SECURE ENCLAVES FOR REACTIVE CLOUD APPLICATIONS

Project Abstract


The Secure Enclaves for REactive Cloud Applications (SERECA) project aims to remove technical impediments to secure cloud computing, and thereby encourage greater uptake of cost-effective and innovative cloud solutions in Europe. It proposes to develop a secure environment for reactive cloud applications using the new Intel's CPU extension: Software Guard eXtension (SGX). SERECA will allow the execution of sensitive code on Cloud platforms, without the need of trusting the public cloud operators. Furthermore, SERECA will support regulatory-compliant data localisation by allowing applications to securely span multiple cloud data centres. For a brief introduction to the SERECA architecture have a look to our short paper.
SERECA extends secure enclaves, a new hardware mechanism provided by commodity CPUs, to protect cloud deployments, thus empowering applications to ensure their own security without relying on potentially untrusted public cloud operators. The innovations that SERECA provides will help place Europe at the forefront of secure cloud operations. SERECA has validated its results through the development of two innovative and challenging industry led use cases: i) Monitoring a civil water supply network and (ii) a software-as-a-service application to analyse the performance of cloud applications. The project has therefore achieved the following four objectives:
  • Substantially improve the state-of-the-art in cloud security for interactive, latency-sensitive applications by developing innovative and effective mechanisms to enforce data integrity, availability, confidentiality, and localisation based on secure CPU hardware.
  • Seamlessly integrate the new security features into the standard cloud stack and its expected characteristics of scalability, elasticity, and availability so as to encourage easy application migration to the cloud without also compromising application responsiveness nor complicating application management.
  • Convincingly validate and demonstrate the benefits of our approach by applying it to realistic and demanding industrial use cases.

SERECA Final Architecture

A number of components -- enabling the secure execution of microservice applications in untrusted cloud -- were developed during the project lifetime. The organization of such components is reported in the SERECA architecture image.

A typical application is composed by a number of microservices exchanging messages through Secure Vert.X, i.e., an enhanced version of the Vert.X microservice framework developed in the context of SERECA that harden the communication and ensures the security of data-in-transit. Each microservice runs in a dedicated Docker container to facilitate the deployment of the distributed application, which is clustered using SecureKeeper, i.e., a SGX-enabled version of ZooKeeper.

SERECA also ensures the security of data-at-rest. An application, in fact, can store data in-memory (e.g. in MongoDB) or in the disk (e.g. in MySQL) and provide protection through SCONE, i.e., a SGX-enabled container able to transparently ensure SGX security to unmodified applications.

Finally, in SERECA, we are also able to guarantee the security of data-in-use. Microservices can receive data from the Vert.X event bus and forward such data to the SGX enclave through a SGX-JNI bridge, which acts as a glue between the Java and C/C++ worlds. Otherwise - in case requirements of performance are not so stringent - the SGX-LKL library is used, which allows the execution of Java applications on top of Intel SGX.

The technology developed by SERECA has six unique selling points:

  • USP1: SERECA uses Intel’s SGX technology to ensure confidentiality. Sensitive data is kept in memory in an encrypted form and only the application itself has access to the memory. SERECA applications can leverage the SGX technology either in a transparent or non-transparent manner with small changes.
  • USP2: SERECA uses SGX to ensure integrity. The integrity of the application is protected, i.e., only the unmodified original applications can access the data.
  • USP3: SERECA does not require any cloud changes. SERECA leverages SGX-enabled containers to ensure the security of data without requiring changes to the cloud stack itself.
  • USP4: SERECA benefits from a microservice pattern. SERECA takes advantage of a microservice architecture, which fits with the requirement for high performance and reliability.
  • USP5: SERECA ensures ease-of-use. SERECA applications are supported transparently and configured through high-level APIs.
  • USP6: SERECA enforces secure communication between microservices. Communication between microservices is protected using AES encryption and SHA256.

As reported in the image below, some or all of these USPs are part of the four project outputs which are now exploited by the consortium. These are: SCONE, Secure Illuminate, Rhoar, RiskBuster

usp assets graph

Search

Highlighted Events

SERECA co-organized the 2nd Workshop on System Software for Trusted Execution (SysTEX 2017)

Read more ...

SERECA Contributes to Organize the SECPID2017 Conference

Read more ...

SERECA co-organized the 1st Workshop on System Software for Trusted Execution (SysTEX 2016)

Read more ...

Action acronym: SERECA
Action full title: "Secure Enclaves for REactive Cloud Applications"
Objective: ICT-07-2014: Advanced Cloud Infrastructures and Services
Grant agreement no: 645011