Skip to content

SCONE Related Publications

SCONE: Secure Linux Containers with Intel SGX, USENIX, OSDI 2016

This paper describes how we support unmodified applications inside of enclaves. The focus is on our asynchronous system call interface.

  • Authors: Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, André Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, Christof Fetzer

  • Media: pdf, slides, audio, url

  • Abstract: In multi-tenant environments, Linux containers managed by Docker or Kubernetes have a lower resource footprint, faster startup times, and higher I/O performance compared to virtual machines (VMs) on hypervisors. Yet their weaker isolation guarantees, enforced through software kernel mechanisms, make it easier for attackers to compromise the confidentiality and integrity of application data within containers. We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library interface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6x–1.2x of native throughput.


@inproceedings {199364,
    author = {Sergei Arnautov and Bohdan Trach and Franz Gregor and Thomas Knauth and Andre Martin and Christian Priebe and Joshua Lind and Divya Muthukumaran and Dan O{\textquoteright}Keeffe and Mark L. Stillwell and David Goltzsche and Dave Eyers and R{\"u}diger Kapitza and Peter Pietzuch and Christof Fetzer},
    title = {{SCONE}: Secure Linux Containers with Intel {SGX}},
    booktitle = {12th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 16)},
    year = {2016},
    isbn = {978-1-931971-33-1},
    address = {Savannah, GA},
    pages = {689--703},
    url = {},
    publisher = {{USENIX} Association},

Building Critical Applications Using Microservices, IEEE Security & Privacy, Volume: 14 Issue: 6, December 2016

  • Author: Christof Fetzer

  • Media: pdf, html

  • Abstract: Safeguarding the correctness of critical software is a grand challenge. A microservice-based system is described that builds trustworthy systems on top of legacy hardware and software components, ensuring microservices' integrity, confidentiality, and correct execution with the help of secure enclaves.


    author={C. Fetzer}, 
    journal={IEEE Security Privacy}, 
    title={Building Critical Applications Using Microservices}, 
    keywords={trusted computing;critical applications;critical software correctness;legacy hardware;microservice confidentiality;microservice integrity;microservice-based system;secure enclaves;software components;trustworthy systems;Buildings;Containers;Kernel;Linux;Security;Linux;hardware;microservices;secure enclaves;security;software}, 

SGXBounds: Memory Safety for Shielded Execution, EuroSys 2017

To protect the code running inside of an enclave, we implemented a novel bounds checker for enclaves. While we had expected to just be able to use MPX, we had to realized that MPX does not perform that well inside of enclaves. For details regarding the overheads, please see this paper. This won the best paper award of EuroSys 2017.

  • Authors: D. Kuvaiskii, O. Oleksenko, S. Arnautov, B. Trach, P. Bhatotia, P. Felber, C. Fetzer

  • Media: pdf, html

  • Abstract: Shielded execution based on Intel SGX provides strong security guarantees for legacy applications running on untrusted platforms. However, memory safety attacks such as Heartbleed can render the confidentiality and integrity properties of shielded execution completely ineffective. To prevent these attacks, the state-of-the-art memory-safety approaches can be used in the context of shielded execution. In this work, we first showcase that two prominent software- and hardware-based defenses, AddressSanitizer and Intel MPX respectively, are impractical for shielded execution due to high performance and memory overheads. This motivated our design of SGXBounds -- an efficient memory-safety approach for shielded execution exploiting the architectural features of Intel SGX. Our design is based on a simple combination of tagged pointers and compact memory layout. We implemented SGXBounds based on the LLVM compiler framework targeting unmodified multithreaded applications. Our evaluation using Phoenix, PARSEC, and RIPE benchmark suites shows that SGXBounds has performance and memory overheads of 18% and 0.1% respectively, while providing security guarantees similar to AddressSanitizer and Intel MPX. We have obtained similar results with four real-world case studies: SQLite, Memcached, Apache, and Nginx.


    author = {Kuvaiskii, Dmitrii and Oleksenko, Oleksii and Arnautov, Sergei and Trach, Bohdan and Bhatotia, Pramod and Felber, Pascal and Fetzer, Christof},
    title = {SGXBOUNDS: Memory Safety for Shielded Execution},
    booktitle = {Proceedings of the Twelfth European Conference on Computer Systems},
    series = {EuroSys '17},
    year = {2017},
    isbn = {978-1-4503-4938-3},
    location = {Belgrade, Serbia},
    pages = {205--221},
    numpages = {17},
    url = {},
    doi = {10.1145/3064176.3064192},
    acmid = {3064192},
    publisher = {ACM},
    address = {New York, NY, USA},

FFQ: A Fast Single-Producer/Multiple-Consumer Concurrent FIFO Queue, IPDPS 2017

This paper describes our new lock-free queue for our asynchronous system calls.

  • Authors: Sergei Arnautov, Pascal Felber, Christof Fetzer and Bohdan Trach

  • Media: pdf, html

  • Abstract: With the spreading of multi-core architectures, operating systems and applications are becoming increasingly more concurrent and their scalability is often limited by the primitives used to synchronize the different hardware threads. In this paper, we address the problem of how to optimize the throughput of a system with multiple producer and consumer threads. Such applications typically synchronize their threads via multi- producer/multi-consumer FIFO queues, but existing solutions have poor scalability, as we could observe when designing a secure application framework that requires high-throughput communication between many concurrent threads. In our target system, however, the items enqueued by different producers do not necessarily need to be FIFO ordered. Hence, we propose a fast FIFO queue, FFQ, that aims at maximizing throughput by specializing the algorithm for single-producer/multiple-consumer settings: each producer has its own queue from which multiple consumers can concurrently dequeue. Furthermore, while we pro- vide a wait-free interface for producers, we limit ourselves to lock-free consumers to eliminate the need for helping. We also propose a multi-producer variant to show which synchronization operations we were able to remove by focusing on a single producer variant. Our evaluation analyses the performance using micro- benchmarks and compares our results with other state-of-the-art solutions: FFQ exhibits excellent performance and scalability.


    author={S. Arnautov and P. Felber and C. Fetzer and B. Trach},
    booktitle={2017 IEEE International Parallel and Distributed Processing Symposium (IPDPS)},
    title={FFQ: A Fast Single-Producer/Multiple-Consumer Concurrent FIFO Queue},
    keywords={microprocessor chips;multi-threading;multiprocessing systems;operating systems (computers);queueing theory;FFQ;FIFO queue;consumer threads;fast single producer-multiple consumer concurrent FIFO queue;hardware threads;lock-free consumers;multicore architectures;multiple producer;operating systems;secure application;single producer variant;synchronization operations;Algorithm design and analysis;Context;Instruction sets;Message systems;Scalability;Synchronization;Throughput;FIFO queue;SPMC queue;concurrent FIFO queue;concurrent queue;lock-free algorithm;wait-free algorithm}, 

PESOS: Policy Enhanced Secure Object Store, EuroSys 2018

  • Authors: Robert Krahn, Bohdan Trach (TU Dresden), Anjo Vahldiek-Oberwagner (MPI-SWS), Thomas Knauth (Intel/TU Dresden), Pramod Bhatotia (University of Edinburgh), and Christof Fetzer (TU Dresden)

  • Media: pdf, html

  • Abstract: Third-party storage services pose the risk of integrity and confidentiality violations as the current storage policy enforcement mechanisms are spread across many layers in the system stack. To mitigate these security vulnerabilities, we present the design and implementation of Pesos, a Policy Enhanced Secure Object Store (Pesos) for untrusted third-party storage providers. Pesos allows clients to specify per-object security policies, concisely and separately from the storage stack, and enforces these policies by securely mediating the I/O in the persistence layer through a single uni ed enforcement layer. More broadly, Pesos exposes a rich set of storage policies ensuring the integrity, confidentiality, and access accounting for data storage through a declarative policy language.

    Pesos enforces these policies on untrusted commodity plat- forms by leveraging a combination of two trusted computing technologies: Intel SGX for trusted execution environment (TEE) and Kinetic Open Storage for trusted storage. We have implemented Pesos as a fully-functional storage system supporting many useful end-to-end storage features, and a range of effective performance optimizations. We evaluated Pesos using a range of micro-benchmarks, and real-world use cases. Our evaluation shows that Pesos incurs reasonable performance overheads for the enforcement of policies while keeping the trusted computing base (TCB) small.


    author = {Krahn, Robert and Trach, Bohdan and Vahldiek-Oberwagner, Anjo and Knauth, Thomas and Bhatotia, Pramod and Fetzer, Christof},
    title = {Pesos: Policy Enhanced Secure Object Store},
    booktitle = {Proceedings of the Thirteenth EuroSys Conference},
    series = {EuroSys '18},
    year = {2018},
    isbn = {978-1-4503-5584-1},
    location = {Porto, Portugal},
    pages = {25:1--25:17},
    articleno = {25},
    numpages = {17},
    url = {},
    doi = {10.1145/3190508.3190518},
    acmid = {3190518},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {intel SGX, kinetic disks, policy language, storage security},

ShieldBox: Secure Middleboxes using Shielded Execution, SIGCOMM SOSR 2018

  • Authors: Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, Christof Fetzer

  • Media: pdf, html, video

  • Abstract: Middleboxes that process confidential data cannot be securely deployed in untrusted cloud environments. To securely outsource middleboxes to the cloud, state-of-the-art systems advocate network processing over the encrypted traffic. Unfortunately, these systems support only restrictive functionalities, and incur prohibitively high overheads.% due to the complex computations involved over the encrypted traffic.

    This motivated the design of ShieldBox---a secure middlebox framework for deploying high-performance network functions (NFs) over untrusted commodity servers. ShieldBox securely processes encrypted traffic inside a secure container by leveraging shielded execution. More specifically, ShieldBox builds on hardware-assisted memory protection based on Intel SGX to provide strong confidentiality and integrity guarantees. For middlebox developers, ShieldBox exposes a generic interface based on Click to design and implement a wide-range of NFs using its out-of-the-box elements and C++ extensions. For network operators, ShieldBox provides configuration and attestation service for seamless and verifiable deployment of middleboxes. We have implemented ShieldBox supporting important end-to-end features required for secure network processing, and performance optimizations. Our extensive evaluation shows that ShieldBox achieves a near-native throughput and latency to securely process confidential data at line rate.


    author = {Trach, Bohdan and Krohmer, Alfred and Gregor, Franz and Arnautov, Sergei and Bhatotia, Pramod and Fetzer, Christof},
    title = {ShieldBox: Secure Middleboxes Using Shielded Execution},
    booktitle = {Proceedings of the Symposium on SDN Research},
    series = {SOSR '18},
    year = {2018},
    isbn = {978-1-4503-5664-0},
    location = {Los Angeles, CA, USA},
    pages = {2:1--2:14},
    articleno = {2},
    numpages = {14},
    url = {},
    doi = {10.1145/3185467.3185469},
    acmid = {3185469},
    publisher = {ACM},
    address = {New York, NY, USA},

Varys: Protecting SGX enclaves from practical side-channel attacks, USENIX ATC 2018

  • Authors: Oleksii Oleksenko, Bohdan Trach, Robert Krahn, and André Martin, TU Dresden; Mark Silberstein, Technion; Christof Fetzer, TU Dresden

  • Media: pdf, slides, audio, url

  • Abstract: Numerous recent works have experimentally shown that Intel Software Guard Extensions (SGX) are vulnerable to cache timing and page table side-channel attacks which could be used to circumvent the data confidentiality guarantees provided by SGX. Existing mechanisms that protect against these attacks either incur high execution costs, are ineffective against certain attack variants, or require significant code modifications.

    We present Varys, a system that protects unmodified programs running in SGX enclaves from cache timing and page table side-channel attacks. Varys takes a pragmatic approach of strict reservation of physical cores to security-sensitive threads, thereby preventing the attacker from accessing shared CPU resources during enclave execution. The key challenge that we are addressing is that of maintaining the core reservation in the presence of an untrusted OS.

    Varys fully protects against all L1/L2 cache timing attacks and significantly raises the bar for page table side-channel attacks - all with only 15% overhead on average for Phoenix and PARSEC benchmarks. Additionally, we propose a set of minor hardware extensions that hold the potential to extend Varys' security guarantees to L3 cache and further improve its performance.


@inproceedings {216033,
    author = {Oleksii Oleksenko and Bohdan Trach and Robert Krahn and Mark Silberstein and Christof Fetzer},
    title = {Varys: Protecting {SGX} Enclaves from Practical Side-Channel Attacks},
    booktitle = {2018 {USENIX} Annual Technical Conference ({USENIX} {ATC} 18)},
    year = {2018},
    isbn = {978-1-931971-44-7},
    address = {Boston, MA},
    pages = {227--240},
    url = {},
    publisher = {{USENIX} Association},

GX-PySpark: Secure Distributed Data Analytics.

  • Authors: Do Le Quoc, Franz Gregor, Jatinder Singh, and Christof Fetzer. 2019. SGX-PySpark: Secure Distributed Data Analytics. In The World Wide Web Conference (WWW '19), Ling Liu and Ryen White (Eds.). ACM, New York, NY, USA, 3564-3563.
  • Media:

  • Abstract: Data analytics is central to modern online services, particularly those data-driven. Often this entails the processing of large-scale datasets which may contain private, personal and sensitive information relating to individuals and organisations. Particular challenges arise where cloud is used to store and process the sensitive data. In such settings, security and privacy concerns become paramount, as the cloud provider is trusted to guarantee the security of the services they offer, including data confidentiality. Therefore, the issue this work tackles is “How to securely perform data analytics in a public cloud?”

    To assist this question, we design and implement SGX-PySpark- a secure distributed data analytics system which relies on a trusted execution environment (TEE) such as Intel SGX to provide strong security guarantees. To build SGX-PySpark, we integrate PySpark - a widely used framework for data analytics in industry to support a wide range of queries, with SCONE - a shielded execution framework using Intel SGX.


    author = {Le Quoc, Do and Gregor, Franz and Singh, Jatinder and Fetzer, Christof},
    title = {SGX-PySpark: Secure Distributed Data Analytics},
    booktitle = {The World Wide Web Conference},
    series = {WWW '19},
    year = {2019},
    isbn = {978-1-4503-6674-8},
    location = {San Francisco, CA, USA},
    pages = {3564--3563},
    numpages = {0},
    url = {},
    doi = {10.1145/3308558.3314129},
    acmid = {3314129},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {Confidential computing, data analytics, distributed system, security},

©, June 2019. Questions or Suggestions?