Nitriding: A tool kit for building scalable, networked, secure enclaves

TL;DR

Nitriding is a versatile toolkit that enhances the security, performance, and flexibility of enclave applications by building on AWS Nitro Enclaves, enabling secure, high-performance, and adaptable enclave deployments.

Contribution

The paper introduces nitriding, a toolkit that simplifies developing secure, high-performance, and flexible enclave applications, overcoming constraints of existing enclave frameworks.

Findings

Enabling secure enclaves with seamless Internet connectivity.

Demonstrating three diverse enclave applications: Tor bridge, infrastructure verifier, and Chromium browser.

Facilitating rapid prototyping and deployment of production-quality secure systems.

Abstract

Enclave deployments often fail to simultaneously be secure (e.g., resistant to side channel attacks), powerful (i.e., as fast as an off-the-shelf server), and flexible (i.e., unconstrained by development hurdles). In this paper, we present nitriding, an open tool kit that enables the development of enclave applications that satisfy all three properties. We build nitriding on top of the recently-proposed AWS Nitro Enclaves whose architecture prevents side channel attacks by design, making nitriding more secure than comparable frameworks. We abstract away the constrained development model of Nitro Enclaves, making it possible to run unmodified applications inside an enclave that have seamless and secure Internet connectivity, all while making our code user-verifiable. To demonstrate nitriding's flexibility, we design three enclave applications, each a research contribution in its own right: (i) we run a Tor bridge inside an enclave, making it resistant to protocol-level deanonymization attacks; (ii) we built a service for securely revealing infrastructure configuration, empowering users to verify privacy promises like the discarding of IP addresses at the edge; (iii) and we move a Chromium browser into an enclave, thereby isolating its attack surface from the user's system. We find that nitriding enables rapid prototyping and alleviates the deployment of production-quality systems, paving the way toward usable and secure enclaves.