Security-enhanced cloud VPN with SGX and enclave migration

Abstract

This dissertation presents a security-enhanced cloud Virtual Private Network (VPN) with Software Guard Extensions (SGX) and enclave migration. Cloud VPN is an essential cloud-based network infrastructure that connects on-premise networks with Virtual Private Cloud (VPC) networks securely. However, in the semi-trusted cloud environment cloud VPN suffers from privacy concerns due to the information disclosure caused by hypervisor vulnerabilities, malicious cloud management operations, etc. The existing literature has limitations in providing each tenant with the privacy-protected cloud VPN because the weak isolation of executing the VPN service in the shared environment does not defense attacks under the semi-trusted cloud environment. We present SGX-VPN, a security-enhanced cloud VPN with SGX. With the hardware-assisted isolated execution environment and the isolated memory region that SGX supports, SGX-VPN provides each tenant with the privacy-protected key exchange and packet processing. SGX-VPN also provides each tenant with an on-demand functionality to verify the integrity of the running security policies in cloud VPN. We implement a prototype on an actual machine to measure the performance penalties of SGX-VPN. We also evaluate SGX-VPN using a formal analysis tool to prove the security of SGX-VPN.

However, there is still a challenging problem with imposing SGX into cloud VPN because existing SGX-enabled Virtual Machine Managers (VMMs) do not provide live migration of SGX-enabled VMs. This management operation is impossible because the VMM cannot directly access the Enclave Page Cache (EPC) pages where the VM’s enclaves reside. We propose an SGX extension for migrating enclaves called eMotion that adds additional instructions and migration support to the SGX architecture for enabling the secure managed migration of running enclaves. eMotion allows that the participating hosts establish a key used in enclave migration and the VMMs in the hosts migrate running enclaves using the established key. We implement a prototype on top of OpenSGX, an open source SGX emulator, to demonstrate the operations of eMotion and to estimate the impact on enclave migration.