The micro service paradigm targets the implementation of
large and scalable systems while enabling fine-grained service-level main-
tainability. Due to their scalability, such architectures are frequently used
in cloud environments, which are often subject to privacy and trust issues
hindering the deployment of services dealing with sensitive data.
In this paper we investigate the integration of trusted execution based on
Intel Software Guard Extensions (SGX) into micro service applications.
We present our Vert.x Vault, that supports SGX-based trusted execution
in Eclipse Vert.x, a renowned tool-kit for writing reactive micro service
applications. With our approach, secure micro services can run alongside
regular ones, inter-connected via the Vert.x event bus to build large Vert.x
applications that can contain multiple trusted components.
Maintaining a full-edged Java Virtual Machine (JVM) inside an SGX
enclave is impractical due to its complexity, less secure because of a large
Trusted Code Base (TCB), and would suffer from performance penalties
due to a high memory footprint. However, as Vert.x is written in Java, for
a lean TCB this requires integration of native enclave C/C++ code into
Vert.x, for which we propose the usage of Java Native Interface (JNI).
Our Vert.x Vault provides the benefits of micro service architectures
together with trusted execution to support privacy and data confidentiality
for sensitive applications in the cloud at scale. In our evaluation we show
the feasibility of our approach, buying a significantly increased level of
security for a low performance overhead of only ≈ 8:7%