LibSEAL usesthe TaLoS library described abobe to securely log all requests and responses sent to a microservice. It maintains the secure log inside of an SGX enclave, and periodically runs checks over the log to identify violations of service integrity. The details of the design and implementation of LibSEAL has been published in a ACM EuroSys’18 paper. Created by Imperial College London (IMP), LibSEAL is the first example of the use of SGX technology for improving the accountability of Internet services. Accountability is an important requirements, and we have seen initial interest in LibSEAL by multiple companies, including Intel, Microsoft and IBM. We will maintain the LibSEAL software release as open source, and explore further use cases for the LibSEAL implementation.We released publicly on GitHub under the name LibSEAL (https://github.com/lsds/LibSEAL).

SCONE is a platform to build and run secure applications with the help of Intel SGX (Software Guard eXtensions). In a nutshell, our objective is to run applications such that data is always encrypted, i.e., all data at rest, all data on the wire as well as all data in main memory is encrypted. Even the program code can be encrypted. SCONE helps to protect data, computations and code against attackers with root access. The main objective of SCONE is to make it as easy as possible to secure existing application as well as new cloud native applications: switching to SCONE is simple since applications do not need to be modified. SCONE supports the most popular programming languages like JavaScript, Python - including PyPy, Java, Rust, Go, C, and C++ but also some ancient languages like Fortran. Avoiding source code changes helps to ensure that applications can later run on different trusted execution environments. Moreover, there is no risk for hardware lock-in nor software lock-in - even into SCONE. SCONE can be used on top of Kubernetes, Ranger and Docker. We provide a tight integration with Docker Swarm. In case you are already using Docker stack files, we provide a simple way to secure your services and applications. We will provide a similar integration with Kubernetes later in 2018. SCONE scales better than competing solutions since it uses an advanced thread management and a very efficient way how to perform system calls. SCONE has an integrated secrets and configuration management - simplifying the distribution of secrets without application changes by performing an attestation of applications. SCONE will become part of one of the blockchain-based decentralised cloud computing platforms in 2018. State Of The Art: SCONE scales better than competing solutions like Graphene-SGX since it uses an advanced thread management and a very efficient way how to perform system calls. Unlike competing solutions, SCONE has an integrated secrets and configuration management - simplifying the distribution of secrets without application changes by performing an attestation of applications. Unlike competing solutions, SCONE has integrated local attestation and configuration service. SCONE verifies that the correct code is running before passing any configuration info to the application. This service ensures not only the code with the expected signature (MRENCLAVE) is running but also that it runs in the correct environment, i.e. the expected file system state and the correct operating system version was booted before it provides the code with its secrets.

CC is developing a distributed Secure Key-Value Store (KVS) that is integrated with the other components of SecureCloud. As such, Chocolate Cloud will primarily commercialize the KVS as part of the SecureCloud platform. This outputs key differentiators compared to existing distributed key-value stores are security provided by a combination of SGX and coefficient and/or data encryption, and native support for erasure coding, including network coding. The latter makes it possible to efficiently restore data on failed storage nodes. CC’s KVS has been demonstrated in a number of settings and is being tested by various partners in deployments at CloudSigma, TUD and UTFPR. It uses a microservice-based internal architecture and takes advantage of the SecureCloud platform and infrastructure services such as terminating SSL connections securely and the use of SGX-enabled orchestration and monitoring. However, CC has designed the KVS in such a way that it can also be deployed without these services. Particularly, it is possible to deploy it in environments without support for SGX, such as (at the time of writing) Google Cloud Platform, opening up a second avenue for commercialization.
Demo: https://www.youtube.com/channel/UCJhqY1jtWbVZI0X56ymqgug

CC has developed “CodingLib-SGX”, an erasure coding library for Random Linear Network Coding (RLNC) designed specifically for SGX. CC is unaware of other libraries that offer support for RLNC and SGX. CC has tested and evaluated its performance within CloudSigmas and TUDs SGX-compatible infrastructure. “CodingLib-SGX” has a structure and API that is the same as our non-SGX “CodingLib” erasure coding library currently used in our products. This means it can and will be swapped in our code base in any of our ongoing projects based on customer demands.

UniNE’s Secure Content-Based Routing is a message-passing service based on the publish-subscribe paradigm. It exploits trusted execution technology to build a message routing service in a secure enclave. SCBR executes a protocol for securely exchanging cryptographic keys between data producers and consumers, and the routing engine. Both publications and subscriptions are encrypted and signed, thus protecting the system from unauthorized parties observing or tampering with the information. SCBR combines a key exchange protocol and a state-of-the-art routing engine to provide both security and performance while executing under the protection of the secure enclave.

UniNE’s Secure Map Reduce is a proof-of-concept map-reduce implementation specially tailored for small- to medium-footprint batch processing micro-services. It is aimed at providing support for privacy sensitive applications defined by map and reduce routines expressed in Lua, an extension language. Lua is a lightweight and embedded scripting language, which makes it a natural fit for small applications as well as for running inside enclaves. The constraint that disallows system calls from secure enclaves is exploited in favor of security. By putting the language interpreter inside the protected area, besides the given application protection (privacy, integrity and data freshness) we also shield the system from malicious user code that diverts the purpose of defining computation on data (either map or reduce) to attempts of accessing peripherals (e.g., storage or network interface accesses). Our approach does not require any particular knowledge from the programmer of cryptographic mechanisms for implementing the map and reduce functions. Also, preserving privacy and integrity is not dependent in any way on the specific characteristics of the functions, simply taking advantage in this purpose of the standard trusted characteristics of the enclaves. Besides these advantages, our solution is easily maintainable relying on a standard Lua interpreter for code execution.

There are several approaches for processing big data in the cloud. For data analysis that require a global view of the data, Apache Spark, described in a previous section, is the most popular. Nevertheless, some big data processing objectives require only that individual pieces of data are independently processed. One example is the execution of simulations that evaluate the status of the power grid, which is one of the SecureCloud use cases. Other examples include the transformation of data to compute user specific outputs (e.g., recommendations) or to load data into other systems (e.g., ETL). In such cases, the elasticity of the cloud can be fully exploited as the number of machines can be chosen based on cost or automatically adjusted in other to guarantee that the processing will be finished according to the desirable deadlines. If the data processing tasks can be mapped to this model, resources can be much more efficiently managed, in comparison to Spark, reducing costs and improving throughput. This asset consists of a set of tools (available through Docker repositories, e.g., SCONE, CAS), applications templates (which will be available on public Github repositories), and configurations to existing open-source tools (Kubernetes and Asperathos, configurations that will be available on public Github repositories). These tools and configurations that enable users to build applications that can process large amounts of data in a deadline- aware scalable fashion that also supports the confidentialities aspects provided by the SecureCloud project. The asset is open-source. By downloading images and tools from Docker registry and Github, a user can build secure big data processing applications based on Kubernetes Jobs. Nevertheless, to be able to put applications in production, users may need to license other project technologies, such as SCONE and/or the SGX-enabled OpenStack.

UniNE’s Secure Streams is a middleware framework for developing and deploying secure stream processing on untrusted distributed environments. Secure Streams supports the implementation, deployment, and execution of stream processing tasks in distributed settings, from large-scale clusters to multi-tenant cloud infrastructures. It adopts a message-oriented middleware, integrates SSL encryption and enclaved execution of Lua scripts, to deliver end-to-end security guarantees along data stream processing stages. Secure Streams can scale vertically and horizontally by adding or removing processing nodes at any stage of the pipeline, to dynamically adjust according to the workload. The design of Secure Streams is inspired by the dataflow programming paradigm: the developer combines together several independent processing components (mappers, reducers, sinks, shufflers, joiners, etc.) to compose specific processing pipes. Secure Streams components are packaged as regular containers, and are very practical to deploy and manage in combination with other microservices.

Kubernetes is an open-source project to automatically deploy, scale in and out, and manage containerized applications on computer clusters. Maintained by Google,the UniNE’s SGX-aware Kubernetes scheduler is an extension to Kubernetes adding support for orchestrating containers with the knowledge of the enclave technology available in the underlying hardware. It is a vertical implementation of mechanisms in several levels, including modifications in the Linux driver for SGX and a Kubernetes orchestrator plug-in. Standard monitoring layers in Kubernetes are leveraged to accurately collect enclave memory usage in the physical nodes so the orchestration plug-in can implement its policy. The complete system implements can efficiently schedule jobs requiring enclave support, as well as regular jobs, on a heterogeneous cluster. It guarantees that jobs submitted to a given host always fit within its current enclave memory limits. This is of particular relevance to avoid major performance penalties.

The usage of SGX, be it directly in an application or through SGX-based microservices, requires that the cloud environment adequately supports and exposes the SGX resources. Therefore, one important asset of the project is the SGX-Enabled OpenStack. This asset consists of a set of tools, for example: 1) modifications to the OpenStack compute provisioning service, Nova, to support the Intel versions of KVM that exposes SGX for virtual machines; 2) Ansible recipes to automatize the installation of server nodes that support either the SGX-enabled KVM or that rely on configurations to enable requirements for LXD-based nodes; 3) adaptations of the OpenStack authorization service, Keystone, to support role-based access control (RBAC) for the SecureCloud components that manage the configurations and secrets of SGX applications; 4) agents to integrate SGX related metrics in the OpenStack Monitoring-as-a-Service component, Monasca. This asset is of interest for companies that operate a private OpenStack cloud and want to harden its applications from internal and external attacks and to public cloud providers that want to offer SGX services to developers to build novel privacy and security-aware solutions.