Phoenix is a research prototype of a content delivery network (CDN) that serves HTTPS traffic without requiring knowledge of the content providers' HTTPS private keys or TLS session keys. Phoenix uses Intel SGX secure enclaves to host web content, store sensitive key material, apply web application firewalls, and more on otherwise untrusted machines. To support scalability and multi-tenancy, Phoenix is built around a new architectural primitive which we call conclaves: containers of enclaves. Conclaves extend the Graphene-SGX library operating system into a distributed network of kernel servers, reminiscent of a microkernel.
Achieving Keyless CDNs with Conclaves
Stephen Herwig, Christina Garman, Dave Levin
USENIX Security Symposium 2020
Paper
Stephen Herwig
Christina Garman
Dave Levin