The SERECA project aims to substantially improve the state-of-the-art in cloud security for interactive, latency-sensitive applications by seamlessly integrating the new security features provided by Intel CPUs - namely: Intel Software Guard Extensions (SGX) - in a standard cloud stack.
Virtually all service providers who cannot trust their cloud provider not to tamper with their applications. Traditionally, to trust a service (implemented via an application) the complete system stack has to be trusted, i.e., the hypervisor, the operating system of the host system, the operating system of the VM and all users with root access to these components. The SERECA platform only implies the trust of the application itself and its libraries: the SERECA platform provides application-oriented security. SERECA itself is part of the libraries linked to the application.
Using the new security features provided by recent CPUs requires massive effort on the developer’s side. SERECA makes CPU extensions readily available via the APIs of a flexible software framework, namely Vertx. By doing so, SERECA ultimately enables application developers who are not security experts to take full advantage of hardware-based security features at no extra cost.
End users will be protected from insider (e.g. the cloud provider or the system administrator) attacks.