ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud

TL;DR

ReplicaTEE enables dynamic provisioning and decommissioning of SGX enclaves in the cloud, enhancing elasticity and security for TEE-based applications without significant performance overhead.

Contribution

It introduces a novel SGX-based provisioning layer that securely manages enclave replication and lifecycle without application owner intervention.

Findings

Secure against powerful adversaries with cloud infrastructure compromise

Moderate increase in Trusted Computing Base (~800 LoC)

No significant performance overhead in real cloud environment

Abstract

With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). Although the integration of SGX within the cloud considerably strengthens the threat model for cloud applications, the current model to deploy and provision enclaves prevents the cloud operator from adding or removing enclaves dynamically - thus preventing elasticity for TEE-based applications in the cloud. In this paper, we propose ReplicaTEE, a solution that enables seamless provisioning and decommissioning of TEE-based applications in the cloud. ReplicaTEE leverages an SGX-based provisioning layer that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the application owner. Namely, in ReplicaTEE, the application owner entrusts application secret to the provisioning layer; the latter handles all enclave commissioning and de-commissioning operations throughout the application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ~800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based applications.