UniGuard: Protecting Unikernels Using Intel SGX

Sfyrakis, Ioannis; Groß, Thomas

doi:10.1109/ic2e.2018.00032

Cited by 10 publications

(2 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, this approach incurs challenges due to the Intel SGX limitations (e.g., larger TCB and database functionality). Another approach is to put the whole key-value storage codes outside of SGX and allow Intel SGX application to load/store encrypted secret data from/to key-value storage [47]. While it ensures the confidentiality of data stored in the untrusted region, it also discloses the database codes to attackers.…”

Section: ) Motivationmentioning

confidence: 99%

Hybridchain: A Novel Architecture for Confidentiality-Preserving and Performant Permissioned Blockchain Using Trusted Execution Environment

Wang

Zhao

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Blockchain is making headlines due to it promises to provide a decentralized, transparent, tamper-resistant, traceable and verifiable historical transaction records that can resist faults of any single node. According to the latest data from State of the Dapps, developers have currently released 3,717 Decentralized Applications (DApps), only three have an average of more than 10,000 daily active users. Most of the real-world DApps exercise little of their potential power. The key reason is that the current permissioned blockchain systems suffer from poor performance and lack of confidentiality. To address this issue, we present Hybridchain, a system that combines blockchain with Trusted Execution Environment (TEE). Hybridchain decouples computation from consensus and adopts hierarchical network to minimize the computational burden and latency of on-chain execution by performing most of the heavyweight computation off-chain. Hybridchain leverages secure communication protocols to enable each participant to share transaction data in a secure way. To mitigate the small enclave memory restriction of TEE, Hybridchain extends the enclave memory that allows blockchain applications running in TEE to securely store transaction records to the whole key-value storage codes placed outside of TEE. Analysis and experiments of sealed-bid auction show that Hybridchain can support confidentiality-preserving along with high performance.

show abstract

Section: ) Motivationmentioning

confidence: 99%

Hybridchain: A Novel Architecture for Confidentiality-Preserving and Performant Permissioned Blockchain Using Trusted Execution Environment

Wang

Zhao

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Essentially, the latter category of studies port an entire unikernel into an enclave to provide lightweight OS support to the application. Contrariwise, Sfyrakis et al [46] propose the adoption of SGX to secure only some computations of a MirageOS unikernel [27]. In this position paper, we lay the foundations for a solution where unikernels -of different or same typology-run tasks of distinct criticality in SGX enclaves.…”

Section: Enhancing Isolation Via Intel Sgxmentioning

confidence: 99%

Isolating Real-Time Safety-Critical Embedded Systems via SGX-Based Lightweight Virtualization

Simone

Mazzeo

2019

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

View full text Add to dashboard Cite

A promising approach for designing critical embedded systems is based on virtualization technologies and multicore platforms. These enable the deployment of both real-time and general-purpose systems with different criticalities in a single host. Integrating virtualization while also meeting the real-time and isolation requirements is non-trivial, and poses significant challenges especially in terms of certification. In recent years, researchers proposed hardware-assisted solutions to face issues coming from virtualization, and recently the use of Operating System (OS) virtualization as a more lightweight approach. Industries are hampered in leveraging this latter type of virtualization despite the clear benefits it introduces, such as reduced overhead, higher scalability, and effortless certification since there is still lack of approaches to address drawbacks. In this position paper, we propose the usage of Intel's CPU security extension, namely SGX, to enable the adoption of enclaves based on unikernel, a flavor of OS-level virtualization, in the context of real-time systems. We present the advantages of leveraging both the SGX isolation and the unikernel features in order to meet the requirements of safety-critical real-time systems and ease the certification process.

show abstract

A survey of Intel SGX and its applications

Zheng

et al. 2020

Front. Comput. Sci.

View full text Add to dashboard Cite

UniGuard: Protecting Unikernels Using Intel SGX

Cited by 10 publications

References 11 publications

Hybridchain: A Novel Architecture for Confidentiality-Preserving and Performant Permissioned Blockchain Using Trusted Execution Environment

Hybridchain: A Novel Architecture for Confidentiality-Preserving and Performant Permissioned Blockchain Using Trusted Execution Environment

Isolating Real-Time Safety-Critical Embedded Systems via SGX-Based Lightweight Virtualization

A survey of Intel SGX and its applications

Contact Info

Product

Resources

About