Overview of projects, research results, and other outputs related to SecureCloud

Research projects

SERECA Horizon 2020 ; Mar 2015 – Feb 2018 secure (confidentiality, integrity) processing in untrusted clouds; integration of Intel SGX with Eclipse Vert.x usage of muslsgx and MySQL-SGX from SERECA in SecureCloud https://www.serecaproject.eu
SafeCloud Horizon2020 ; Sep 2015 – Aug 2018 The project develops a new secure architecture for cloud infrastructures that enables the partitioning of transmission, storage and processing of data into different domains. This way, sensitive data should be protected by design. SafeCloud complements SecureCloud as it focuses on partitioned cloud architectures, with an emphasis on storage aspects. Since one partner (UNE) is also engaged in SafeCloud, we expect to have a close exchange of research results, particularly on the storage side.; seems to rely on cryptography but not a TEEE http://www.safecloud-project.eu/
KONFIDO Horizon2020 ; Nov 2016 – Okt 2019 KONFIDO – Secure and Trusted Paradigm for Interoperable eHealth Services could be one use case for the SecureCloud platform http://www.konfido-project.eu
EU-BRA BigSea Jan 2016-Dec 2017 development of a cloud platform for big data processing mentions security and privacy as goals; rather vague descriptions regarding specific security and privacy requirements and solutions http://www.eubra-bigsea.eu/
COMPACT May 2017- Oct 2019 COmpetitive Methods to protect local Public Administration from Cyber security Threats not much useful Information about the project is available yet


Scientific publications

SCONE: Secure linux containers with Intel SGX OSDI’16 Framework for executing whole (recompiled) apps in enclaves SCONE is used by SecureCloud usenix.org
Shielding applications from an untrusted cloud with haven OSDI’14 Library Windows OS that allows the execution of legacy applications inside SGX enclaves Introduced the concept of shielded execution employed by SCONE usenix.org
FFQ: A Fast Single-Producer/Multiple-Consumer Concurrent FIFO Queue IPDPS’17 A fast special purpose FIFO-queue Describes the queue used in SCONE se.inf.tu-dresden.de
Secure Tera-scale Data Crunching with a Small TCB DSN’17 State-of-the-art approach to store terabytes of data with integrity protection and efficient access Efficient large-scale storage is of importance for Big Data computation www.di.fc.ul.pt
Secure Content-Based Routing Using Intel Software Guard Extensions Middleware’16 Pub/sub engine with filtering step inside SGX enclaves Secure many to many communication arxiv.org
GenPack: A generational scheduler for cloud data centers IC2E’17 Scheduling mechanism based on runtime monitoring of containers Resource management hal.inria.fr
A lightweight MapReduce framework for secure processing with SGX WACC@CCGRID’17 MapReduce computation with small TCB Secure batch processing for little data arxiv.org
SecureStreams: A Reactive Middleware Framework for Secure Data Stream Processing DEBS’17 Reactive Lua pipelines that do data crunching inside SGX enclaves Secure stream processing TBA
VC3: Trustworthy Data Analytics in the Cloud Using SGX SP’15 MapReduce framework using SGX to protect integrity and privacy of data in the cloud different approach to protect map/reduce ieee-security.org
Security and Privacy Preserving Data Aggregation in Cloud Computing SAC’17 privacy preserving smart metering using Intel SGX
Secure and Scalable Key Value Storage for Managing Big Data in Smart Cities using Intel SGX SmartCloud’18 Usage of Intel SGX in a key-value store to manage big data applications for smart sensors data collected in Brazil KVS is developed in SecureCloud, smart-metering data processing is a use-case in SecureCloud ieeexplore.ieee.org


White Papers

Innovative Technology for CPU Based Attestation and Sealing 08.2013 Describes the components allowing provisioning secrets to SGX enclaves Technology used by SecureCloud https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing
The Intel SGX Memory Encryption Engine 02.2016 Details about the hardware implemented memory encryption of SGX Technology used by SecureCloud https://software.intel.com/en-us/blogs/2016/02/26/memory-encryption-an-intel-sgx-underpinning-technology
Intel SGX: EPID Provisioning and Attestation Services 03.2016 Details about key derivation, group signature scheme and infrastructure used in attestation Technology used by SecureCloud https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services
Self-Defending Key Management Service with IntelĀ® Software Guard Extensions Spring 2017 Description of the Frotranix Runtime Encryption Capsule – a competitor to SCONE https://software.intel.com/sites/default/files/managed/72/aa/fortanix_v9.pdf
Innovative Instructions and Software Model for Isolated Execution 08.2013 Introduction of SGX Technology used by SecureCloud https://software.intel.com/en-us/articles/innovative-instructions-and-software-model-for-isolated-execution


Products & Services

Self-Defending Key Management Service of Fortanix Product using Fortanix Runtime Encryption Capsule https://www.fortanix.com/products/sdkms/
OpenStack Swift Object Store One of the most popular object storage systems of open source, self-hosted cloud platforms An alternative data storage platform service Swift offers both erasure coding and replication as forms of fault tolerance, but there’s no way to combine these. It is also not possible to encrypt/decrypt data inside an SGX enclave for enhanced security.


Cloud Providers (not) offering SGX

Cloud Provider State Source As of
Amazon AWS Skylake CPUs available, but not equipped with SGX Amazon Web Services & Intel Feb’19
Rackspace OnMetal No Skylake CPUs on current v2 Hardware https://www.rackspace.com/en-gb/dedicated-servers Feb’19
Google Cloud Engine No Skylake CPUs available to user, but company is publicizing its work on tools to ease adoption of SGX. https://cloud.google.com/blog/products/gcp/introducing-asylo-an-open-source-framework-for-confidential-computing Feb’19
Microsoft Azure VMs and services that offer/use Intel SGX on beta. Some SecureCloud systems have been used in this environment. The company is also publicizing tools to help the development of SGX applications. https://azure.microsoft.com/en-us/solutions/confidential-compute/ https://github.com/Microsoft/openenclave Feb’19
IBM Cloud Skylake CPUs available, but no SGX-based services, some SecureCloud services tried in the platform https://www.ibm.com/cloud/bare-metal-servers Feb’19
Alibaba Cloud Skylake CPUs available, but not SGX-based services https://www.alibabacloud.com/help/faq-detail/89859.htm Feb’19
OVH Cloud Skylake CPUs available, but no SGX-based services. https://us.ovhcloud.com/products/servers/infrastructure-servers#plans Feb’19