Abstract

At Fortanix, we are developing cloud-scale security infrastructure using SGX. For example, our Self-Defending Key Management Service (SDKMS) can span multiple machines and enclaves, rendering a more scalable and cost-effective alternative to a traditional Hardware Security Module (HSM). This paper describes several subtle, practical, and underexplored problems in the space of building scalable, trusted applications, based on our experience building distributed SGX systems. In particular, we discuss shortcomings in remote attestation for microservice-style applications, software updates, and opportunities to reflect trustworthy development practices in attestation features.