Hardening cryptographic operations through the use of secure enclaves

With the rising popularity of the cloud, companies lose control of both the hardware and the operating system responsible for hosting their software and data. This means that companies are at risk of losing confidential data when these are utilized in components controlled by a third-party cloud ven...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2021-09, Vol.108, p.102327, Article 102327
Main Authors: Brandão, André, Resende, João S., Martins, Rolando
Format: Article
Language:English
Subjects:
Cloud computing
Cryptography
Hardening
Intel SGX
Key management
Performance assessment
Security
Software
Trust
Trusted execution environment
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the rising popularity of the cloud, companies lose control of both the hardware and the operating system responsible for hosting their software and data. This means that companies are at risk of losing confidential data when these are utilized in components controlled by a third-party cloud vendor. Secure enclaves can help solve this problem by creating a secure environment where code can be executed securely, guaranteeing that no unwanted parties read or modify the data inside this secure environment. While the use of secure enclaves has been focused on small footprints software, such as the implementation of trusted computing base for distributed protocols, we analyze the strengths and shortcoming of current tools in an effort to further expand the applicability of their use. Given the importance of web servers and their inherent greater exposure to attacks, we explore the hardening of Apache web server through the use of secure enclaves. This was accomplished by making the necessary modifications to further protect its private key from both the operating system and hypervisor. We also provide a performance assessment to quantify the overhead associated with the use of secure enclaves, namely, Intel SGX.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2021.102327