-
Notifications
You must be signed in to change notification settings - Fork 0
Project overview
Our contribution allows you to use an SQLite database with a slightly modified SQLite library in a secure SGX Enclave. The database file and temporary files of the database are stored encrypted on the hard disk. Here the general features of the SGX system can be used. This includes the hardware accelerated use of AES encryption and decryption as well as the management of enclave keys.
The Eclipse workspace has been configured to create a demo database named test.db in <eclipse-workspace>/SGX_SQLite/sgx/enclave_sqlite. The name can be configured in the IDE. Please note that due the secure file system of the SGX platform (which uses Data Sealing) the file does not contain plain text information of the database. The database is therefore not readable with standard tools like the SQLite browser.
Due to time constraints, the implementation of the SQLite library for use in an SGX enclave could not be fully completed, so this section will briefly describe the known issues that still exist.
- Currently the file size of the SQLite database should not exceed the limit of 1.1 GB, otherwise the file is no longer readable. The problem could already be limited to the incorrect execution of the ‘sgx_fseek' function, but has not yet been fixed.
- To use the Virtual File System for SQLite, it is necessary to implement a large number of functions (see VFS) All essential functions have been implemented. Currently still outstanding are the functions
xRandomnessandxCurrentTime. - If read and write operations are performed via the SQL console, recovery files are currently created for the database as well as for the temporary files. There can be many reasons for this, as described in the SQLite documentation. This specific cause should be debugged. However, it does not lead to any problems. However, we think that performance could improve if this problem can be solved.
The modified SQLite library (using OCalls instead of system calls) is based on the project of yerzhan7's SGX_SQLite. The repository was published under the Unlicense license. For this reason this project is also published under the Unlicense license.
🛠️ How to install Intel SGX Driver on Ubuntu
🛠️ How to install Intel SGX SDK on Ubuntu
🎯 Validate that your Intel SGX Setup is working correctly
💻 How to setup the Eclipse IDE (with SGX Plugin)
⭐ How to setup the first SGX Project
📊 How to analyse an SGX Enclave? (Installation and Usage)
📁 Brief introduction: SQLite's Virtual File System