%0 Conference Proceedings
%T Secure Cloud Micro Services Using Intel SGX
%+ Technische Universität Braunschweig = Technical University of Braunschweig [Braunschweig]
%+ Università degli Studi di Napoli “Parthenope” = University of Naples (PARTHENOPE)
%A Brenner, Stefan
%A Hundt, Tobias
%A Mazzeo, Giovanni
%A Kapitza, Rüdiger
%Z Part 5: Making Things Safe (Security)
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 17th IFIP International Conference on Distributed Applications and Interoperable Systems (DAIS)
%C Neuchâtel, Switzerland
%Y Lydia Y. Chen
%Y Hans Reiser
%I Springer International Publishing
%3 Distributed Applications and Interoperable Systems
%V LNCS-10320
%P 177-191
%8 2017-06-19
%D 2017
%R 10.1007/978-3-319-59665-5_13
%K Vert.x
%K SGX
%K Cloud security
%K Micro services
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X The micro service paradigm targets the implementation of large and scalable systems while enabling fine-grained service-level maintainability. Due to their scalability, such architectures are frequently used in cloud environments, which are often subject to privacy and trust issues hindering the deployment of services dealing with sensitive data.In this paper we investigate the integration of trusted execution based on Intel Software Guard Extensions (SGX) into micro service applications. We present our Vert.x Vault, that supports SGX-based trusted execution in Eclipse Vert.x, a renowned tool-kit for writing reactive micro service applications. With our approach, secure micro services can run alongside regular ones, inter-connected via the Vert.x event bus to build large Vert.x applications that can contain multiple trusted components.Maintaining a full-fledged Java Virtual Machine (JVM) inside an SGX enclave is impractical due to its complexity, less secure because of a large Trusted Code Base (TCB), and would suffer from performance penalties due to a high memory footprint. However, as Vert.x is written in Java, for a lean TCB this requires integration of native enclave C/C++ code into Vert.x, for which we propose the usage of Java Native Interface (JNI).Our Vert.x Vault provides the benefits of micro service architectures together with trusted execution to support privacy and data confidentiality for sensitive applications in the cloud at scale. In our evaluation we show the feasibility of our approach, buying a significantly increased level of security for a low performance overhead of only $${\approx }8.7\%$$.
%G English
%Z TC 6
%Z WG 6.1
%2 https://inria.hal.science/hal-01800126/document
%2 https://inria.hal.science/hal-01800126/file/450046_1_En_13_Chapter.pdf
%L hal-01800126
%U https://inria.hal.science/hal-01800126
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC6
%~ IFIP-WG6-1
%~ IFIP-DAIS
%~ IFIP-DISCOTEC
%~ IFIP-LNCS-10320