Erlang SGX - Protecting Confidential Erlang Workloads with Intel SGX
Typ
Examensarbete för masterexamen
Program
Publicerad
2020
Författare
Hemdal, Emil
Roxbergh, Eliot
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Secure enclaves, such as Intel sgx, provide a trusted execution environment which
offers integrity and confidentiality guarantees to supported applications. In this thesis,
we show how Erlang can be protected to harden telecommunication workloads
by utilizing hardware-based Intel sgx. First, we demonstrate how an untrusted Erlang
runtime can execute trusted c code inside of sgx via Erlang C Nodes and nifs.
A possible use case is the protection of cryptographic functionality which is demonstrated
with OpenSSL inside of sgx, callable from Erlang. Second, to protect the
Erlang runtime itself, a number of alternatives are explored as to enable execution
of Erlang code inside of the enclave. However, Erlang ships with beam, an advanced
virtual machine, which performs frequent syscalls and io activity that drastically
increases the complexity of porting it to sgx enclaves. Therefore, two prominent
third-party frameworks are tested which aim to support generic applications inside
of sgx: the Library os Graphene and the shim-layer solution scone. Third, alternatives
to implement a custom solution are discussed which could yield performance
and security benefits over the generic frameworks while protecting an Erlang runtime.
The complete source code for this thesis is available under a permissive bsd
3 license.
Beskrivning
Ämne/nyckelord
Erlang , beam , Intel-sgx , Graphene , scone , secure-enclave , trusted-computing