Etusivu Tutki Apua
Kirjaudu sisään
miti
/
mitigator
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki

Ei kuvausta

Puu: 7a4fc8c168
Branchit Tagit
mitigator
ZIP TAR.GZ
Miti Mazmudar 7a4fc8c168 Included text on the deploy_enclaves script. 4 vuotta sitten
docker 74e25d2b9a Make deploy_enclaves.sh executable 4 vuotta sitten
graphene-docker 2fca467ab9 Merged da files. 4 vuotta sitten
sgx-docker 173a02c8a4 Use https instead of ssh URLs for cloning our repos 4 vuotta sitten
LICENSE.txt 6a1cd4fcfc Added names to the license. 4 vuotta sitten
README.md 7a4fc8c168 Included text on the deploy_enclaves script. 4 vuotta sitten
build-driver bf57b73d32 Pin the version of linux-sgx-driver 4 vuotta sitten
build-mitigator 90d7462f50 Dockerfiles and scripts for sgx and graphene 5 vuotta sitten
install-driver 90d7462f50 Dockerfiles and scripts for sgx and graphene 5 vuotta sitten
run-mitigator fd7341a04d Code for building decryptor, verifier, PHP extension in docker. 4 vuotta sitten

README.md

MITIGATOR

This repository contains Docker files for reproducing the implementation of the server-side code for the following paper:

Miti Mazmudar, Ian Goldberg. "Mitigator: Privacy policy compliance using trusted hardware" Proceedings on Privacy Enhancing Technologies. Vol. 2020, No. 3. 18 pages. July 2020.

This system requires a machine with Intel Software Guard Extension (SGX) to function correctly. It consists of three enclaves: a decryptor, a verifier and a target enclave. The Linux SGX driver and Linux SGX SDK are required to run the decryptor enclave. The Linux SGX SDK is also required for the enclaves to attest to each other and to seal secrets to disk. We use the Graphene-SGX library to support running a proof-of-concept verifier and the target application. The target application is an Apache server with a PHP extension to interface with the decryptor enclave. The Graphene-SGX driver is also required to run any applications within Graphene.

We have four main scripts. Two of these scripts setup drivers and the others setup, launch a docker container for running the three enclaves.

  • build-driver: builds specific versions of the Linux SGX and the Graphene-SGX drivers as kernel modules.
  • install-driver: installs the kernel modules generated by the build-driver script onto the machine.
  • build-mitigator: builds three docker images, one for each of the Dockerfiles in the sgx/, graphene/ and docker/ folders respectively. The first docker image contains the SGX SDK and PSW setup. The second docker image adds the Graphene-SGX setup onto the first one. The last docker image is formed by downloading the source-code for our enclaves, including any dependencies, and generating the three enclaves.
  • run-mitigator: runs the docker container with the image initialized in the build-mitigator script.

After entering the docker container, the deploy_enclaves script creates the three enclaves, starting with the decryptor, followed by the verifier and then the Apache server, each in a different tmux session. We do require a client to install our browser extension to test our server-side setup.