Toward Migration Of Sgx-Enabled Containers

Containers are becoming the de facto platform for cloud computing. While cloud security has been a major concern, Intel SGX provisions powerful protection guarantees that can be used for containers. However, this technology does not come for free. For example, limited Enclave Page Cache (EPC) challenges the migration design of SGX-enabled containers.We note that previous security protocols are problematic concerning migration of SGX-enabled containers, which will lead to the failure of measures to prevent fork/fallback attacks. In this paper, we propose the migration of SGX-enabled containers and explore the challenges of deploying and migrating SGX-enabled containers considering both EPC resources and persistent storage. To our best knowledge, we are the first to design and implement such a framework for the SGX-enabled container migration that is easy, flexible and lightweight to deploy. We evaluate the proposed framework by migrating SGX-enabled Sqlite3 container and the experimental result shows that the proposed framework has about 15% overhead, which is acceptable due to its security advantage.