The majority of cloud providers offers users the possibility to deploy Trusted Execution Environments (TEEs) in order to protect their data and processes from high privileged adversaries. This offer is intended to address concerns of users when moving critical tasks into the cloud. However, TEEs only allow to attest the integrity of the environment at launch-time. To also enable the attestation of a TEE's integrity at run-time, we present GuaranTEE. GuaranTEE uses control-flow attestation to ensure the integrity of a service running within a TEE. By additionally placing all components of GuaranTEE in TEEs, we are able to not only detect a compromised target, but are also able to protect ourselves from malicious administrators. We show the practicability of GuaranTEE by providing a detailed performance and security evaluation of our prototype based on Intel SGX in Microsoft Azure. Our evaluation shows that the need to transfer information between TEEs and the additional verification process add considerable overhead. Yet, we are able to reduce this overhead by securely caching collected information and by performing the analysis in parallel to executing the application. In summary, our results show that GuaranTEE is able to provide a practical solution for cloud users focused on protecting the integrity of their data and processes at run-time.
翻译:大部分云源提供商为用户提供了部署信任执行环境的可能性,以保护其数据和流程不受高特权对手的干扰。这项提议旨在解决用户在将关键任务移入云层时所关切的问题。然而,TEE只允许在发射时证明环境的完整性。为了能够在运行时证明TEE的完整性,我们向GuaranoTEE提供控制流量证明,以确保运行在TEE内的服务的完整性。通过将瓜拉TEE的所有组成部分安放在TEE中,我们不仅能够探测出一个受损的目标,而且能够保护自己免受恶意管理员的伤害。我们通过提供基于微软Azure Intel SGX的原型的详细性能和安全评估来显示瓜拉TEE的实用性。我们的评估表明,在TEE和额外核查程序之间传输信息的必要性增加了相当大的管理费用。然而,通过安全地收集信息并同时进行分析,我们不仅能够检测出一个受损的目标,而且能够保护自己不受恶意管理员的伤害。我们的结果显示,通过在运行的云层中保护其实际数据运行的解决方案,能够保护其真实性。