By leveraging TEE (Trusted Execution Environment) and Intel SGX Technologies, the goal was to create a transparent encryption filesystem layer (based on FUSE). The project was implemented in C++ (~5K LoC). It would intercept all IO operations and encrypt on-the-fly payloads within the SGX memory. To ensure security, multiple encryption encapsulation (AES CTR / GCM / GCM SIV) were used. Encrypted content would then be dumped to the main filesystem to later be synched with a Cloud Provider (e.g.: DropBox).