You are here

Exploiting Intel SGX for trusted services: the case of private web search and middlebox functions

8 May 2018
San Francesco Complex - Piazza San Francesco 19 (Classroom 2)

The introduction of Intel SGX (Software Guard Extensions) into the mass market has sparkled a wave of new systems that allow to run trusted services over untrusted hardware infrastructures. In this talk, I will first briefly introduce the basic mechanisms of Intel SGX. Then, I will present two recent systems where SGX is used for different purposes. X-Search ([1]) offers private web-search guarantees under strong adversarial models while being more resistant to re-identification attacks than state of the-art competitors (e.g. TOR) and outperforming in terms of latency and throughput. EndBox ([2]) is a system that securely executes middlebox functions (e.g. routing, firewalling, bandwidth-shaping, etc.) on client machines at the network edge. Its design combines a virtual private network (VPN) with middlebox functions that are hardware-protected by Intel SGX. [1] Sonia Ben Mokhtar, Antoine Boutet, Pascal Felber, Marcelo Pasin, Rafael Pires and Valerio Schiavoni X-Search: Revisiting Private Web Search using Intel SGX. Proceedings of Middleware 2017 (18th ACM/IFIP/USENIX Middleware). [2] David Goltzsche, Signe Rüsch, Manuel Nieke, Sébastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Costa, Christof Fetzer, Pascal Felber, Peter Pietzuch, Rüdiger Kapitza. EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution To appear in Proceedings of DSN 2018 (48th IEEE/IFIP International Conference on Dependable Systems and Networks).

relatore: 
Valerio Schiavoni, University of Neuchâtel
Units: 
SysMA