The Phoenix CDN and Conclaves


Phoenix is a research prototype of a content delivery network (CDN) that serves HTTPS traffic without requiring knowledge of the content providers' HTTPS private keys or TLS session keys. Phoenix uses Intel SGX secure enclaves to host web content, store sensitive key material, apply web application firewalls, and more on otherwise untrusted machines. To support scalability and multi-tenancy, Phoenix is built around a new architectural primitive which we call conclaves: containers of enclaves. Conclaves extend the Graphene-SGX library operating system into a distributed network of kernel servers, reminiscent of a microkernel.

Figure: Architectural design of Phoenix. Multiple enclaves (yellow boxes) reside in a logical conclave (red boxes), permitting multiple processes and multi-tenant deployments.


Achieving Keyless CDNs with Conclaves
Stephen Herwig, Christina Garman, Dave Levin
USENIX Security Symposium 2020


source code


Stephen Herwig
Christina Garman
Dave Levin

Web Accessibility