Imperial College London
Portrait Picture

ProfessorPeterPietzuch

Faculty of EngineeringDepartment of Computing

Professor of Distributed Systems
 
 
 
//

Contact

 

+44 (0)20 7594 8314prp Website

 
 
//

Location

 

442Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Pietzuch:2016,
author = {Pietzuch, PR and Arnautov, S and Trach, B and Gregor, F and Knauth, T and Martin, A and Priebe, C and Lind, J and Muthukumaran, D and O'Keeffe, D and Stillwell, M and Goltzsche, D and Eyers, D and Rüdiger, K and Fetzer, C},
pages = {689--703},
publisher = {USENIX},
title = {SCONE: secure Linux containers with Intel SGX},
url = {https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf},
year = {2016}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - In multi-tenant environments, Linux containers managed by Docker or Kubernetes have a lower resource footprint, faster startup times, and higher I/O performance com- pared to virtual machines (VMs) on hypervisors. Yet their weaker isolation guarantees, enforced through soft- ware kernel mechanisms, make it easier for attackers to compromise the confidentiality and integrity of applica- tion data within containers.We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from out- side attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library in- terface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6–1.2 of native throughput.
AU  - Pietzuch,PR
AU  - Arnautov,S
AU  - Trach,B
AU  - Gregor,F
AU  - Knauth,T
AU  - Martin,A
AU  - Priebe,C
AU  - Lind,J
AU  - Muthukumaran,D
AU  - O'Keeffe,D
AU  - Stillwell,M
AU  - Goltzsche,D
AU  - Eyers,D
AU  - Rüdiger,K
AU  - Fetzer,C
EP  - 703
PB  - USENIX
PY  - 2016///
SP  - 689
TI  - SCONE: secure Linux containers with Intel SGX
UR  - https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf
UR  - http://hdl.handle.net/10044/1/42263
ER  -
Download