The SERECA project provides an infrastructure that protects the integrity and confidentiality of applications running in untrusted cloud environments, even against malicious insiders with super-privileges. This relies on a set of facilities/tools useful to transparently leverage the new ISA extension of Intel's CPU, namely Software Guard eXtension (SGX).
SERECA targets organizations/companies that are willing to migrate to the cloud, but are still unhappy with the security guarantees of current cloud offerings. As an example, the Critical Infrastructure (CI) sector is still reluctant to move IT facilities off-premises to the cloud. In SERECA, we demonstrate that the secure mechanisms provided by the platform fully satisfy the stringent security requirements of a CI (specifically: a water supply network). More in general, the tools provided by SERECA are readily available to a wide class of distributed applications (and in particular, those based on a micro-service architecture) running in a cloud environment, requiring superior security.
SERECA advances the state-of-the-art of cloud technology along two important axes, specifically: confidentiality and integrity. Broadly speaking, SERECA enhances the level of security by reducing the level of trust that a user needs to have in a cloud provider, since it protects applications running on the cloud from malicious insiders, e.g.: a cloud provider employee (or former employee), a contractor, an administrator. This type of attackers are particularly dangerous, since their position provides them a privileged path to violating integrity and confidentiality of data. SERECA also provides protection against privileged software (e.g. the hypervisor), which can also be exploited by attackers to get access to virtual machine data. SERECA infrastructure is capable of protecting sensitive data against these types of attacks, building on hardware extension of new Intel’s CPUs, which allow critical operations to be executed in a protected area of memory – called secure enclave – that is inaccessible even to users with higher privileges.
SERECA enables secure processing of sensitive data in a protected area of memory, which is inaccessible even to users with super-privileges. SERECA secure execution environment (namely: Secure Container) provides applications with a handy tool for handling critical data. Data can be in encrypted form at all times, except when it is under control of the processor for actual usage. The SERECA platform keeps all in memory data encrypted and only the application itself has access to the memory. Keys are kept confidential: only the application can access its keys, neither the root user on the VM nor the root user on the physical machine has access to these keys. Beside protecting data processing, the SERECA secure communication mechanism (called Secure Bus) also performs protection when data travels between the cloud environment and the Internet. Moreover, a Secure Coordination Service is provided in SERECA to run the secured applications on a distributed platform, for better reliability and performance. Finally, SERECA's facilities include also a Partitioning Tool, which enables easy porting of applications including legacy ones and ultimately enable seamless migration to the SERECA platform.
The SERECA project has identified the following exploitable outputs.
RiskBuster pilot application - This application will execute on top of the SERECA platform to monitor in a secure manner multiple assets of a civil water supply network. Many sensors distributed on a dam will provide sensitive data that need to be handled carefully by the application. An initial version of RiskBuster is already available. It shows the communication among the different entities involved (vert.x, intel SGX,…), the dependencies on the underlying SERECA platform, and how data is securely stored in the SERECA platform.
Illuminate pilot application - Illuminate (formerly known as jPDM) is an Application Performance Management (APM) solution which is delivered to clients via Software as a Service (SaaS) by one of the project partner (jClarity JC). A primary goal is to increase the level of security of Illuminate (hosted on cloud providers) by adding in a secure component based on the SERECA cloud platform, which would allow Illuminate to store, retrieve and process sensitive data used in the service. A secondary goal is to allow the Illuminate service to be hosted on multiple cloud providers in a secure manner. The initial prototype will demonstrate how the secure communication among different providers is carried out.
More exploitable outputs might be identified later in the project lifetime, based on an analysis of potential joint exploitation initiatives.