Secure cloud micro services using Intel SGX
Brenner S, Hundt T, Mazzeo G, Kapitza R (2017)
Publication Type: Conference contribution
Publication year: 2017
Journal
Publisher: Springer Verlag
Book Volume: 10320 LNCS
Pages Range: 177-191
Conference Proceedings Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Event location: Neuchatel, CHE
ISBN: 9783319596648
DOI: 10.1007/978-3-319-59665-5_13
Abstract
The micro service paradigm targets the implementation of large and scalable systems while enabling fine-grained service-level maintainability. Due to their scalability, such architectures are frequently used in cloud environments, which are often subject to privacy and trust issues hindering the deployment of services dealing with sensitive data. In this paper we investigate the integration of trusted execution based on Intel Software Guard Extensions (SGX) into micro service applications. We present our Vert.x Vault , that supports SGX-based trusted execution in Eclipse Vert.x, a renowned tool-kit for writing reactive micro service applications. With our approach, secure micro services can run alongside regular ones, inter-connected via the Vert.x event bus to build large Vert.x applications that can contain multiple trusted components. Maintaining a full-fledged Java Virtual Machine (JVM) inside an SGX enclave is impractical due to its complexity, less secure because of a large Trusted Code Base (TCB), and would suffer from performance penalties due to a high memory footprint. However, as Vert.x is written in Java, for a lean TCB this requires integration of native enclave C/C++ code into Vert.x, for which we propose the usage of Java Native Interface (JNI). Our Vert.x Vault provides the benefits of micro service architectures together with trusted execution to support privacy and data confidentiality for sensitive applications in the cloud at scale. In our evaluation we show the feasibility of our approach, buying a significantly increased level of security for a low performance overhead of only ≈8.7%.
Authors with CRIS profile
Involved external institutions
Germany (DE)
Italy (IT)How to cite
APA:
Brenner, S., Hundt, T., Mazzeo, G., & Kapitza, R. (2017). Secure cloud micro services using Intel SGX. In Hans P. Reiser, Lydia Y. Chen (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 177-191). Neuchatel, CHE: Springer Verlag.
MLA:
Brenner, Stefan, et al. "Secure cloud micro services using Intel SGX." Proceedings of the 17th IFIP WG 6.1 International Conference on Distributed Applications and Interoperable Systems, DAIS 2017 - Held as Part of the 12th International Federated Conference on Distributed Computing Techniques, DisCoTec 2017, Neuchatel, CHE Ed. Hans P. Reiser, Lydia Y. Chen, Springer Verlag, 2017. 177-191.
BibTeX: Download