Secure Enclaves for REactive Cloud Applications

Deliverables

Design of system support for secure enclaves (initial)

This deliverable will present the initial design of the SERECA cloud platform architecture (T1.1), the basis for provisioning of secure enclaves in clouds (T1.2), as well as confidential data storage for enclaves (T1.3).

First prototypes of the use case applications

This deliverable will be a report on the developed use cases, describing the architectures of the applications and their dependencies on the underlying SERECA cloud platform. It includes results from T4.1 and T4.2.

First project workshop and tutorial

The first SERECA workshop and tutorial will occur no later than M24. This deliverable will contain a summary of the event.

Design and initial implementation of the management of secure, reactive cloud applications (initial)

This deliverable will report on the initial design regarding the management of SERECA applications (T3.1), the design of three reusable services for secure cloud applications (T3.2) and the security-aware application request handling (T3.5).

Application requirements (initial)

This deliverable will identify all technical application requirements to be implemented by the SERECA platform. It will combine the results of T1.1 and also include the results of T2.1 and T3.1, which investigate the requirements regarding the definition of mechanisms for distributed secure enclaves (WP2) and application management support (WP3). The identified requirements will be validated in the context of WP4.

Release of dissemination and communication instruments: initial press release and media kit

This deliverable encompasses initial press releases and a media kit that includes branding, success stories, project factsheet, and press materials.

Design and initial implementation of the management of secure, reactive cloud applications (updated)

This deliverable will include a revised requirements document for secure application management (T3.1), that of the reusable services for secure cloud applications (T3.2) and the security-aware application request handling (T3.5). It will also contain the requirements for the recovery of secure application state (T3.3) and the geo-local deployment policies for secure reactive cloud applications (T3.4). As a result, it describes the initial prototypes of tasks T3.1, T3.2 and T3.5.

Second project workshop and tutorial

The second SERECA workshop and tutorial will happen between M24 and M36. This deliverable will contain a summary of the event.

Rolling report on dissemination, communication, standardization, and exploitation activities (updated)

This is an updated report of D5.3

Application requirements (final)

This deliverable will identify all technical application requirements to be implemented by the SERECA platform. It will combine the results of T1.1 but also include the results of T2.1 and T3.1, which investigate the requirements regarding the definition of mechanisms for distributed secure enclaves (WP2) and application management support (WP3). The identified requirements will be validated in the context of WP4.

Evaluation report

This deliverable will report the results of the evaluation activity performed in T4.3, T4.4, and T4.5.

Design and implementation of operations on distributed secure enclaves (final)

This deliverable will present the final design of the SERECA operation on secure enclaves. This covers the final implementation and evaluation of all components as described in the task descriptions (T2.1–T2.3).

Design and implementation of System Support for secure enclaves (final)

This deliverable will describe the final design of the SERECA cloud platform architecture. This covers the final implementation and evaluation of all components as described in the task descriptions (T1.1–T1.3).

Design and implementation of the management of secure, reactive cloud applications (final)

This deliverable will present the final design and implementations of tasks T3.1–T3.5.

Up and running, constantly updated web site

This deliverable is the first version of the SERECA web site. Over the course of the project, the web site will be kept updated. A newsletter will be issued every six months and will report updates concerning the project status.

Publications

FFQ: A Fast Single-Producer/Multiple-Consumer Concurrent FIFO Queue

Author(s): Sergei Arnautov, Pascal Felber, Christof Fetzer, Bohdan Trach
Published in: 2017 IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2017, Page(s) 907-916, ISBN 978-1-5386-3914-6
Publisher: IEEE
DOI: 10.1109/IPDPS.2017.41

SGXBOUNDS - Memory Safety for Shielded Execution

Author(s): Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, Christof Fetzer
Published in: Proceedings of the Twelfth European Conference on Computer Systems - EuroSys '17, 2017, Page(s) 205-221, ISBN 9781-450349383
Publisher: ACM Press
DOI: 10.1145/3064176.3064192

ShieldBox: Secure Middleboxes using Shielded Execution

Author(s): Bohdan Trach, Alfred Krohmer, Franz Gregor, and Sergei Arnautov, Pramod Bhatotia, Christof Fetzer
Published in: Proceedings of Open Networking Summit North America 2018, 2018
Publisher: SOSR

High Performance Secure Network Appliances

Author(s): Bohdan Trach, Alfred Krohmer, Franz Gregor, and Sergei Arnautov, Pramod Bhatotia , Christof Fetzer
Published in: Proceedings of ACM SOSR 2018 (Symposium on SDN Research), 2018
Publisher: ACM

Glamdring: Automatic application partitioning for Intel SGX

Author(s): Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Ruediger Kapitza, Christof Fetzer, and Peter Pietzuch
Published in: Proceedings of the USENIX ATC 2017, 2017
Publisher: USENIX

TrApps - Secure Compartments in the Evil Cloud

Author(s): Stefan Brenner, David Goltzsche, Rüdiger Kapitza
Published in: Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures - XDOMO'17, 2017, Page(s) 1-6, ISBN 9781-450349376
Publisher: ACM Press
DOI: 10.1145/3071064.3071069

LibSEAL: Revealing Service Integrity Violations Using Trusted Execution

Author(s): Pierre-Louis Aublin, Florian Kelbert, Dan O'Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, Peter Pietzuch
Published in: Proceedings of the 13th European Conference on Computer Systems, 2018
Publisher: EuroSys2017
DOI: 10.1145/3190508.3190547

PESOS: Policy Enhanced Secure Object Store

Author(s): Robert Krahn, Bohdan Trach, Anjo Vahldiek-Oberwagner, Thomas Knauth, Pramod Bhatotia, Christof Fetzer
Published in: Proceedings of the EuroSys 2018, 2018
Publisher: ACM
DOI: 10.1145/3190508.3190518

Secure Cloud Micro Services using Intel SGX

Author(s): Stefan Brenner, Tobias Hundt, Giovanni Mazzeo, Rüdiger Kapitza
Published in: 2017, Page(s) 177-191
Publisher: Springer International Publishing
DOI: 10.1007/978-3-319-59665-5_13

Integrating Reactive Cloud Applications in SERECA

Author(s): Christof Fetzer, Giovanni Mazzeo, John Oliver, Luigi Romano, Martijn Verburg
Published in: Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES '17, 2017, Page(s) 1-8, ISBN 9781-450352574
Publisher: ACM Press
DOI: 10.1145/3098954.3105820

A Secure Cloud-Based SCADA Application: the Use Case of a Water Supply Network

Author(s): Mazzeo, Giovanni; Cerullo, Gianfranco; Papale, Gaetano; Sgaglione, Luigi; Cristaldi, Rosario
Published in: Issue 2, 2016
Publisher: IOS Press
DOI: 10.3233/978-1-61499-674-3-291

Deliverables

Publications

Share this page

Download