Abstract Intel Software Guard Extensions (SGX) is a new method of enhancing application security by creating safe areas of memory (enclaves) where data and code are protected from inspection and tampering. This technology is being applied to cloud computing as well, however, software deployed with SGX enclaves is complex to migrate between machines using traditional methods as SGX uses unique hardware keys for data sealing. This paper proposes a novel method of migrating SGX enclaves between different machines using Hardware Security Modules (HSMs) to encrypt and decrypt data using HSM generated keys. The use of HSMs achieves faster migration for large enclaves or during multiple concurrent migrations. Since the this solution does not depend on the security of remote attestation, and uses the keys stored in the HSM it provides a higher degree of security than current enclave migration solutions.

中文翻译：

---

TEEnder：使用 HSM 的 SGX Enclave 迁移

摘要 英特尔软件防护扩展 (SGX) 是一种通过创建安全的内存区域（飞地）来增强应用程序安全性的新方法，其中数据和代码不受检查和篡改。这项技术也被应用于云计算，但是，由于 SGX 使用独特的硬件密钥进行数据密封，因此使用 SGX enclave 部署的软件很难使用传统方法在机器之间迁移。本文提出了一种使用硬件安全模块 (HSM) 在不同机器之间迁移 SGX 飞地的新方法，以使用 HSM 生成的密钥加密和解密数据。使用 HSM 可实现大型飞地或多个并发迁移期间的更快迁移。由于此解决方案不依赖于远程认证的安全性，