Protecting data-in-use from privileged attackers is challenging. New CPU extensions (notably: Intel SGX ) and cryptographic techniques (specifically: Homomorphic Encryption ) can guarantee privacy even in untrusted third-party systems. HE allows sensitive processing on ciphered data. However, it is affected by i) a dramatic ciphertext expansion making HE unusable when bandwidth is narrow, ii) unverifiable conditional variables requiring off-premises support. Intel SGX allows sensitive processing in a secure enclave. Unfortunately, it is i) strictly bonded to the hosting server making SGX unusable when the live migration of cloud VMs/Containers is desirable, ii) limited in terms of usable memory, which is in contrast with resource-consuming data processing. In this article, we propose the VIrtual Secure Enclave (VISE) , an approach that effectively combines the two aforementioned techniques, to overcome their limitations and ultimately make them usable in a typical cloud setup. VISE moves the execution of sensitive HE primitives (e.g., encryption) to the cloud in a remotely attested SGX enclave, and then performs sensitive processing on HE data–outside the enclave–leveraging all the memory resources available. We demonstrate that VISE meets the challenging security and performance requirements of a substantial application in the Industrial Control Systems domain. Our experiments prove the practicability of the proposed solution.

中文翻译：

---

钳住：将英特尔SGX和同态加密相结合，用于云工业控制系统

保护 使用中的数据来自特权攻击者的挑战是巨大的。新的CPU扩展（特别是：英特尔SGX ）和加密技术（具体是： 同态加密 ）即使在不受信任的第三方系统中也可以确保隐私。HE允许对加密数据进行敏感处理。但是，它受到以下因素的影响：i）急剧的密文扩展，使得当带宽狭窄时HE无法使用； ii）无法验证的条件变量需要本地支持。英特尔SGX允许在安全的区域内进行敏感处理。不幸的是，它是：i）严格绑定到托管服务器，从而在需要实时迁移云虚拟机/容器时使SGX不可用； ii）在可用内存方面受到限制，这与消耗资源的数据处理相反。在本文中，我们提出了虚拟安全区域（VISE） ，该方法有效地结合了上述两种技术，以克服它们的局限性，并最终使它们在典型的云设置中可用。 钳住将敏感的HE原语的执行（例如加密）移到经过远程验证的SGX安全区域中的云中，然后对安全数据进行安全处理（在安全区域之外），以利用所有可用的内存资源。我们证明，VISE可以满足工业控制系统领域大量应用对安全性和性能提出的挑战。我们的实验证明了所提出解决方案的实用性。