MigSGX: a migration mechanism for containers including SGX applications

Nakashima, Kenji; Kourai, Kenichi; 光来, 健一; コウライ, ケンイチ

doi:https://doi.org/10.1145/3468737.3494088

WEKO3

lat lon distance

[[sub_check.contents]]

[[sub_radio.contents]]

Field does not validate

[[sub_attr.contents]]　

インデックスツリー

アイテム

MigSGX: a migration mechanism for containers including SGX applications

http://hdl.handle.net/10228/00008830

名前 / ファイル	ライセンス	アクション
RECN_2021-53.pdf (441.1 kB)

アイテムタイプ

学術雑誌論文 = Journal Article(1)

公開日

2022-05-09

資源タイプ

資源タイプ識別子

http://purl.org/coar/resource_type/c_6501

資源タイプ

journal article

タイトル

MigSGX: a migration mechanism for containers including SGX applications

言語

その他のタイトル

MigSGX: A Migration Mechanism for Containers Including SGX Applications

言語

eng

著者

Nakashima, Kenji
光来, 健一

WEKO 20772
e-Rad_Researcher 60372463
Scopus著者ID 12143198700
ORCiD 0000-0002-5455-4418
九工大研究者情報 303

en	Kourai, Kenichi
ja	光来, 健一
ja-Kana	コウライ, ケンイチ

Search repository

抄録

内容記述タイプ

Abstract

内容記述

Recently, containers are widely used to process big data in clouds. To prevent information leakage from containers, applications in containers can protect sensitive information using enclaves provided by Intel SGX. The memory of enclaves is encrypted by a CPU using its internal keys. However, the execution of SGX applications cannot be continued after the container running those applications is migrated. This is because enclave memory cannot be correctly decrypted at the destination host. This paper proposes MigSGX for enabling the continuous execution of SGX applications after container migration. Since the states of enclaves cannot be directly accessed from the outside, MigSGX securely invokes each enclave and makes it dump and load its state. Atthe dump time, each enclave re-encrypts its state using a CPU-independent key to protect sensitive information. For space- and time-efficiency, MigSGX saves and restores a large amount of enclave memory in a pipelined manner. We have implemented MigSGX in the Intel SGX SDK and CRIU and showed that pipelining could improve migration performance by up to 52%. The memory necessary for migration was reduced only to 0.15%.

言語

備考

内容記述タイプ

Other

内容記述

UCC '21: 2021 IEEE/ACM 14th International Conference on Utility and Cloud Computing, December 6 - 9, 2021, Leicester, United Kingdom

書誌情報

en : UCC '21: Proceedings of the 14th IEEE/ACM International Conference on Utility and Cloud Computing

発行日 2021-12-17

出版社

出版者

ACM

DOI

関連識別子

978-1-4503-8564-0

日本十進分類法

主題Scheme

NDC

主題

547

著作権関連情報

権利情報

Copyright (c) ACM 2021. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in UCC '21: Proceedings of the 14th IEEE/ACM International Conference on Utility and Cloud Computing, https://doi.org/10.1145/3468737.3494088.

キーワード

主題Scheme

Other

主題

Intel SGX

キーワード

主題Scheme

Other

主題

enclaves

キーワード

主題Scheme

Other

主題

containers

キーワード

主題Scheme

Other

主題

migration

キーワード

主題Scheme

Other

主題

encryption

会議記述

会議名

UCC '21: 2021 IEEE/ACM 14th International Conference on Utility and Cloud Computing

回次

開始年

2021

開始月

開始日

終了年

2021

終了月

終了日

開催地

Leicester

言語

開催国

GBR

出版タイプ

出版タイプResource

http://purl.org/coar/version/c_ab4af688f83e57aa

査読の有無

値

yes

連携ID

値

10310

戻る

views

See details

	Views

Versions

Ver.1

2023-05-15 12:59:59.328468

Show All versions

Cite as

Other

エクスポート

OAI-PMH

JPCOAR 2.0
JPCOAR 1.0
DublinCore
DDI

Other Formats

インデックスリンク

インデックスツリー

アイテム

MigSGX: a migration mechanism for containers including SGX applications

× Nakashima, Kenji

× 光来, 健一

Versions

Share

Cite as

Other

エクスポート

コミュニティ

メニューを最小化

インデックスリンク

インデックスツリー

アイテム

MigSGX: a migration mechanism for containers including SGX applications

× Nakashima, Kenji

× 光来, 健一

Versions

Share

Cite as

Other

エクスポート

コミュニティ