Migrating SGX Enclaves with Persistent State
This addresses a critical issue for cloud providers and users relying on SGX for secure enclave migration, though it is incremental as it builds on existing migration mechanisms.
The paper tackles the problem of migrating SGX enclaves with persistent state, such as sealed data and monotonic counters, which prior work overlooked, risking data loss and security breaches; the authors propose a software-only approach that guarantees consistency, maintains security, and incurs negligible performance overhead.
Hardware-supported security mechanisms like Intel Software Guard Extensions (SGX) provide strong security guarantees, which are particularly relevant in cloud settings. However, their reliance on physical hardware conflicts with cloud practices, like migration of VMs between physical platforms. For instance, the SGX trusted execution environment (enclave) is bound to a single physical CPU. Although prior work has proposed an effective mechanism to migrate an enclave's data memory, it overlooks the migration of persistent state, including sealed data and monotonic counters; the former risks data loss whilst the latter undermines the SGX security guarantees. We show how this can be exploited to mount attacks, and then propose an improved enclave migration approach guaranteeing the consistency of persistent state. Our software-only approach enables migratable sealed data and monotonic counters, maintains all SGX security guarantees, minimizes developer effort, and incurs negligible performance overhead.