ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud

With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). Although the integration of SGX within the cloud considerably strengthens the threat model for cloud applications, the current model to deploy and provision enclaves prevents the cloud operator from adding or removing enclaves dynamically - thus preventing elasticity for TEE-based applications in the cloud. In this paper, we propose ReplicaTEE, a solution that enables seamless provisioning and decommissioning of TEE-based applications in the cloud. ReplicaTEE leverages an SGX-based provisioning layer that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the application owner. Namely, in ReplicaTEE, the application owner entrusts application secret to the provisioning layer; the latter handles all enclave commissioning and de-commissioning operations throughout the application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ~800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based applications.