Stockade: Hardware Hardening for Distributed Trusted Sandboxes
Joongun Park, Seunghyo Kang, Sanghyeon Lee, Taehoon Kim, Jongse Park,, Youngjin Kwon, Jaehyuk Huh
TL;DR
Stockade introduces hardware extensions to existing TEEs like Intel SGX, enabling secure, distributed sandboxing for multi-party cloud applications with improved protection and communication efficiency.
Contribution
It proposes a novel hardware-supported enclave model, Stockade, with three key techniques to enable distributed sandboxing in TEEs like SGX.
Findings
Supports distributed sandbox applications effectively
Enables hardware-protected memory sharing between enclaves
Requires minimal hardware modifications
Abstract
The widening availability of hardware-based trusted execution environments (TEEs) has been accelerating the adaptation of new applications using TEEs. Recent studies showed that a cloud application consists of multiple distributed software modules provided by mutually distrustful parties. The applications use multiple TEEs (enclaves) communicating through software-encrypted memory channels. Such execution model requires bi-directional protection: protecting the rest of the system from the enclave module with sandboxing and protecting the enclave module from a third-part module and operating systems. However, the current TEE model, such as Intel SGX, cannot efficiently represent such distributed sandbox applications. To overcome the lack of hardware supports for sandboxed TEEs, this paper proposes an extended enclave model called Stockade, which supports distributed sandboxes hardened by…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Cloud Data Security Solutions · Physical Unclonable Functions (PUFs) and Hardware Security