Miti Mazmudar 7833d0610b Small fixes to main dockerfile | 4 anos atrás | |
---|---|---|
docker | 4 anos atrás | |
graphene-docker | 4 anos atrás | |
sgx-docker | 4 anos atrás | |
LICENSE.txt | 4 anos atrás | |
README.md | 4 anos atrás | |
attach-mitigator | 4 anos atrás | |
build-driver | 4 anos atrás | |
build-mitigator | 5 anos atrás | |
install-driver | 5 anos atrás | |
run-mitigator | 4 anos atrás | |
stop-mitigator | 4 anos atrás |
This repository contains Docker files for reproducing the implementation of the server-side code for the following paper:
Miti Mazmudar, Ian Goldberg. "Mitigator: Privacy policy compliance using trusted hardware" Proceedings on Privacy Enhancing Technologies. Vol. 2020, No. 3. 18 pages. July 2020.
This system requires a machine with Intel Software Guard Extension (SGX) to function correctly. It consists of three enclaves: a decryptor, a verifier and a target enclave. The target enclave is a PHP server which obtains user data through forms and we wish to ensure compliance of the webserver with its privacy policy. The Linux SGX driver and Linux SGX SDK are required to run the decryptor enclave. The Linux SGX SDK is also required for the enclaves to attest to each other and to seal secrets to disk. We use the Graphene-SGX library to support running a proof-of-concept verifier and the target application. The target application is an Apache server with a PHP extension to interface with the decryptor enclave. The Graphene-SGX driver is also required to run any applications within Graphene.
We have four main scripts. Two of these scripts setup drivers and the others setup, launch a docker container for running the three enclaves.
After entering the docker container, the deploy_enclaves script creates the three enclaves, starting with the decryptor, followed by the verifier and then the Apache server, each in a different tmux session. We do require a client to install our browser extension to test our server-side setup. The last script opens up port 8044 for the Mitigator server and thus the form page can be retrieved by accessing :8044/index.php. To restart the Apache server after stopping it, you need to stop the decryptor and then restart the decryptor, verifier and the Apache server in that order, as in the deploy_enclaves script.