Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
    • During your Studies
      • Freshmen-Hub
      • Term Dates
      • Information for Freshman
      • Practical Information
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
      • Team Teaching and Media Education
    • Contact
      • Student Advice Centre
      • Academic Advice Service
      • Admissions Office
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence
      • Research Projects
      • Research Centres
    • Early Stage Researchers
      • Promotion of early career scientists
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • Doctorate (PhD)
      • Refugee Students
      • Welcome Programme
      • TU Braunschweig Summer School
    • Scientists
      • Mobile Researchers at the TU Braunschweig
      • Research Services and European Office
    • Language and intercultural competence training
      • Learning German
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperation
    • International House
      • Information for first semester students
      • Contact
      • News and Events
      • Advisory Services
      • Location
      • About us
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Knowledge and Technology Transfer
      • Entrepreneurship
    • General Public
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Communications and Press Service
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Presidency
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Fakultät für Elektrotechnik, Informationstechnik, Physik
      • Faculty of Humanities and Studies in Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • International House
      • Sports Centre
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • Campus map
    • CloudStorage
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Self-Service
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • IBR Twitter
    • IBR YouTube
    • Facebook
    • Twitter
    • Instagram
    • YouTube
    • LinkedIn
Menu
  • Technische Universität Braunschweig
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute of Operating Systems and Computer Networks
Logo IBR
IBR Login
  • Institute of Operating Systems and Computer Networks
    • News
    • About us
      • Whole Team
      • Directions
      • Floor Plan
      • Projects
      • Publications
      • Software
      • News Archive
    • Connected and Mobile Systems
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
      • Software
      • Datasets
    • Distributed Systems
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
      • Software
    • Algorithms
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
    • Microprocessor Lab
    • Education
      • Winter 2022/2023
      • Summer 2022
      • Winter 2021/2022
      • Theses
    • Services
      • Library
      • Mailinglists
      • Webmail
      • Knowledge Base
      • Wiki
      • Account Management
    • Spin-Offs
      • Docoloc
      • AIPARK
      • Confidential Technologies
    • Research Cooperations
      • IST.hub

SERECA logo
Secure Enclaves for REactive Cloud Applications (SERECA)

Cloud security is of immediate concern to organisations that must comply with strict confidentiality and integrity policies. More broadly, security has emerged as a commercial imperative for cloud computing across a wide range of markets. The lack of adequate security guarantees is becoming the primary barrier to the broad adoption of cloud computing. The Secure Enclaves for REactive Cloud Applications (SERECA) project aims to remove technical impediments to secure cloud computing, and thereby encourage greater uptake of cost-effective and innovative cloud solutions in Europe. It proposes to develop secure enclaves, a new technique that exploits secure commodity CPU hardware for cloud deployments, empowering applications to ensure their own security without relying on public cloud operators. Secure enclaves additionally support regulatory-compliant data localisation by allowing applications to securely span multiple cloud data centres.

Although secure enclaves are a general mechanism, SERECA focuses on a particularly important and rapidly growing class of applications: reactive applications for the Internet of Things (IoT), Cyber-Physical Systems (CPS), augmented reality, gaming, computer-mediated social interaction, and the like. These applications are highly interactive, data intensive, and distributed, often involving extremely sensitive societal and personal information.

SERECA is validating its results through the development of two innovative and challenging industry-led use cases. One concerns the monitoring of a civil water supply network, a critical infrastructure targeted by malicious attacks. The other concerns a commercial software-as-a-service (SaaS) application for analysing the performance of cloud-deployed applications. Such a service collects sensitive performance metrics about live usage, assets that must be protected from industrial espionage and other criminal activities.

SERECA aims to remove technical impediments to secure cloud computing, and thereby encourage greater uptake of cost-effective and innovative cloud solutions in Europe. It proposes to develop a secure environment for reactive cloud application using the new Intel's CPU extension: Software Guard eXtension (SGX). SERECA will allow the execution of sensitive code on Cloud platforms, without the need of trusting the public cloud operators. Furthermore, SERECA will support regulatory-compliant data localisation by allowing applications to securely span multiple cloud data centers.

SERECA architecture

Available source code

  • Secure ZooKeeper using Intel SGX

Project partners

  • Technische Universität Dresden
  • Technische Universität Braunschweig
  • Imperial College London
  • Cloud&Heat Technologies
  • Epsilon S.r.l.
  • Red Hat
  • jClarity
  • E.I.P.L.I.

Project members at IBR

Photo
Prof. Dr. Rüdiger Kapitza
Abteilungsleiter
rrkapitz[[at]]ibr.cs.tu-bs.de
+49 531 3913294
Room 114
Photo
Signe Rüsch
Wissenschaftliche Mitarbeiterin
ruesch[[at]]ibr.cs.tu-bs.de
+49 531 3913265
Room 116
Photo
Colin Wulf
Ex-Hiwi
Photo
Dr. Stefan Brenner
Ehemaliger Wissenschaftlicher Mitarbeiter
brenner[[at]]ibr.cs.tu-bs.de
Photo
Dr. David Goltzsche
Ehemaliger Wissenschaftlicher Mitarbeiter
goltzsche[[at]]ibr.cs.tu-bs.de
Photo
Nico Weichbrodt
Externer Doktorand
weichbrodt[[at]]ibr.cs.tu-bs.de

Publications

  • Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens and Raoul Strackx: Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution, in 26th USENIX Security Symposium (USENIX Security 17), USENIX Association, 2017 (bulck17usenixsecurity, BibTeX)
  • Stefan Brenner, Tobias Hundt, Giovanni Mazzeo and Rüdiger Kapitza: Secure Cloud Micro Services using Intel SGX, in Proceedings of the 17th International IFIP Conference on Distributed Applications and Interoperable Systems, Neuchatel, Switzerland, Springer, 2017 (dais17vertxbridge, BibTeX)
  • Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, Christof Fetzer and Peter Pietzuch: Glamdring: Automatic Application Partitioning for Intel SGX, in 2017 USENIX Annual Technical Conference (USENIX ATC 17), Santa Clara, CA, USENIX Association, 2017 (lind2017glamdring, BibTeX)
  • Stefan Brenner, David Goltzsche and Rüdiger Kapitza: TrApps: Secure Compartments in the Evil Cloud, in XDOM0'17: Workshop on Security and Dependability of Multi-Domain Infrastructures, 2017 (xdom017trapps, BibTeX)
  • Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, André Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch and Christof Fetzer: SCONE: Secure Linux Containers with Intel SGX, in 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Savannah, GA, USA, USENIX, January 2016 (arnautov2016scone, BibTeX, Slides)
  • Stefan Brenner, Colin Wulf, Matthias Lorenz, Nico Weichbrodt, David Goltzsche, Christof Fetzer, Peter Pietzuch and Rüdiger Kapitza: SecureKeeper: Confidential ZooKeeper using Intel SGX, in Middleware'16: 17th International Middleware Conference Proceedings, ACM, 2016 (mw16seckeeper, BibTeX)
  • Nico Weichbrodt, Anil Kurmus, Peter Pietzuch and Rüdiger Kapitza: AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves, in Proceedings of the 21st European Symposium on Research in Computer Security (ESORICS 2016), 2016 (weichbr16esorics, BibTeX)

Student Theses

TitleTypeSupervisorStatus
Fast Inter-Enclave Communication with Intel SGX, ...Master ThesisNico Weichbrodtexamined
Porting a minimal Java Runtime Environment to an Intel SGX Platform, ...Master ThesisNico Weichbrodtexamined
Design and implementation of trusted applications applying the ARM TrustZone hardware extensionsMaster ThesisDr. Stefan Brennerfinished
Sichere Ausführung von Vert.X Mikro-ServicesBachelor ThesisDr. Stefan Brennerfinished

If you are interested in writing a thesis regarding this project, please feel free to contact us.

Links

  • Official project website of SERECA

last changed 2017-06-15, 17:09 (dynamic content) by Dr. David Goltzsche

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
ImprintPrivacyAccessibility