Preprint Open Access

SCONE: Secure Linux Containers with Intel SGX

Arnautov, Sergei; Trach, Bohdan; Gregor, Franz; Knauth, Thomas; Martin, Andrè; Priebe, Christian; Muthukumaran, Divya; O'Keeffe, Dan; Stillwell, Mark; Goltzsche, David; Eyers, David; Kapitza, Rüdiger; Pietzuch, Peter; Fetzer, Christof


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:cnt="http://www.w3.org/2011/content#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.163059">
    <rdf:type rdf:resource="http://www.w3.org/ns/dcat#Dataset"/>
    <dct:type rdf:resource="http://purl.org/dc/dcmitype/Text"/>
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.163059</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.163059"/>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Arnautov, Sergei</foaf:name>
        <foaf:givenName>Sergei</foaf:givenName>
        <foaf:familyName>Arnautov</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Dresden</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Trach, Bohdan</foaf:name>
        <foaf:givenName>Bohdan</foaf:givenName>
        <foaf:familyName>Trach</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Dresden</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Gregor, Franz</foaf:name>
        <foaf:givenName>Franz</foaf:givenName>
        <foaf:familyName>Gregor</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Dresden</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Knauth, Thomas</foaf:name>
        <foaf:givenName>Thomas</foaf:givenName>
        <foaf:familyName>Knauth</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Dresden</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Martin, Andrè</foaf:name>
        <foaf:givenName>Andrè</foaf:givenName>
        <foaf:familyName>Martin</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Dresden</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Priebe, Christian</foaf:name>
        <foaf:givenName>Christian</foaf:givenName>
        <foaf:familyName>Priebe</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Imperial College London</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Muthukumaran, Divya</foaf:name>
        <foaf:givenName>Divya</foaf:givenName>
        <foaf:familyName>Muthukumaran</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Imperial College London</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>O'Keeffe, Dan</foaf:name>
        <foaf:givenName>Dan</foaf:givenName>
        <foaf:familyName>O'Keeffe</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Imperial College London</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Stillwell, Mark</foaf:name>
        <foaf:givenName>Mark</foaf:givenName>
        <foaf:familyName>Stillwell</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Imperial College London</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Goltzsche, David</foaf:name>
        <foaf:givenName>David</foaf:givenName>
        <foaf:familyName>Goltzsche</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Braunschweig</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Eyers, David</foaf:name>
        <foaf:givenName>David</foaf:givenName>
        <foaf:familyName>Eyers</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>University of Otago</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Kapitza, Rüdiger</foaf:name>
        <foaf:givenName>Rüdiger</foaf:givenName>
        <foaf:familyName>Kapitza</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Braunschweig</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Pietzuch, Peter</foaf:name>
        <foaf:givenName>Peter</foaf:givenName>
        <foaf:familyName>Pietzuch</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Imperial College London</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Fetzer, Christof</foaf:name>
        <foaf:givenName>Christof</foaf:givenName>
        <foaf:familyName>Fetzer</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Dresden</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>SCONE: Secure Linux Containers with Intel SGX</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2016</dct:issued>
    <frapo:isFundedBy rdf:resource="info:eu-repo/grantAgreement/EC/H2020/645011/"/>
    <schema:funder>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </schema:funder>
    <frapo:isFundedBy rdf:resource="info:eu-repo/grantAgreement/EC/H2020/690111/"/>
    <schema:funder>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </schema:funder>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2016-11-02</dct:issued>
    <owl:sameAs rdf:resource="https://zenodo.org/record/163059"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/163059</skos:notation>
      </adms:Identifier>
    </adms:identifier>
    <dct:isPartOf rdf:resource="https://zenodo.org/communities/ecfunded"/>
    <dct:description>&lt;p&gt;In multi-tenant environments, Linux containers managed by Docker or Kubernetes have a lower resource footprint, faster startup times, and higher I/O performance compared to virtual machines (VMs) on hypervisors. Yet their weaker isolation guarantees, enforced through software kernel mechanisms, make it easier for attackers to compromise the confidentiality and integrity of application data within containers.&lt;/p&gt; &lt;p&gt;We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library interface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6× – 1.2× of native throughput.&lt;/p&gt;</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dcat:distribution>
      <dcat:Distribution>
        <dct:license rdf:resource="http://creativecommons.org/licenses/by/4.0/legalcode"/>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.163059"/>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
  <foaf:Project rdf:about="info:eu-repo/grantAgreement/EC/H2020/645011/">
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">645011</dct:identifier>
    <dct:title>Secure Enclaves for REactive Cloud Applications</dct:title>
    <frapo:isAwardedBy>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </frapo:isAwardedBy>
  </foaf:Project>
  <foaf:Project rdf:about="info:eu-repo/grantAgreement/EC/H2020/690111/">
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">690111</dct:identifier>
    <dct:title>Secure Big Data Processing in Untrusted Clouds</dct:title>
    <frapo:isAwardedBy>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </frapo:isAwardedBy>
  </foaf:Project>
</rdf:RDF>
98
68
views
downloads
All versions This version
Views 9898
Downloads 6868
Data volume 26.1 MB26.1 MB
Unique views 9696
Unique downloads 6464

Share

Cite as