This repository contains Docker files for reproducing the implementation of the server-side code for the paper:
Proceedings on Privacy Enhancing Technologies. Vol. 2020, No. 3. 18 pages. July 2020.
Note: This system requires a machine with Intel Software Guard Extension (SGX) in order to be built and to function correctly. We install appropriate versions of the following through our dockerscripts below.
We use Docker scripts to reproduce our setup for our paper. Two of our scripts set up drivers and the others set up and launch a docker container for running the three enclaves.
build-driver: builds version
f7dc97c0of the Linux SGX driver and version
30d4b940of the Graphene-SGX driver, as kernel modules.
install-driver: installs the kernel modules generated by the build-driver script onto the machine.
build-mitigator: builds three docker images, one for each of the Dockerfiles in the sgx-docker/, graphene-docker/, and docker/ folders respectively.
run-mitigator: creates a detached docker container with the image initialized in the build-mitigator script. Re-run this script after any changes to the
build-mitigatorscript to recreate a docker container with the new docker image.
attach-mitigator: attaches to the container created by the
run-mitigatorscript. This lets you interact with the docker container through the terminal.
stop-mitigator: stops the container created by the
run-mitigatorscript. This needs to be run before re-creating a container with a new image through
The docker images download the following software:
sgx-docker/Dockerfile: installs branch sgx_2.1 of the Linux SGX SDK and PSW
graphene-docker/Dockerfile: downloads and installs our mirror of a branch of the Graphene-SGX library OS.
sudo ./install-driver. This step requires having sudo privileges in order to insert kernel drivers into the machine. The Intel SGX and Gtaphene SGX drivers that are built and installed are the standard ones unmodified by us.
build-mitigatorscript to build the docker images. Enter the docker container by running
attach-mitigator. After entering the docker container, run the
deploy_enclavesscript to create the three enclaves. The decryptor enclave is created first, followed by the verifier and then the Apache server, each in a different tmux session. To restart the Apache server after stopping it, you need to stop the decryptor and then run the
deploy_enclavesscript. This restarts the decryptor, verifier and the Apache server in that order.
We require a client to install our Firefox browser extension to test our server-side setup. The last script opens up the port on which the Mitigator server is running within the docker container (default port 80 for http). The server form page can be retrieved on the server machine by accessing
http://server_address/. The browser extension will automatically encrypt all form fields to the decryptor enclave when the submit button is pressed.