enCloud: Aspect-oriented trusted service migration on SGX-enabled cloud VM

Seehwan Yoo; Youngpil Kim; Hyunchan Park; Jaehyun Hwang; Kitak Kim

doi:10.1002/spe.3357

enCloud: Aspect-oriented trusted service migration on SGX-enabled cloud VM

Seehwan Yoo^*
, Youngpil Kim
, Hyunchan Park
, Jaehyun Hwang
, Kitak Kim

^*Corresponding author for this work

Research output: Contribution to journal › Journal article › peer-review

1 Scopus citations

Abstract

This paper presents enCloud, a new aspect-oriented trusted service migration with SGX-enabled cloud VM. Addressing the challenge of reconciling end-to-end security with VM migration, enCloud incorporates two key aspects: (1) end-to-end security for enclave context migration, and (2) VM abstraction for conventional VM context migration. This paper provides a practical guideline with applicable APIs for trusted service migration. In a case study, enCloud demonstrates effective trusted DB service migration on a cloud VM, achieving end-to-end security with minimal trust boundaries. The framework supports pre-copy live VM migration to minimize service downtime. This paper contributes a concise and practical solution in the form of the enCloud framework for secure service migration.

Original language	English
Pages (from-to)	2454-2480
Number of pages	27
Journal	Software - Practice and Experience
Volume	54
Issue number	12
DOIs	https://doi.org/10.1002/spe.3357
State	Published - 2024.12

Keywords

SGX enclave
aspect-oriented VM migration
cloud VM migration

Quacquarelli Symonds(QS) Subject Topics

Computer Science & Information Systems

Access to Document

10.1002/spe.3357

Cite this

@article{b3923140cbba42b0bb4db111b23a9d71,

title = "enCloud: Aspect-oriented trusted service migration on SGX-enabled cloud VM",

abstract = "This paper presents enCloud, a new aspect-oriented trusted service migration with SGX-enabled cloud VM. Addressing the challenge of reconciling end-to-end security with VM migration, enCloud incorporates two key aspects: (1) end-to-end security for enclave context migration, and (2) VM abstraction for conventional VM context migration. This paper provides a practical guideline with applicable APIs for trusted service migration. In a case study, enCloud demonstrates effective trusted DB service migration on a cloud VM, achieving end-to-end security with minimal trust boundaries. The framework supports pre-copy live VM migration to minimize service downtime. This paper contributes a concise and practical solution in the form of the enCloud framework for secure service migration.",

keywords = "SGX enclave, aspect-oriented VM migration, cloud VM migration",

author = "Seehwan Yoo and Youngpil Kim and Hyunchan Park and Jaehyun Hwang and Kitak Kim",

note = "Publisher Copyright: {\textcopyright} 2024 The Author(s). Software: Practice and Experience published by John Wiley \& Sons Ltd.",

year = "2024",

month = dec,

doi = "10.1002/spe.3357",

language = "English",

volume = "54",

pages = "2454--2480",

journal = "Software - Practice and Experience",

issn = "0038-0644",

number = "12",

}

TY - JOUR

T1 - enCloud

T2 - Aspect-oriented trusted service migration on SGX-enabled cloud VM

AU - Yoo, Seehwan

AU - Kim, Youngpil

AU - Park, Hyunchan

AU - Hwang, Jaehyun

AU - Kim, Kitak

PY - 2024/12

Y1 - 2024/12

N2 - This paper presents enCloud, a new aspect-oriented trusted service migration with SGX-enabled cloud VM. Addressing the challenge of reconciling end-to-end security with VM migration, enCloud incorporates two key aspects: (1) end-to-end security for enclave context migration, and (2) VM abstraction for conventional VM context migration. This paper provides a practical guideline with applicable APIs for trusted service migration. In a case study, enCloud demonstrates effective trusted DB service migration on a cloud VM, achieving end-to-end security with minimal trust boundaries. The framework supports pre-copy live VM migration to minimize service downtime. This paper contributes a concise and practical solution in the form of the enCloud framework for secure service migration.

AB - This paper presents enCloud, a new aspect-oriented trusted service migration with SGX-enabled cloud VM. Addressing the challenge of reconciling end-to-end security with VM migration, enCloud incorporates two key aspects: (1) end-to-end security for enclave context migration, and (2) VM abstraction for conventional VM context migration. This paper provides a practical guideline with applicable APIs for trusted service migration. In a case study, enCloud demonstrates effective trusted DB service migration on a cloud VM, achieving end-to-end security with minimal trust boundaries. The framework supports pre-copy live VM migration to minimize service downtime. This paper contributes a concise and practical solution in the form of the enCloud framework for secure service migration.

KW - SGX enclave

KW - aspect-oriented VM migration

KW - cloud VM migration

UR - https://www.scopus.com/pages/publications/85196191383

U2 - 10.1002/spe.3357

DO - 10.1002/spe.3357

M3 - Journal article

AN - SCOPUS:85196191383

SN - 0038-0644

VL - 54

SP - 2454

EP - 2480

JO - Software - Practice and Experience

JF - Software - Practice and Experience

IS - 12

ER -

enCloud: Aspect-oriented trusted service migration on SGX-enabled cloud VM

Abstract

Keywords

Quacquarelli Symonds(QS) Subject Topics

Access to Document

Other files and links

Fingerprint

Cite this