Dorian Burihabwa, P. Felber, H. Mercier, V. Schiavoni
{"title":"SGX- fs:使用Intel SGX加固用户空间中的文件系统","authors":"Dorian Burihabwa, P. Felber, H. Mercier, V. Schiavoni","doi":"10.1109/CloudCom2018.2018.00027","DOIUrl":null,"url":null,"abstract":"File systems have long benefited from hardware acceleration to improve their performance. In order to leverage such hardware capabilities, file systems rely on direct and trusted support from the underlying operating system. However, this assumes that the OS and the associated kernel drivers, which access the accelerators, are trustworthy. The recent introduction of the Intel software guard extensions (SGX) instruction set allows application developers to lift part of these assumptions, in conjunction with the widespread availability of these new extensions in mass-market CPUs. With SGX, programmers can design secure applications under a stronger adversarial model, such as a compromised OS or kernel module. Code executes inside enclaves and is protected from privileged processes, including the OS itself. This paper presents SGX-FS, a new user-space file system that leverages SGX data sealing capabilities for secure in-memory and persistent storage. It combines the FUSE framework with SGX to securely protect user data. In particular, SGX-FS efficiently encrypts and decrypts the application data within the enclaves. We fully implement an open-source SGX-FS prototype and evaluate its performance by means of a representative set of nano-and micro-benchmarks.","PeriodicalId":365939,"journal":{"name":"2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"SGX-FS: Hardening a File System in User-Space with Intel SGX\",\"authors\":\"Dorian Burihabwa, P. Felber, H. Mercier, V. Schiavoni\",\"doi\":\"10.1109/CloudCom2018.2018.00027\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"File systems have long benefited from hardware acceleration to improve their performance. In order to leverage such hardware capabilities, file systems rely on direct and trusted support from the underlying operating system. However, this assumes that the OS and the associated kernel drivers, which access the accelerators, are trustworthy. The recent introduction of the Intel software guard extensions (SGX) instruction set allows application developers to lift part of these assumptions, in conjunction with the widespread availability of these new extensions in mass-market CPUs. With SGX, programmers can design secure applications under a stronger adversarial model, such as a compromised OS or kernel module. Code executes inside enclaves and is protected from privileged processes, including the OS itself. This paper presents SGX-FS, a new user-space file system that leverages SGX data sealing capabilities for secure in-memory and persistent storage. It combines the FUSE framework with SGX to securely protect user data. In particular, SGX-FS efficiently encrypts and decrypts the application data within the enclaves. We fully implement an open-source SGX-FS prototype and evaluate its performance by means of a representative set of nano-and micro-benchmarks.\",\"PeriodicalId\":365939,\"journal\":{\"name\":\"2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)\",\"volume\":\"51 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CloudCom2018.2018.00027\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CloudCom2018.2018.00027","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SGX-FS: Hardening a File System in User-Space with Intel SGX
File systems have long benefited from hardware acceleration to improve their performance. In order to leverage such hardware capabilities, file systems rely on direct and trusted support from the underlying operating system. However, this assumes that the OS and the associated kernel drivers, which access the accelerators, are trustworthy. The recent introduction of the Intel software guard extensions (SGX) instruction set allows application developers to lift part of these assumptions, in conjunction with the widespread availability of these new extensions in mass-market CPUs. With SGX, programmers can design secure applications under a stronger adversarial model, such as a compromised OS or kernel module. Code executes inside enclaves and is protected from privileged processes, including the OS itself. This paper presents SGX-FS, a new user-space file system that leverages SGX data sealing capabilities for secure in-memory and persistent storage. It combines the FUSE framework with SGX to securely protect user data. In particular, SGX-FS efficiently encrypts and decrypts the application data within the enclaves. We fully implement an open-source SGX-FS prototype and evaluate its performance by means of a representative set of nano-and micro-benchmarks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
