부산대학교 도서관

Protecting data-in-use from privileged attackers is challenging. New CPU extensions (notably: Intel SGX ) and cryptographic techniques (specifically: Homomorphic Encryption ) can guarantee privacy even in untrusted third-party systems. HE allows sensitive processing on ciphered data. However, it is affected by i) a dramatic ciphertext expansion making HE unusable when bandwidth is narrow, ii) unverifiable conditional variables requiring off-premises support. Intel SGX allows sensitive processing in a secure enclave. Unfortunately, it is i) strictly bonded to the hosting server making SGX unusable when the live migration of cloud VMs/Containers is desirable, ii) limited in terms of usable memory, which is in contrast with resource-consuming data processing. In this article, we propose the VIrtual Secure Enclave (VISE) , an approach that effectively combines the two aforementioned techniques, to overcome their limitations and ultimately make them usable in a typical cloud setup. VISE moves the execution of sensitive HE primitives (e.g., encryption) to the cloud in a remotely attested SGX enclave, and then performs sensitive processing on HE data–outside the enclave–leveraging all the memory resources available. We demonstrate that VISE meets the challenging security and performance requirements of a substantial application in the Industrial Control Systems domain. Our experiments prove the practicability of the proposed solution.