Introduction

When it comes to securing sensitive applications and data, a best practice is to encrypt the data. While encrypting data-at-rest and data-in-motion are well-recognized issues with multiple solutions, runtime application security has been an unsolved problem. Plain text code and data is exposed at runtime, and that information can include sensitive data, keys for data-at-rest and certificates for data-in-motion.

Anjuna SGX Runtime provides runtime protection for sensitive applications and their data. It offers the following main benefits:

Security for the application regardless of the state of infrastructure security.
Simplicity - requires no code changes or recompilation, and seamlessly integrates into existing DevOps processes.

It uses the following constructs to provide security:

Memory Isolation: Completely isolates application memory from anything else on the machine including the operating system. Memory never leaves the CPU secure enclave unencrypted. No one can access memory, not even with root or physical access to the system.
Remote Attestation: Ensures a secure trusted channel to a back-end server application, provides integrity by validating that expected code is running in the expected environment.

These constructs are provided by Secure Enclaves, implemented in modern processors.

Secure Enclaves

Conventional approaches to securing applications have relied primarily on software to provide protection. However good the software implementation may be, an attacker that is able to gain privileged access would conceivably be able to circumvent software defenses. A recent and disruptive technology introduced in many new processor models provides a better security and privacy model. It allows you to run an application in an environment that is isolated from the host, while running on the same machine. In the case of Intel®, the key enabler is the hardware-level memory isolation introduced by Intel® Software Guard Extensions, that creates an encrypted partition of the memory. Somewhat similar functionality is offered by AMD in the form of Secure Encrypted Virtualization (SEV).

Intel® Software Guard Extensions (Intel® SGX) brings a hardware root-of-trust and program isolation to commodity processors, enabling the handling of sensitive data in a trusted execution environment called a secure enclave.

Secure enclaves enable running an application so that its contents and the data it handles are completely inaccessible to any other entities. Such “blocked” entities include privileged users on the guest OS, the hypervisor or the host OS itself.

About this Document

This guide is structured as follows:

Getting the Anjuna Runtime explains how to obtain and set up the Anjuna Runtime.
First Steps guides you through running a few simple programs with the protection of a secure enclave.
Configure Applications for Anjuna shows you how to configure the Anjuna Runtime to work effectively with your applications.
Secure Inputs and Outputs explains how you can configure the Anjuna Runtime to automatically protect input and output data.
Tutorial: Anjuna in a Docker Container shows how to create a Docker container that can run applications in a secure enclave.
Advanced: The Policy Manager describes how to set up the Anjuna Policy Manager, a tool that helps you manage encryption and signing keys.
Advanced: Trusting the Software in Production explains how you can trust software running in a secure enclave.
The Glossary of Terms defines words and phrases used in this document with technical or specialized meanings.
The Command Reference is a reference to the command-line tools distributed with the Anjuna software.
The Configuration Reference explains the configuration options used to control the behavior of the Anjuna Runtime.
The Troubleshooting section addresses warnings and errors you might encounter while using Anjuna.

Document Conventions

This section describes typographical and other conventions used in this guide.

Words used with specialized or technical meanings appear in boldface type the first time they appear, and also when they are used for the first time in a new section. You can find definitions of specialized vocabulary in the Glossary.

Text colored like this is a link to another document, either in this guide or elsewhere on the web.

Text in monospace type represents text that appears in a terminal or in the filesystem of a host. We use it to refer to the names of commands and of files used by the Anjuna SGX Runtime and in examples.

A block of text in monospace type represents an interaction with a host’s shell in the terminal, or the text of a file.

This block of text is an example of monospace type used to illustrate the contents of a file.

The following text illustrates the appearance of a command in a terminal shell. It can be copied by hovering the text and clicking on the clipboard icon to the right.

$ ls -al

Italic type in examples stands for text that should be replaced.

For example, in this text:

/home/username/.bashrc

the text username should be replaced with an actual username.