LibSEAL

Aublin, Pierre-Louis; Kelbert, Florian; O'Keeffe, Dan; Muthukumaran, Divya; Priebe, Christian; Lind, Joshua; Krahn, Robert; Fetzer, Christof; Eyers, David; Pietzuch, Peter

doi:10.1145/3190508.3190547

Cited by 20 publications

(13 citation statements)

References 39 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to protect the confidentiality and authenticity of objects stored in the KVS, a microservice was added in front of our REST API. We refer to it as the TLS interceptor which is based on TaLoS [14], our library for building applications that support TLS connection termination inside enclaves. This interception service has the role of intermediating the connection between applications and storage components, handling the HTTPS requests inside the enclaves and encrypting the data that is written to the KVS.…”

Section: Secure Kvsmentioning

confidence: 99%

Secure end-to-end processing of smart metering data

et al. 2019

Self Cite

View full text Add to dashboard Cite

Cloud computing considerably reduces the costs of deploying applications through on-demand, automated and fine-granular allocation of resources. Even in private settings, cloud computing platforms enable agile and self-service management, which means that physical resources are shared more efficiently. Cloud computing considerably reduces the costs of deploying applications through on-demand, automated and fine-granular allocation of resources. Even in private settings, cloud computing platforms enable agile and self-service management, which means that physical resources are shared more efficiently. Nevertheless, using shared infrastructures also creates more opportunities for attacks and data breaches. In this paper, we describe the SecureCloud approach. The SecureCloud project aims to enable confidentiality and integrity of data and applications running in potentially untrusted cloud environments. The project leverages technologies such as Intel SGX, OpenStack and Kubernetes to provide a cloud platform that supports secure applications. In addition, the project provides tools that help generating cloud-native, secure applications and services that can be deployed on potentially untrusted clouds. The results have been validated in a real-world smart grid scenario to enable a data workflow that is protected end-to-end: from the collection of data to the generation of high-level information such as fraud alerts.

show abstract

Section: Secure Kvsmentioning

confidence: 99%

Secure end-to-end processing of smart metering data

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…The novelty of our work is as follows: 1 we consider mutually distrustful entities (HO, DO, AO) with conflicting interests in the cloud, 2 we differentiate the private algorithms and the private data, 3 we show the bad practices on use of TEE in the cloud, 4 we create a taxonomy for secure execution of private algorithms in untrusted remote environments, 5 we provide practical insights to enclave development, 6 we perform a security analysis on existing dynamic code loaders with interpreter enclaves, and 7 we evaluate our execution model in three adversarial settings in the cloud.…”

Section: Related Workmentioning

confidence: 99%

“…The Horizon2020 funded research projects under SERECA 3 focus on a number of goals to build secure enclaves. These goals include application partitioning [36], trusted architectures for web services [8,33], container architecture [3] and library support for unmodified applications (SGX-LKL 4 ), better integrity [5] and isolation [7], and enclave memory safety [35] in the cloud.…”

Section: Research Directionmentioning

confidence: 99%

“…European Commission funded several projects on TEE research under SecureCloud (TRUSTEE) 5 . The main direction of TRUSTEE projects is dependability in the cloud.…”

Section: Research Directionmentioning

confidence: 99%

“…The key point is that neither the DO nor the enclave can change the execution after this stage. 5 The result of the computation is returned to the DO.…”

Section: Sce-aq In Practicementioning

confidence: 99%

See 2 more Smart Citations

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Küçük

Grawrock²,

Martin

2019

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Many applications are built upon private algorithms, and executing them in untrusted, remote environments poses confidentiality issues. To some extent, these problems can be addressed by ensuring the use of secure hardware in the execution environment; however, an insecure software-stack can only provide limited algorithm secrecy. This paper aims to address this problem, by exploring the components of the Trusted Computing Base (TCB) in hardware-supported enclaves. First, we provide a taxonomy and give an extensive understanding of trade-offs during secure enclave development. Next, we present a case study on existing secret-code execution frameworks; which have bad TCB design due to processing secrets with commodity software in enclaves. This increased attack surface introduces additional footprints on memory that breaks the confidentiality guarantees; as a result, the private algorithms are leaked. Finally, we propose an alternative approach for remote secret-code execution of private algorithms. Our solution removes the potentially untrusted commodity software from the TCB and provides a minimal loader for secret-code execution. Based on our new enclave development paradigm, we demonstrate three industrial templates for cloud applications: 1 computational power as a service, 2 algorithm querying as a service, and 3 data querying as a service.

show abstract