Intel’s SGX technology for creating secure enclaves has the potential to guarantee the security of both data and applications hosted on public clouds. However, there are numerous limitations on what can be run inside such enclaves and the investment required to learn how to use the SGX SDK for application developers can be quite steep. In RestAssured, IBM researchers are collaborating with project use case partners (Oxford Computer Consultants and Adaptant) to better understand how real-world applications can be adapted to work with this emerging technology.
As an initial contribution to the project’s progress, IBM researchers have put together a trust management service and a toolkit which significantly simplifies the development of SGX applications, and optimises their runtime management. The toolkit performs a number of complex SGX operations (remote attestation, sealing, secret passing) on behalf of the application, allowing developers to focus on the business logic important to their organisations.
Remote attestation is the procedure of guaranteeing that an enclave is actually running on white-listed, genuine Intel SGX hardware, and the enclave image binary was not tampered with. It is a distributed process, involving the SGX enclave, a service provider and Intel Attestation Service (IAS) which requires an Intel license. The final step in the attestation procedure is an establishment of a secure channel between all three parties. This channel can be used for the exchange of secrets and authenticated data between the enclave, the services provider and IAS. SGX sealing is a mechanism for encrypting secret information and storing in a file that can only be decrypted by the same enclave on the same machine. IBM trust management framework creates an efficient attestation and secret passing service built on the basic SGX tools, and accompanied by an SDK that allows application developers to easily tap into these services.
Another IBM contribution is an integration of the open-source Opaque project (https://github.com/ucbrise/opaque) with the IBM trust management framework. Opaque is a Spark SQL engine that is able to work with encrypted data in clouds, by leveraging Intel SGX to protect the computation. Users can simply run SQL queries in a Spark shell, or program the queries in the high-level Scala language. There is no need to develop SGX applications in C/C++ with the SGX SDK. However, Opaque has a number of design and implementation limitations, related to attestation and data key passing, that make it nearly impossible to use in RestAssured platform. By integrating with the IBM trust management toolkit, we enabled a highly efficient attestation of Opaque enclaves, flexible data key passing and overall integration into RestAssured platform.