| Title | Securing Remote Policy Enforcement by a Multi-Enclave based Attestation Architecture |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Zum Felde, Hendrik Meyer, Morbitzer, Mathias, Schütte, Julian |
| Conference Name | 2021 IEEE 19th International Conference on Embedded and Ubiquitous Computing (EUC) |
| Keywords | Access Control, automatic enclave generation, codes, Computer architecture, Conferences, Confidential computing, human factors, Intel SGX, Metrics, process control, pubcrawl, remote attestation, remote policy enforcement, resilience, Resiliency, Scalability, secure enclaves, Trusted Computing, trusted execution environments, ubiquitous computing |
| Abstract | The concept of usage control goes beyond traditional access control by regulating not only the retrieval but also the processing of data. To be able to remotely enforce usage control policy the processing party requires a trusted execution environ-ment such as Intel SGX which creates so-called enclaves. In this paper we introduce Multi Enclave based Code from Template (MECT), an SGX-based architecture for trusted remote policy enforcement. MECT uses a multi-enclave approach in which an enclave generation service dynamically generates enclaves from pre-defined code and dynamic policy parameters. This approach leads to a small trusted computing base and highly simplified attestation while preserving functionality benefits. Our proof of concept implementation consumes customisable code from templates. We compare the implementation with other architectures regarding the trusted computing base, flexibility, performance, and modularity. This comparison highlights the security benefits for remote attestation of MECT. |
| DOI | 10.1109/EUC53437.2021.00023 |
| Citation Key | zum_felde_securing_2021 |
Securing Remote Policy Enforcement by a Multi-Enclave based Attestation Architecture