• myGriffith
    • Staff portal
    • Contact Us⌄
      • Future student enquiries 1800 677 728
      • Current student enquiries 1800 154 055
      • International enquiries +61 7 3735 6425
      • General enquiries 07 3735 7111
      • Online enquiries
      • Staff phonebook
    View Item 
    •   Home
    • Griffith Research Online
    • Journal articles
    • View Item
    • Home
    • Griffith Research Online
    • Journal articles
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

  • All of Griffith Research Online
    • Communities & Collections
    • Authors
    • By Issue Date
    • Titles
  • This Collection
    • Authors
    • By Issue Date
    • Titles
  • Statistics

  • Most Popular Items
  • Statistics by Country
  • Most Popular Authors
  • Support

  • Contact us
  • FAQs
  • Admin login

  • Login
  • A framework for application partitioning using trusted execution environments

    Author(s)
    Atamli-Reineh, A
    Paverd, A
    Petracca, G
    Martin, A
    Griffith University Author(s)
    Martin, Andrew
    Year published
    2017
    Metadata
    Show full item record
    Abstract
    The size and complexity of modern applications are the underlying causes of numerous security vulnerabilities. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (such as the operating system). New technologies, notably Intel's Software Guard Extensions (SGX), are becoming available to enhance the security of partitioned applications. SGX provides a trusted execution environment (TEE), called an enclave, that protects the integrity of the code and the ...
    View more >
    The size and complexity of modern applications are the underlying causes of numerous security vulnerabilities. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (such as the operating system). New technologies, notably Intel's Software Guard Extensions (SGX), are becoming available to enhance the security of partitioned applications. SGX provides a trusted execution environment (TEE), called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system (OS). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. How should a particular application be partitioned? How many TEEs should be used? What granularity of partitioning should be applied? To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. However, as partitioning becomes increasingly common, there is a need for systematisation in the design of partitioning schemes. To address this need, we present a novel framework consisting of four overarching types of partitioning schemes through which applications can make use of TEEs. These schemes range from coarse-grained partitioning, in which the whole application is included in a single TEE, through to ultra-fine partitioning, in which each piece of security-sensitive code and data is protected in an individual TEE. Although partitioning schemes themselves are application specific, we establish application-independent relationships between the types we have defined. Because these relationships have an impact on both the security and performance of the partitioning scheme, we envisage that our framework can be used by software architects to guide the design of application partitioning schemes. To demonstrate the applicability of our framework, we have carried out case studies on two widely used software packages, the Apache Web server and the OpenSSL library. In each case study, we provide four high-level partitioning schemes—one for each of the types in our framework. We also systematically review the related work on hardware-enforced partitioning by categorising previous research efforts according to our framework.
    View less >
    Journal Title
    Concurrency and Computation: Practice and Experience
    Volume
    29
    Issue
    23
    DOI
    https://doi.org/10.1002/cpe.4130
    Subject
    Artificial intelligence
    Software engineering
    Publication URI
    http://hdl.handle.net/10072/408062
    Collection
    • Journal articles

    Footer

    Disclaimer

    • Privacy policy
    • Copyright matters
    • CRICOS Provider - 00233E

    Tagline

    • Gold Coast
    • Logan
    • Brisbane - Queensland, Australia
    First Peoples of Australia
    • Aboriginal
    • Torres Strait Islander