21. 10. 2016SCONE: Secure Linux Container Environments with Intel SGXThomas KnauthTU DresdenWe describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library interface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6x - 1.2x of native throughput. |
28. Oct 2020
|
|
· Copyright © 2001-2022 Operating Systems Group, TU Dresden | Impressum · |