GuaranTEE: Introducing Control-Flow Attestation for Trusted Execution Environments

by   Mathias Morbitzer, et al.

The majority of cloud providers offers users the possibility to deploy Trusted Execution Environments (TEEs) in order to protect their data and processes from high privileged adversaries. This offer is intended to address concerns of users when moving critical tasks into the cloud. However, TEEs only allow to attest the integrity of the environment at launch-time. To also enable the attestation of a TEE's integrity at run-time, we present GuaranTEE. GuaranTEE uses control-flow attestation to ensure the integrity of a service running within a TEE. By additionally placing all components of GuaranTEE in TEEs, we are able to not only detect a compromised target, but are also able to protect ourselves from malicious administrators. We show the practicability of GuaranTEE by providing a detailed performance and security evaluation of our prototype based on Intel SGX in Microsoft Azure. Our evaluation shows that the need to transfer information between TEEs and the additional verification process add considerable overhead. Yet, we are able to reduce this overhead by securely caching collected information and by performing the analysis in parallel to executing the application. In summary, our results show that GuaranTEE is able to provide a practical solution for cloud users focused on protecting the integrity of their data and processes at run-time.


page 1

page 2

page 3

page 4


Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Data hosted in a cloud environment can be subject to attacks from a high...

Practical Verification of MapReduce Computation Integrity via Partial Re-execution

Big data processing is often outsourced to powerful, but untrusted cloud...

Autonomous Membership Service for Enclave Applications

Trusted Execution Environment, or enclave, promises to protect data conf...

ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud

With the proliferation of Trusted Execution Environments (TEEs) such as ...

SGX-MR-Prot: Efficient and Developer-Friendly Access-Pattern Protection in Trusted Execution Environments

Trusted Execution Environments, such as Intel SGX, use hardware supports...

n-m-Variant Systems: Adversarial-Resistant Software Rejuvenation for Cloud-Based Web Applications

Web servers are a popular target for adversaries as they are publicly ac...

ISA-Based Trusted Network Functions And Server Applications In The Untrusted Cloud

Nowadays, enterprises widely deploy Network Functions (NFs) and server a...

Please sign up or login with your details

Forgot password? Click here to reset