SGX – enabled OpenStack

The usage of SGX, be it directly in an application or through SGX-based microservices,
requires that the cloud environment adequately supports and exposes the SGX resources.
Therefore, one important asset of the project is the SGX-Enabled OpenStack. This
asset consists of a set of tools, for example: 1) modifications to the OpenStack compute
provisioning service, Nova, to support the Intel versions of KVM that exposes SGX for virtual
machines; 2) Ansible recipes to automatize
the installation of server nodes that support either the SGX-enabled KVM or that rely on
configurations to enable requirements for LXD-based nodes; 3) adaptations of the OpenStack
authorization service, Keystone, to support role-based
access control (RBAC) for the SecureCloud components that manage the configurations and
secrets of SGX applications; 4) agents to integrate SGX related metrics in the OpenStack
Monitoring-as-a-Service component, Monasca. This
asset is of interest for companies that operate a private OpenStack cloud and want to harden
its applications from internal and external attacks and to public cloud providers that want
to offer SGX services to developers to build
novel privacy and security-aware solutions.