SRX–Secure Data Backup and Recovery for SGX Applications
Intel SGX improves the security of applications by shielding code and data from untrusted software in enclaves. Since enclaves lose their state when closed, that state has to be sealed, i.e., cryptographically protected with a secret key, and stored outside the enclave boundary. In SGX, the used key...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9743462/ |
| _version_ | 1811272768720732160 |
|---|---|
| author | Daniel Andrade Joao Silva Miguel Correia |
| author_facet | Daniel Andrade Joao Silva Miguel Correia |
| author_sort | Daniel Andrade |
| collection | DOAJ |
| description | Intel SGX improves the security of applications by shielding code and data from untrusted software in enclaves. Since enclaves lose their state when closed, that state has to be sealed, i.e., cryptographically protected with a secret key, and stored outside the enclave boundary. In SGX, the used key is bound to both the enclave and the processor that sealed the data, so it is unfeasible for any enclave in another computer to derive the same secret key to unseal such data. This offers security to the data, but also makes it impossible to recover that data if the original computer is damaged or stolen. In order to support backup and recovery of data sealed by enclaves, we propose SRX, a solution for sharing sealed data amongst a restricted set of SGX-enabled computers executing the same enclave code. Enclaves using SRX have access to common keys to seal and unseal enclave data, allowing the sharing of sealed data among the trusted domain. SRX guarantees that these secret keys are never exposed outside the trusted domain. SRX was implemented and evaluated with two applications: a bitcoin wallet and a password manager. |
| first_indexed | 2024-04-12T22:46:17Z |
| format | Article |
| id | doaj.art-aa28c072977b47fd831c622791895279 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-12T22:46:17Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-aa28c072977b47fd831c6227918952792022-12-22T03:13:31ZengIEEEIEEE Access2169-35362022-01-0110359013591810.1109/ACCESS.2022.31624899743462SRX–Secure Data Backup and Recovery for SGX ApplicationsDaniel Andrade0https://orcid.org/0000-0002-1466-3660Joao Silva1https://orcid.org/0000-0002-7969-5487Miguel Correia2https://orcid.org/0000-0001-7873-5531INESC-ID Instituto Superior Técnico, Universidade de Lisboa, Lisbon, PortugalINESC-ID Instituto Superior Técnico, Universidade de Lisboa, Lisbon, PortugalINESC-ID Instituto Superior Técnico, Universidade de Lisboa, Lisbon, PortugalIntel SGX improves the security of applications by shielding code and data from untrusted software in enclaves. Since enclaves lose their state when closed, that state has to be sealed, i.e., cryptographically protected with a secret key, and stored outside the enclave boundary. In SGX, the used key is bound to both the enclave and the processor that sealed the data, so it is unfeasible for any enclave in another computer to derive the same secret key to unseal such data. This offers security to the data, but also makes it impossible to recover that data if the original computer is damaged or stolen. In order to support backup and recovery of data sealed by enclaves, we propose SRX, a solution for sharing sealed data amongst a restricted set of SGX-enabled computers executing the same enclave code. Enclaves using SRX have access to common keys to seal and unseal enclave data, allowing the sharing of sealed data among the trusted domain. SRX guarantees that these secret keys are never exposed outside the trusted domain. SRX was implemented and evaluated with two applications: a bitcoin wallet and a password manager.https://ieeexplore.ieee.org/document/9743462/Intel SGXsealingbackuprecoveryTEE |
| spellingShingle | Daniel Andrade Joao Silva Miguel Correia SRX–Secure Data Backup and Recovery for SGX Applications IEEE Access Intel SGX sealing backup recovery TEE |
| title | SRX–Secure Data Backup and Recovery for SGX Applications |
| title_full | SRX–Secure Data Backup and Recovery for SGX Applications |
| title_fullStr | SRX–Secure Data Backup and Recovery for SGX Applications |
| title_full_unstemmed | SRX–Secure Data Backup and Recovery for SGX Applications |
| title_short | SRX–Secure Data Backup and Recovery for SGX Applications |
| title_sort | srx x2013 secure data backup and recovery for sgx applications |
| topic | Intel SGX sealing backup recovery TEE |
| url | https://ieeexplore.ieee.org/document/9743462/ |
| work_keys_str_mv | AT danielandrade srxx2013securedatabackupandrecoveryforsgxapplications AT joaosilva srxx2013securedatabackupandrecoveryforsgxapplications AT miguelcorreia srxx2013securedatabackupandrecoveryforsgxapplications |