On Securing Cloud-hosted Cyber-physical Systems Using Trusted Execution Environments

TL;DR

This paper proposes a novel security architecture for cloud-hosted cyber-physical systems using Trusted Execution Environments, specifically Intel SGX, to enhance security and privacy.

Contribution

It introduces a new control architecture leveraging TEEs to address security and privacy challenges in cloud-based CPSs, validated through implementation on Intel SGX.

Findings

TEEs can effectively secure cloud control systems.

Implementation on Intel SGX demonstrates practical viability.

Enhanced security and privacy in cloud CPSs achieved.

Abstract

Recently, cloud control systems have gained increasing attention from the research community as a solution to implement networked cyber-physical systems (CPSs). Such an architecture can reduce deployment and maintenance costs albeit at the expense of additional security and privacy concerns. In this paper, first, we discuss state-of-the-art security solutions for cloud control systems and their limitations. Then, we propose a novel control architecture based on Trusted Execution Environments (TEE). We show that such an approach can potentially address major security and privacy issues for cloud-hosted control systems. Finally, we present an implementation setup based on Intel Software Guard Extensions (SGX) and validate its effectiveness on a testbed system.