TU BRAUNSCHWEIG
| Carl-Friedrich-Gauß-Fakultät | Informatik
Informatikzentrum

Schnelle Inter-Enklaven Kommunikation mit Intel SGX

Bearbeiter(anonym, Login erforderlich)
BetreuerNico Weichbrodt
ProfessorProf. Dr. Rüdiger Kapitza
Projektsereca
IBR GruppeDS (Prof. Kapitza)
ArtMasterarbeit
Statuslaufend

Introduction

With the rise of cloud computing in the last years, a need for secure computing on untrusted hosts has come up. To achieve this, Intel developed Secure Guard Extensions (SGX) [1,2] that allows developers to create secure compartments for their applications, called enclaves. Enclaves are a secure part of applications that can be entered to perform security critical computations while being guarded from an untrusted operating system and attackers by the processor itself. To ease development of enclaves, Intel released a Software Development Kit (SDK) [0].

Problem statement

Enclaves are meant to be small, self-contained units. They can communicate with the untrusted side to pass data which is made easy by using the SDK. However, enclaves cannot communicate directly with each other as they cannot directly access each others memory. There is always an additional jump into the untrusted SDK runtime before entering an enclave and exiting an enclave, so transitioning from one enclave to another involves some overhead.

Task description

In this thesis, multiple ways of direct inter-enclave communication are to be developed and evaluated. The main task is to remove the overhead of the SDK by developing different techniques of inter-enclave communication. There already exist some ideas on how to achieve this, but no implementation work has been done so far.

Prerequisites

  • Basic knowledge of Linux systems as we work with SGX exclusively on Linux
  • Good knowledge of C/C++ as those are used to develop enclaves

Links

[0] https://01.org/intel-softwareguard-extensions
[1] https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx
[2] https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf



aktualisiert am 19.06.2017, 13:07 von Nico Weichbrodt
printemailtop