TU BRAUNSCHWEIG
| Carl-Friedrich-Gauß-Fakultät | Informatik
Informatikzentrum


Secure Enclaves for REactive Cloud Applications (SERECA)

Cloud security is of immediate concern to organisations that must comply with strict confidentiality and integrity policies. More broadly, security has emerged as a commercial imperative for cloud computing across a wide range of markets. The lack of adequate security guarantees is becoming the primary barrier to the broad adoption of cloud computing. The Secure Enclaves for REactive Cloud Applications (SERECA) project aims to remove technical impediments to secure cloud computing, and thereby encourage greater uptake of cost-effective and innovative cloud solutions in Europe. It proposes to develop secure enclaves, a new technique that exploits secure commodity CPU hardware for cloud deployments, empowering applications to ensure their own security without relying on public cloud operators. Secure enclaves additionally support regulatory-compliant data localisation by allowing applications to securely span multiple cloud data centres.

Although secure enclaves are a general mechanism, SERECA focuses on a particularly important and rapidly growing class of applications: reactive applications for the Internet of Things (IoT), Cyber-Physical Systems (CPS), augmented reality, gaming, computer-mediated social interaction, and the like. These applications are highly interactive, data intensive, and distributed, often involving extremely sensitive societal and personal information.

SERECA is validating its results through the development of two innovative and challenging industry-led use cases. One concerns the monitoring of a civil water supply network, a critical infrastructure targeted by malicious attacks. The other concerns a commercial software-as-a-service (SaaS) application for analysing the performance of cloud-deployed applications. Such a service collects sensitive performance metrics about live usage, assets that must be protected from industrial espionage and other criminal activities.

SERECA aims to remove technical impediments to secure cloud computing, and thereby encourage greater uptake of cost-effective and innovative cloud solutions in Europe. It proposes to develop a secure environment for reactive cloud application using the new Intel's CPU extension: Software Guard eXtension (SGX). SERECA will allow the execution of sensitive code on Cloud platforms, without the need of trusting the public cloud operators. Furthermore, SERECA will support regulatory-compliant data localisation by allowing applications to securely span multiple cloud data centers.

SERECA architecture

Available source code

Project partners

Project members at IBR

PhotoProf. Dr. Rüdiger Kapitza
Abteilungsleiter
kapitza[[at]]ibr.cs.tu-bs.de
+49 531 3913294
Raum 135
PhotoStefan Brenner
Wissenschaftlicher Mitarbeiter
brenner[[at]]ibr.cs.tu-bs.de
+49 531 3913285
Raum 112
PhotoDavid Goltzsche
Wissenschaftlicher Mitarbeiter
goltzsche[[at]]ibr.cs.tu-bs.de
+49 531 3913249
Raum 134
PhotoSigne Rüsch
Wissenschaftliche Mitarbeiterin
ruesch[[at]]ibr.cs.tu-bs.de
+49 531 3913265
Raum 116
PhotoNico Weichbrodt
Wissenschaftlicher Mitarbeiter
weichbrodt[[at]]ibr.cs.tu-bs.de
+49 531 3913265
Raum 116
PhotoColin Wulf
Hiwi
Verteilte Systeme
cwulf[[at]]ibr.cs.tu-bs.de

Publications

Student Theses

TitelArtBetreuerStatus
Sichere Kommunikation zwischen SGX-basierten Mikro ServicesBachelorarbeitStefan Brennerlaufend
Design and implementation of trusted applications applying the ARM TrustZone hardware extensionsMasterarbeitStefan Brennerabgeschlossen
Sichere Ausführung von Vert.X Mikro-ServicesBachelorarbeitStefan Brennerabgeschlossen
Schnelle Inter-Enklaven Kommunikation mit Intel SGXMasterarbeitNico Weichbrodtabgeschlossen
Portierung einer minimalen Java Laufzeit-Umgebung auf eine Intel SGX PlattformMasterarbeitNico Weichbrodtabgeschlossen

If you are interested in writing a thesis regarding this project, please feel free to contact us.

Links


aktualisiert am 15.06.2017, 17:09 (dynamischer Inhalt) von David Goltzsche
slidesprintemailtop