Opera: Open remote attestation for intel's secure enclaves

40Citations
Citations of this article
81Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Intel Software Guard Extensions (SGX) remote attestation enables enclaves to authenticate hardware inside which they run, and attest the integrity of their enclave memory to the remote party. To enforce direct control of attestation, Intel mandates attestation to be verified by Intel's attestation service. This Intel-centric attestation model, however, neither protects privacy nor performs efficiently when distributed and frequent attestation is required. This paper presents OPERA, an Open Platform for Enclave Remote Attestation. Without involving Intel's attestation service while conducting attestation, OPERA is unchained from Intel, although it relies on Intel to establish a chain of trust whose anchor point is the secret rooted in SGX hardware. OPERA is open, as the implementation of its attestation service is completely open, allowing any enclave developer to run her own OPERA service, and its execution is publicly verifiable and hence trustworthy; OPERA is privacy-preserving, as the attestation service does not learn which enclave is being attested or when the attestation takes place; OPERA is performant, as it does not rely on a single-point-of-verification and also reduces the latency of verification.

Cite

CITATION STYLE

APA

Chen, G., Zhang, Y., & Lai, T. H. (2019). Opera: Open remote attestation for intel’s secure enclaves. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 2317–2331). Association for Computing Machinery. https://doi.org/10.1145/3319535.3354220

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free