SCONE : Secure Linux Containers with Intel SGX
- Submitting institution
-
Royal Holloway and Bedford New College
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 31356300
- Type
- E - Conference contribution
- DOI
-
-
- Title of conference / published proceedings
- Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’16)
- First page
- 689
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- November
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
14
- Research group(s)
-
-
- Citation count
- 121
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- The paper was published in OSDI, the top conference in systems research, and formed the basis of a startup (scontain.com). This paper proposes a practical approach to protecting user applications and data from untrusted cloud providers, the holy grail of cloud security. It allows deployment of unmodified applications as Docker containers with near-native performance and a small trusted computing base, and isolates applications from the OS/hypervisor and even attackers with physical access. The paper was widely influential, with some techniques (e.g. asynchyronous system calls) further developed by groups from Technion (Eleos) and Intel (integrated into the official Intel SGX SDK).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -