royal Holloway University, UK)
Divya Muthukumaran (SimplyBusiness, UK)
Florian Kelbert (Elastic, UK)
Joshua Lind (Facebook, US)
Pierre-Louis Aublin (Keio University, Japan)

Related Publications

Troxy: Transparent Access to Byzantine Fault-Tolerant Systems
Bijun Li, Nico Weichbrodt, Johannes Behl, Pierre-Louis Aublin, Tobias Distler, and Ruediger Kapitza
48th International Conference on Dependable Systems and Networks (DSN), 2018
Luxembourg, Luxembourg
EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution
David Goltzsche, Signe Ruesch, Manuel Nieke, Sebastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Costa, Christof Fetzer, Pascal Felber, Peter Pietzuch, and Ruediger Kapitza
48th International Conference on Dependable Systems and Networks (DSN), 2018
Luxembourg, Luxembourg
Glamdring: Automatic Application Partitioning for Intel SGX
Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Ruediger Kapitza, Christof Fetzer, and Peter Pietzuch
2017 USENIX Annual Technical Conference (ATC), 2017
Santa Clara, CA, USA
TrustJS: Trusted Client-side Execution of JavaScript
David Goltzsche, Colin Wulf, Divya Muthukumaran, Konrad Rieck, Peter Pietzuch, and Rüdiger Kapitza
10th European Workshop on Systems Security (EuroSec), 2017
Belgrade, Serbia
SecureKeeper: Confidential ZooKeeper using Intel SGX
Stefan Brenner, Colin Wulf, Matthias Lorenz, Nico Weichbrodt, David Goltzsche, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza
ACM/IFIP/USENIX International Conference on Middleware (Middleware), 2016
Trento, Italy
SCONE: Secure Linux Containers with Intel SGX
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer
12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2016
Savannah, GA, USA
AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves
Nico Weichbrodt, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza
21st European Symposium on Research in Computer Security (ESORICS), 2016
Heraklion, Greece