One of the main SERECA output is SCONE (available here). This is a platform to build and run secure applications with the help of Intel SGX (Software Guard eXtensions). In a nutshell, the SCONE objective is to run applications such that data is always encrypted, i.e., all data at rest, all data on the wire as well as all data in main memory is encrypted. The most important feature of SCONE is its ease of use. Ensuring the security of SGX through SCONE is simple since applications do not need to be modified.
The research work on SCONE led to the foundation of a company, namely Scontain.
So, what problems can be solved with SCONE?
SCONE provides applications with secrets in a secure fashion. Why is that a problem? Say, you want to run MySQL and you configure MySQL to encrypt its data at rest. To do so, MySQL requires a key to decrypt and encrypt its files. One can store this key in the MySQL configuration file but this configuration file cannot be encrypted since MySQL would need a key to decrypt the file. SCONE helps developers to solve such configuration issues in the following ways:
- Secure Configuration Files. SCONE can transparently decrypt encrypted configuration files. It will give access to the plain text only to a given program, like, MySQL. No source code changes are needed for this to work.
- Secure Environment Variables. SCONE gives applications access to environment variables that are not visible to anybody else - even users with root access or the operating system. Why would I need this? Consider the MySQL example from above. You can pass user passwords via environment variables like MYSQL_ROOT_PASSWORD and MYSQL_PASSWORD to the MySQL. We need to protect these environment variables to prevent unauthorized accesses to the MySQL database.
- Secure Command Line Arguments. Some applications might not use environment variables but command line arguments to pass secrets to the application. SCONE provides a secure way to pass arguments to your application without other privileged parties, like the operating system, being able to see the arguments.
SCONE supports developers and service providers (i.e., companies operating applications accessible via the Internet) to protect the confidentiality and integrity of their applications - even when running in environments that cannot be completely trusted. SCONE's focus is on supporting the development of programs running inside of containers like microservice-based applications as well as cloud-native applications. However, SCONE can protect most programs running on top of Linux.
SCONE supports developers and service providers to ensure end-to-end encryption in the sense that data is always encrypted, i.e., while being transmitted, while being at rest and even while being processed. The latter has only recently become possible with the help of a novel CPU extension by Intel (SGX). To reduce the required computing resources, a service provider can decide what to protect and what not to protect. For example, a service that operates only on encrypted data might not need to be protected with SGX.
SCONE supports strong application-oriented security with a workflow like Docker, i.e., SCONE supports Dockerfiles as well as extended Docker compose files. This simplifies the construction and operation of applications consisting of a set of containers. This fits, in particular, modern cloud-native applications consisting of microservices and each microservice runs either in a standard or a secure container.
The Docker Engine itself is not protected. The Docker Engine, like the operating system, never sees any plain text data. This facilitates that the Docker Engine or the Docker Swarm can be managed by a cloud provider. SCONE helps a service providers to ensure the confidentiality and integrity of the application data while the cloud provider will ensure the availability of the service. For example, with the help of Docker Swarm, failed containers will automatically be restarted on an appropriate host.