Secure Remote Computation using Intel SGX

Übler, David; Götzfried, Johannes; Müller, Tilo

Author:

Abstract

In this paper, we leverage SGX to provide a secure remote computation framework to be used in a cloud scenario. Our framework consists of two parts, a local part running on the user's machine and a remote part which is executed within the provider's environment. Users can connect and authenticate themselves to the remote side, verify the integrity of a newly spawned loading enclave, and deploy confidential code to the provider's machine. While we are not the first using SGX in a cloud scenario, we provide a full implementation considering all practical pitfalls, e.g., we use Intel's Attestation Services to prove the integrity of the loading enclave to our users. We also take care of establishing a secure bidirectional channel between the target enclave and the client running on the user's machine to send code, commands, and data. The performance overhead of CPU-bound applications using our framework is below 10% compared to remote computation without using SGX.

Citation
BibTeX

Übler, D., Götzfried, J. & Müller, T., (2018). Secure Remote Computation using Intel SGX. In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. (S. 209-219).

@inproceedings{mci/Übler2018,
author = {Übler, David AND Götzfried, Johannes AND Müller, Tilo},
title = {Secure Remote Computation using Intel SGX},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 209-219 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}