Enabling Integrity Measurement for Secure Applications in the Enarx Framework

The Cloud Computing paradigm has significantly spread thanks to the high-speed Internet connection, standardization of digital technology, and the wide adoption of mobile devices. As a result, several privacy-enhancing technologies have been developed, among which Confidential Computing aims to protect data in use. Among the various solutions proposed for Confidential Computing, the Trusted Execution Environments (TEE) is becoming increasingly adopted, even in industrial scenarios, providing a shielded area where data and code can be processed and stored. However, heterogeneous TEE technologies are now available, making trusted application development difficult for developers. To overcome the problem of developing and deploying applications caused by the deep differences between the currently available TEE technologies, the project Enarx has been proposed. Enarx permits application development for various TEE instances in the public cloud, being CPU-architecture independent and guaranteeing the security of applications from cloud providers. The Enarx logic loads an application attesting the hardware and the Enarx components but misses the integrity verification of the user-developed application. Therefore, the primary objective of our work is to propose an extension where Enarx can verify the user application's trustworthiness deployed in underneath the TEE. The next objective is to integrate the extended Enarx framework with the Trust Monitor system, a centralized monitoring and reporting solution to assess the trustworthiness of a heterogeneous critical infrastructure, like the cloud environment. A validation phase has been conducted, proving the solution fulfils the defined goals in terms of functionalities and performance.