Introducing NGINX — SGX web server
NGINX is an open-source web server, designed for maximum performance and stability.
If you are developing a web application and you want to host this application, you might have a tough time handling all incoming requests. Therefore you might experience many downtimes of your server while handling a handful of requests. NGINX is a web server that solves such efficiency issues because it provides you with the tools to optimally handle thousands of requests at the same time. This is why NGINX is one of the most reliable servers out there.
With enclaive NGINX – Confidential Compute Enterprise Enclave 4 SGX you can now boost your “old” NGINX web server with the encryption functionalities of Intel® Software Guard Extensions (SGX).
What does this mean? Our NGINX-SGX can now protect all your data from insider and outsider attacks. NGINX-SGX combines the confidential computing technology used within Intel® SGX with the NGINX web server. The application code is now executed within this secure enclave while being sent back to the requester of the specific URL content. NGINX-SGX provides this “black box” that now holds the entire content requested, making sure there will be no leaks of sensitive data. Therefore, it delivers a fast and effective way to protect NGINX-served data against unauthorized use.
How we boost your NGINX web server
Tailor-made for confidential computing
By leveraging Intel® SGX-enabled CPUs and enclaive’s Enterprise Enclaves software, we provide you with a fully encrypted NGINX web server. With a single command, enclaive automatically creates a secure enclave that isolates and encrypts all application resources in runtime, at rest, and on the network to achieve the strongest end-to-end data protection available.
The focus of SGX is to protect sensitive data against untrusted users, even on already compromised systems. How is this acchieved? With the help of hard implemented security and crypto mechanism inside the CPU itself. These enclaves are only accessible from inside themselves and plain text is only visible during the processing inside the CPU. Therefore, keeping the stored information safe at any given moment.
Great performance combined with great confidentiality
NGINX is a free and widely used open-source web server, reverse proxy, load balancer, mail proxy, and cache. However, NGINX has a vulnerability common to virtually all applications. It stores data in plain text in memory and an insider can easily scan memory using public scanning tools to gain unfettered access to any sensitive information stored in memory. But this will not happen with our enclaive NGINX–SGX. Our containers protect that data and the application itself from any insider attacks, even when the host is completely compromised. And if someone stops or interrupts a running enclave, any context information like registers is removed from the CPU. Therefore by interrupting the enclave an attacker cannot gain any information from the enclave.
Furthermore, enclaive NGINX-SGX containers are highly secure and built to work right out of the box. You don’t need to change the application code or SDKs. Because our intuitive and self-contained docker containers make infrastructure configuration easier.
By leveraging NGINX-SGX you are automatically protecting every single personally identifiable information on your website. Our containers satisfy every privacy legislation: we keep your data always encrypted, in every part of the data lifecycle, making sure your business stays GDPR-compliant. Any user or legal auditor may attest at any moment to the integrity and confidentiality of both code and data. Any private or personal data shared through the web server will now be completely encrypted within this “black box”. Therefore, no data leakage can occur during the data processing time span.
Are you curious about trying SGX powered NGINX web server?
This sounds interesting to you, but you don’t want to use the entire next week to completely change your implementation? No worries: NGINX–CCEE4SGX provides a pre-configured instance and step-by-step instructions that help you to quickly get a fully secure NGINX running in an enclave on all instances.
So why are you still reading? Try it out now here. Free of charge, of course!