Architecture

Enclaive's solution utilizes a libOS-based approach to provision applications within its containers. The libOS is built upon the gramine project, an actively maintained project by Intel, which itself is a fork of the graphene research project originating from Stoney Brook University in 2011. Graphene, in turn, incorporates Intel's SGX SDK, providing drivers, Quoting Enclave (QE), and Provision Certificate Enclave (PCE), along with the Data Center Attestation Primitive (DCAP) framework and system libraries implementing RA-TLS, which bridges the gap and integrates Remote Attestation into the establishment of the standard secure channel protocol TLS.

The execution of the libOS takes place within a pico-process, which encompasses an unmodified application binary and its supporting libraries, running on a dedicated libOS instance. This libOS is designed to abstract host kernel functionality through a generic Application Binary Interface (ABI). This ABI facilitates the implementation of various fundamental abstractions, such as virtual memory, threads, synchronization, byte streams (similar to pipes), a file system, and networking, which can be easily supported on different host operating systems. While Linux serves as the reference host kernel, other platforms can be supported by implementing the corresponding Platform Adaptation Layer (PAL). From a technical perspective, the libOS consists of modified libraries for the Executable and Linkable Format (ELF) linker and (dynamic) loader, libc, and libthread, enabling the issuance of system calls as functions to its own Linux library. The Linux library, in turn, implements these system calls using a variant of the unikernel Drawbridge ABI, provided by the PAL, and relies on calls to the underlying kernel.

The architecture diagram above illustrates the structure of a Confidential Container and outlines enclaive's framework for enclaving an application. Several key components play vital roles:

Intel's Architectural Enclave Service Manager (AESM)

Serves as the system services management agent for SGX-enabled applications. It encompasses various SGX system components, including remote attestation quote signing for QE, and report certification for PCE.

Gramine

Linked with Intel-provided or customized DCAP and Quote Provider libraries, interfaces with the AESM daemon to generate quotes. It launches the libOS Enclave and provides the host communication layer to access resources. The transparent Compatibility Layer within the enclave performs actions within the enclave memory or verifies host communication, employing measures such as authenticated encryption for persistent modifiable data or integrity hashes loaded during startup as part of the measurement.

Enclaive's Premain

Executes prior to the actual application and establishes an RA-TLS channel to the vault. This facilitates the pre-loading of secrets, including decryption keys for unfolding encrypted persistent files and TLS credentials for cluster authentication. The Attestation Shim seamlessly enclaves binaries and offers provisioned or ephemeral secrets.

With these enhancements, client workloads can now benefit from transparent data storage encryption using provisioned certificates, which can be configured in a file as before. In essence, while the vault and containers continue to operate as they did previously, they can now leverage the advantages provided by SGX.

Last updated 1 year ago

Was this helpful?