SCONE: Secure Linux Containers with Intel SGX
نویسندگان
چکیده
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, and Andre Martin, Technische Universität Dresden; Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, and Mark L Stillwell, Imperial College London; David Goltzsche, Technische Universität Braunschweig; Dave Eyers, University of Otago; Rüdiger Kapitza, Technische Universität Braunschweig; Peter Pietzuch, Imperial College London; Christof Fetzer, Technische Universität Dresden
منابع مشابه
Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture
This manuscript is the second in a two part survey and analysis of the state of the art in secure processor systems, with a specific focus on remote software attestation and software isolation. The first part established the taxonomy and prerequisite concepts relevant to an examination of the state of the art in trusted remote computation: attested software isolation containers (enclaves). This...
متن کاملAnnotated Bibliography on Leveraging Intel SGX to Create a Nondisclosure Cryptographic library
There are three articles from three different Intel’s research groups dated back to 2013 that introduce the Intel SGX extension for the first time in a workshop on hardware and architectural support for security and privacy (HASP). The first paper is written by Frank McKeen. In this paper, F. McKeen et al. introduced the concept of an enclave within an application’s virtual address space and sh...
متن کاملSgx-Lapd: Thwarting Controlled Side Channel Attacks via Enclave Verifiable Page Faults
To make outsourcing computing more practical, Intel recently introduced SGX, a hardware extension that creates secure enclaves for the execution of client applications. With SGX, instruction execution and data access inside an enclave are invisible to the underlying OS, thereby achieving both confidentiality and integrity for outsourced computing. However, since SGX excludes the OS from its tru...
متن کاملGraphene-SGX: A Practical Library OS for Unmodified Applications on SGX
Intel SGX hardware enables applications to protect themselves from potentially-malicious OSes or hypervisors. In cloud computing and other systems, many users and applications could benefit from SGX. Unfortunately, current applications will not work out-of-the-box on SGX. Although previous work has shown that a library OS can execute unmodified applications on SGX, a belief has developed that a...
متن کاملSlick: Secure Middleboxes using Shielded Execution
Cloud computing oers the economies of scale for computational resources with the ease of management, elasticity, and fault tolerance. To take advantage of these benets, many enterprises are contemplating to outsource the middlebox processing services in the cloud. However, middleboxes that process condential and private data cannot be securely deployed in the untrusted environment of the (ed...
متن کامل