- Substantially improve the state-of-the-art in cloud security for interactive, latency-sensitive applications by developing innovative and effective mechanisms to enforce data integrity, availability, confidentiality, and localisation based on secure CPU hardware.
- Seamlessly integrate the new security features into the standard cloud stack and its expected characteristics of scalability, elasticity, and availability so as to encourage easy application migration to the cloud without also compromising application responsiveness nor complicating application management.
- Convincingly validate and demonstrate the benefits of our approach by applying it to realistic and demanding industrial use cases.
A number of components -- enabling the secure execution of microservice applications in untrusted cloud -- were developed during the project lifetime. The organization of such components is reported in the SERECA architecture image.
A typical application is composed by a number of microservices exchanging messages through Secure Vert.X, i.e., an enhanced version of the Vert.X microservice framework developed in the context of SERECA that harden the communication and ensures the security of data-in-transit. Each microservice runs in a dedicated Docker container to facilitate the deployment of the distributed application, which is clustered using SecureKeeper, i.e., a SGX-enabled version of ZooKeeper.
SERECA also ensures the security of data-at-rest. An application, in fact, can store data in-memory (e.g. in MongoDB) or in the disk (e.g. in MySQL) and provide protection through SCONE, i.e., a SGX-enabled container able to transparently ensure SGX security to unmodified applications.
Finally, in SERECA, we are also able to guarantee the security of data-in-use. Microservices can receive data from the Vert.X event bus and forward such data to the SGX enclave through a SGX-JNI bridge, which acts as a glue between the Java and C/C++ worlds. Otherwise - in case requirements of performance are not so stringent - the SGX-LKL library is used, which allows the execution of Java applications on top of Intel SGX.
The technology developed by SERECA has six unique selling points:
- USP1: SERECA uses Intel’s SGX technology to ensure confidentiality. Sensitive data is kept in memory in an encrypted form and only the application itself has access to the memory. SERECA applications can leverage the SGX technology either in a transparent or non-transparent manner with small changes.
- USP2: SERECA uses SGX to ensure integrity. The integrity of the application is protected, i.e., only the unmodified original applications can access the data.
- USP3: SERECA does not require any cloud changes. SERECA leverages SGX-enabled containers to ensure the security of data without requiring changes to the cloud stack itself.
- USP4: SERECA benefits from a microservice pattern. SERECA takes advantage of a microservice architecture, which fits with the requirement for high performance and reliability.
- USP5: SERECA ensures ease-of-use. SERECA applications are supported transparently and configured through high-level APIs.
- USP6: SERECA enforces secure communication between microservices. Communication between microservices is protected using AES encryption and SHA256.
As reported in the image below, some or all of these USPs are part of the four project outputs which are now exploited by the consortium. These are: SCONE, Secure Illuminate, Rhoar, RiskBuster.