Eclipse Vert.x Extensions

 

Various components and modules have been contributed to the Eclipse Vert.x project and its ecosystem. More contributes are planned in the remaining year.

  1. The secure event bus using SSL has been contributed to Vert.x Core and is available in Vert.x 3.2.1+. Documentation is available here

  2. A Zookeeper cluster manager has been developed and is now part of the Vert.x ecosystem. Documentation is available here. This module is in technical preview as many improvements have been planed.

  3. The configuration service and discovery service embedded in the SERECA application framework have been donated as Vert.x components. The documentation is available on respectively here and here.

  4. The circuit breaker implementation and health check support have also been contributed to Vert.x. The health check implementation is based on the Health Check specification proposed in Eclipse MicroProfile, an initiative to optimize Enterprise Java for microservice architectures. The SERECA consortium has been actively involved in the specification reported on GitHub here and here.

SecureKeeper: Confidential ZooKeeper using Intel SGX

 

Cloud computing, while ubiquitous, still suffers from trust issues, especially for applications managing sensitive data. Third-party coordination services such as ZooKeeper and Consul are fundamental building blocks for cloud applications, but are exposed to potentially sensitive application data. Recently, hardware trust mechanisms such as Intel's Software Guard Extensions (SGX) offer Trusted Execution Environment (TEE) to shield application data from untrusted software, including the privileged Operating System (OS) and hypervisors. Such hardware support suggests new options for securing third-party coordination services.

We describe SecureKeeper, an enhanced version of the ZooKeeper coordination service that uses SGX to preserve the confidentiality and basic integrity of ZooKeeper-managed data. SecureKeeper uses multiple small enclaves to ensure that (i) user-provided data in ZooKeeper is always kept encrypted while not residing inside an enclave, and (ii) essential processing steps that demand plaintext access can still be performed securely. SecureKeeper limits the required changes to the ZooKeeper code base and relies on Java's native code support for accessing enclaves. With an overhead of 11%, the performance of SecureKeeper with SGX is comparable to ZooKeeper with secure communication, while providing much stronger security guarantees with a minimal Trusted Computing Base (TCB) of a few thousand lines of code.

Secure Keeper code is available here

More details on Secure Keeper can be found in the related paper (MW '16)

 

sk.gif

 

 

Action acronym: SERECA
Action full title: "Secure Enclaves for REactive Cloud Applications"
Objective: ICT-07-2014: Advanced Cloud Infrastructures and Services
Grant agreement no: 645011