Abstract
Intel has recently offered third-party attestation services, called Data Center Attestation Primitives (DCAP), for a data center to create its own attestation infrastructure. These services address the availability concerns and improve the performance as compared to the remote attestation based on Enhanced Privacy ID (EPID). Practical developments, such as Hyperledger Avalon, have already planned to support DCAP in their roadmap. However, the lack of formal proof for DCAP leads to security concerns. To fill this gap, we propose an automated, rigorous, and sound formal approach to specify and verify the remote attestation based on Intel SGX DCAP under the assumption that there are no side-channel attacks and no vulnerabilities inside the enclave. In the proposed approach, the data center configuration and operational policies are specified to generate the symbolic model, and security goals are specified as security properties to produce verification results. The evaluation of non-Quoting Verification Enclave-based DCAP indicates that the confidentiality of secrets and integrity of data is preserved against a Dolev-Yao adversary in this technology. We also present a few of the many inconsistencies found in the existing literature on Intel SGX DCAP during formal specification.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: mobile values, new names, and secure communication. J. ACM (JACM) 65(1), 1–41 (2017)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. ACM SIGPLAN Not. 36(3), 104–115 (2001)
Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: International Workshop on Hardware and Architectural Support for Security and Privacy, 2013. ACM, New York (2013). https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing
Avram, M.G.: Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technol. 12, 529–534 (2014)
Bachmair, L., Ganzinger, H.: Resolution theorem proving. In: Handbook of Automated Reasoning, pp. 19–99. Elsevier (2001)
Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006). https://doi.org/10.1007/11804192_17
Biere, A., Cimatti, A., Clarke, E.M., Fujita, M., Zhu, Y.: Symbolic model checking using SAT procedures instead of BDDs. In: Design Automation Conference, pp. 317–320. ACM/IEEE (1999)
Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49059-0_14
Blanchet, B.: Modeling and verifying security protocols with the applied pi calculus and ProVerif. Found. Trends Priv. Secur. 1(1–2), 1–135 (2016)
Blanchet, B.: CryptoVerif: a computationally-sound security protocol verifier. Technical report (2017)
Brickell, E., Li, J.: Enhanced privacy ID: a direct anonymous attestation scheme with enhanced revocation capabilities. In: Privacy in Electronic Society, pp. 21–30. ACM (2007)
Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. In: Social Computing, pp. 768–775. IEEE (2010)
Browne, M.C., Clarke, E.M., Grümberg, O.: Characterizing finite Kripke structures in propositional temporal logic. Theor. Comput. Sci. 59(1–2), 115–131 (1988)
Cabodi, G., Camurati, P., Loiacono, C., Pipitone, G., Savarese, F., Vendraminetto, D.: Formal verification of embedded systems for remote attestation. WSEAS Trans. Comput. 14, 760–769 (2015)
Conchon, S., Roux, M.: Reasoning about universal cubes in MCMT. In: Ait-Ameur, Y., Qin, S. (eds.) ICFEM 2019. LNCS, vol. 11852, pp. 270–285. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32409-4_17
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive (2016)
Costan, V., Lebedev, I., Devadas, S.: Sanctum: minimal hardware extensions for strong software isolation. In: USENIX Security Symposium, pp. 857–874 (2016)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Fraer, R., et al.: From visual to logical formalisms for SoC validation. In: Formal Methods and Models for Codesign (MEMOCODE), pp. 165–174. ACM/IEEE (2014)
Gill, A.: Domain-specific languages and code synthesis using Haskell. Queue 12(4), 30–43 (2014)
Goel, A., Krstic, S., Leslie, R., Tuttle, M.: SMT-based system verification with DVF. In: Satisfiability Modulo Theories, vol. 20, pp. 32–43. EasyChair (2013)
Herlihy, M.P., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)
Hyperledger: Hyperledger Avalon (2020). https://www.hyperledger.org/use/avalon. Accessed 24 July 2020
Intel: Attestation service for Intel\(\textregistered \) Software Guard Extensions (Intel\(\textregistered \) SGX): API documentation. https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf, revision 6.0. Accessed 24 July 2020
Intel: Intel®Software Guard Extensions (Intel®SGX) Data Center Attestation Primitives: ECDSA Quote Library API, March 2020–08 July 2020. https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf. Accessed 24 July 2020
Intel: SGX Data Center Attestation Primitives. https://github.com/intel/SGXDataCenterAttestationPrimitives. Accessed on 24 July 2020
Intel: Intel®Software Guard Extensions (Intel® SGX), June 2015. https://software.intel.com/sites/default/files/332680-002.pdf, revision 1.1. Accessed 24 July 2020
Intel: Intel® 64 and IA-32 architectures: software developer’s manual. Order Number: 325462–071US, October 2019. https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf. Accessed 24 July 2020
Intel: Intel® SGX data center attestation primitives (Intel® SGX DCAP) (2019). https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_DCAP_ECDSA_Orientation.pdf, revision 08–07-2020, Accessed 24 July 2020
Intel: Intel®PCK Certificate and Certificate Revocation List Profile Specification, March 2020. https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.4.pdf, revision 1.4, 30 March 2020, updated 08–07-2020. Accessed 24 July 2020
Intel: Intel®Software Guard Extensions (Intel®SGX): developer guide, April 2020. https://download.01.org/intel-sgx/sgx-linux/2.9.1/docs/Intel_SGX_Developer_Guide.pdf, revision 2.9.1, April 2020. Accessed 24 July 2020
Johnson, S., Scarlata, V., Rozas, C., Brickell, E., Mckeen, F.: Intel® Software Guard Extensions: EPID provisioning and attestation services (2016), https://software.intel.com/content/www/us/en/develop/download/intel-sgx-intel-epid-provisioning-and-attestation-services.html
Kaplan, D.: AMD x86 memory encryption technologies. USENIX Association, Austin, TX, August 2016
Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., Vij, M.: Integrating remote attestation with transport layer security. arXiv preprint:1801.05863 (2018)
Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems: A Cyber-Physical Systems Approach. MIT Press, Cambridge (2017)
Leslie-Hurd, R., Caspi, D., Fernandez, M.: Verifying linearizability of Intel® software guard extensions. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9207, pp. 144–160. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21668-3_9
Lugou, F., Apvrille, L., Francillon, A.: SMASHUP: a toolchain for unified verification of hardware/software co-designs. J. Cryptograph. Eng. 7(1), 63–74 (2017)
Marlow, S., et al.: Haskell 2010 language report (2010). https://www.haskell.org/onlinereport/haskell2010
McKeen, F., et al.: Intel\(\textregistered \) software guard extensions (Intel\(\textregistered \) SGX) support for dynamic memory management inside an enclave. In: Hardware and Architectural Support for Security and Privacy, pp. 1–9. ACM (2016)
Nunes, I.D.O., Eldefrawy, K., Rattanavipanon, N., Steiner, M., Tsudik, G.: VRASED: a verified hardware/software co-design for remote attestation. In: 28th USENIX Security Symposium, pp. 1429–1446. USENIX Association, Santa Clara (2019)
Paar, C., Pelzl, J.: Understanding Cryptography: A Textbook for Students and Practitioners. Springer, Cham (2009)
Pinto, S., Santos, N.: Demystifying ARM TrustZone: a comprehensive survey. ACM Comput. Surv. (CSUR) 51(6), 1–36 (2019)
Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: Trustcom/BigDataSE/ISPA, vol. 1, pp. 57–64. IEEE (2015)
Sardar, M.U., Quoc, D.L., Fetzer, C.: Towards formalization of EPID-based remote attestation in Intel SGX, Euromicro Conference on Digital System Design (To appear, 2020)
Scarlata, V., Johnson, S., Beaney, J., Zmijewski, P.: Supporting third party attestation for Intel® SGX with Intel® data center attestation primitives. White paper (2018)
Subramanyan, P., Sinha, R., Lebedev, I., Devadas, S., Seshia, S.A.: A formal foundation for secure remote execution of enclaves. In: SIGSAC Conference on Computer and Communications Security, pp. 2435–2450. ACM (2017)
Tuttle, M.R., Goel, A.: Protocol proof checking simplified with SMT. In: Network Computing and Applications, pp. 195–202. IEEE (2012)
Weidenbach, C.: Towards an automatic analysis of security protocols in first-order logic. CADE 1999. LNCS (LNAI), vol. 1632, pp. 314–328. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48660-7_29
Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 178–194, May 1993
Zeller, A.: Why Programs Fail: A Guide to Systematic Debugging. Elsevier (2009)
Acknowledgments
We would like to thank Do Le Quoc for his feedback on this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Sardar, M.U., Faqeh, R., Fetzer, C. (2020). Formal Foundations for Intel SGX Data Center Attestation Primitives. In: Lin, SW., Hou, Z., Mahony, B. (eds) Formal Methods and Software Engineering. ICFEM 2020. Lecture Notes in Computer Science(), vol 12531. Springer, Cham. https://doi.org/10.1007/978-3-030-63406-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-63406-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63405-6
Online ISBN: 978-3-030-63406-3
eBook Packages: Computer ScienceComputer Science (R0)