Evaluation of Using Secure Enclaves in Virtualized Radio Environments

Abstract: Virtual Network Functions (VNFs) are software applications that process network packets in virtualized environments such as clouds. Using VNFs to process network traffic inside a cloud, which could be controlled by a third-party, exposes the secrets that are stored within the VNFs to a significant amount of threats. Trusted Execution Environments (TEEs) are hardware technologies dedicated to protect software from other malicious applications and users. Open Enclave and Asylo are two SDKs that decouple software and hardware and enable developers to build applications that utilize TEEs without creating hardware dependencies. Open Enclave and Asylo are still in an early stage of development, Asylo in particular. The impact of integrating Open Enclave and Asylo to VNFs from a security and performance perspective was addressed by performing a risk assessment and running performance experiments. The identified vulnerabilities in VNFs were mitigated by using available security properties from TEEs. The results show that protecting VNFs with Open Enclave and Asylo mitigate a significant amount of threats. However, the VNFs suffer from a performance penalty when using TEEs, and are still vulnerable to side-channel and Denial-of-Service attacks.