TEEnder: SGX Enclave Migration using HSMs

Abstract Intel Software Guard Extensions (SGX) is a new method of enhancing application security by creating safe areas of memory (enclaves) where data and code are protected from inspection and tampering. This technology is being applied to cloud computing as well, however, software deployed with SGX enclaves is complex to migrate between machines using traditional methods as SGX uses unique hardware keys for data sealing. This paper proposes a novel method of migrating SGX enclaves between different machines using Hardware Security Modules (HSMs) to encrypt and decrypt data using HSM generated keys. The use of HSMs achieves faster migration for large enclaves or during multiple concurrent migrations. Since the this solution does not depend on the security of remote attestation, and uses the keys stored in the HSM it provides a higher degree of security than current enclave migration solutions.