25. July 2022

[dimakuv]

Agenda

(please write your proposed agenda items in comments under this discussion)

• Re-schedule the Gramine core meeting to not-Monday (Mondays are not convenient)
• Gramine presentation during the SGX day (Dmitrii can run through the slides)

Re-schedule the Gramine core meeting

Mona suggested Tuesdays, at 7am PST. Everyone agreed.

Gramine presentation during the SGX day

Dmitrii went through the presentations. Some comments were given. They were resolved in the final version of the presentation.

Encrypted filenames in Encrypted Files

Encrypted Files currently do not hide/encrypt the paths and names of the files. This may be considered a metadata leak.

Mona asked if Gramine's implementation of Encrypted Files could encrypt the filenames (or maybe even the full paths). Mona thought that Intel SGX SDK implementation of Protected Files had this feature, however Dmitrii verified that there is no such feature. Probably such patch existed only in Sudha's (former Intel employee) local branch.

Mona asked to create a GitHub issue about it (not yet done by anyone). However, the need for this feature is unclear.

Michal believes that encrypting base names may not be that hard, but encrypting complete file paths would be impossible. It may break user manifests, and may require very intrusive changes in path lookups.

Local attestation between independent SGX enclaves

There are scenarios when two independently started Gramine-SGX instances want to communicate with each other over UNIX Domain Sockets (UDS). Two immediate scenarios:

• Enclave-CC has two Gramine-SGX instances: one is the long-lived agent, and another is a short-lived app. The agent wants to communicate some info to the app, and for this it would like to use UDS with SGX local attestation.
• Kubernetes pods with two Docker containers. Typically, Docker containers run separate apps, and they may want to communicate over UDS. If we wrap Docker-container apps in Gramine-SGX each, then we need UDS with SGX local attestation.

Mona thinks there will be more users for this feature with time.

Michal and Borys believe this will be a security nightmare. In particular, embedding policies "which peer enclaves are trustworthy" may be very cumbersome, bloated and unintuitive.

No conclusion on this yet. Needs more discussions.

[mkow]

Michal believes that encrypting base names may not be that hard, but encrypting complete file paths would be impossible

Maybe not impossible, but really complex and breaking our current design and making it much less nice. So, we need a strong justification for this.