Secure cloud micro services using Intel SGX

The micro service paradigm targets the implementation of large and scalable systems while enabling fine-grained service-level main- tainability. Due to their scalability, such architectures are frequently used in cloud environments, which are often subject to privacy and trust issues hindering the deployment of services dealing with sensitive data. In this paper we investigate the integration of trusted execution based on Intel Software Guard Extensions (SGX) into micro service applications. We present our Vert.x Vault, that supports SGX-based trusted execution in Eclipse Vert.x, a renowned tool-kit for writing reactive micro service applications. With our approach, secure micro services can run alongside regular ones, inter-connected via the Vert.x event bus to build large Vert.x applications that can contain multiple trusted components. Maintaining a full-edged Java Virtual Machine (JVM) inside an SGX enclave is impractical due to its complexity, less secure because of a large Trusted Code Base (TCB), and would suffer from performance penalties due to a high memory footprint. However, as Vert.x is written in Java, for a lean TCB this requires integration of native enclave C/C++ code into Vert.x, for which we propose the usage of Java Native Interface (JNI). Our Vert.x Vault provides the benefits of micro service architectures together with trusted execution to support privacy and data confidentiality for sensitive applications in the cloud at scale. In our evaluation we show the feasibility of our approach, buying a significantly increased level of security for a low performance overhead of only ≈ 8:7%

Microservice security: a systematic literature review

International audienceMicroservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus : it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges

Horizon 2020-funded security research projects with dual-use potential: An overview (2014-2018)

The analysis carried out in this report facilitates the identification of dual-use research topics and projects funded under Horizon 2020 that have a dual-use civilian/military potential, the results of which could be applied both by security and defence stakeholders (including industry). In this way, it could support the future security and defence research programmes in their attempt of avoiding duplication of investments and promoting synergies.JRC.E.7-Knowledge for Security and Migratio

Security and defence research in the European Union: a landscape review

This landscape report describes the state of play of the European Union’s policies and activities in security and defence and the EU-funded research aimed at supporting them, with an exclusive focus on intentional harm. It is organised around several thematic building blocks under the umbrella of the three core priorities defined in the European agenda on security. The report reviews the current main risks and threats but also those that may emerge within the next 5 years, the policy and operational means developed to combat them, the main active stakeholders and the EU legislation in force. In this context, a short history of EU research on security and defence is presented, followed by an inventory of relevant research and development projects funded under the Horizon 2020 framework programme during the period 2014-2018. The specific contributions of the Joint Research Centre to security research are also highlighted. Finally, future avenues for security and defence research and development are discussed. Please note that the executive summary of this landscape report has been published simultaneously as a companion document.JRC.E.7-Knowledge for Security and Migratio