skip to main content
10.1145/2810103.2813608acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Moat: Verifying Confidentiality of Enclave Programs

Published: 12 October 2015 Publication History

Abstract

Security-critical applications constantly face threats from exploits in lower computing layers such as the operating system, virtual machine monitors, or even attacks from malicious administrators. To help protect application secrets from such attacks, there is increasing interest in hardware implementations of primitives for trusted computing, such as Intel's Software Guard Extensions (SGX) instructions. These primitives enable hardware protection of memory regions containing code and data, and provide a root of trust for measurement, remote attestation, and cryptographic sealing. However, vulnerabilities in the application itself, such as the incorrect use of SGX instructions or memory safety errors, can be exploited to divulge secrets. In this paper, we introduce a new approach to formally model these primitives and formally verify properties of so-called enclave programs that use them. More specifically, we create formal models of relevant aspects of SGX, develop several adversary models, and present a sound verification methodology (based on automated theorem proving and information flow analysis) for proving that an enclave program running on SGX does not contain a vulnerability that causes it to reveal secrets to the adversary. We introduce Moat, a tool which formally verifies confidentiality properties of applications running on SGX. We evaluate Moat on several applications, including a one time password scheme, off-the-record messaging, notary service, and secure query processing.

References

[1]
Available at http://www.cryptopp.com/.
[2]
https://devmoat.github.io.
[3]
P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing memory error exploits with wit. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP '08, pages 263--277, Washington, DC, USA, 2008. IEEE Computer Society.
[4]
ARM Security Technology - Building a Secure System using TrustZone Technology. ARM Technical White Paper.
[5]
M. Balliu, M. Dam, and R. Guanciale. Automating information flow analysis of low level code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 1080--1091, New York, NY, USA, 2014. ACM.
[6]
M. Barnett, B. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In FMCO '05, LNCS 4111, pages 364--387, 2005.
[7]
M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In PASTE '05, pages 82--87, 2005.
[8]
C. Barrett, R. Sebastiani, S. A. Seshia, and C. Tinelli. Satisfiability modulo theories. In A. Biere, H. van Maaren, and T. Walsh, editors, Handbook of Satisfiability, volume 4, chapter 8. IOS Press, 2009.
[9]
G. Barthe and L. P. Nieto. Secure information flow for a concurrent language with scheduling. In Journal of Computer Security, pages 647--689. IOS Press, 2007.
[10]
A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with Haven. In USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2014.
[11]
B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop, pages 82--96, Cape Breton, Canada, June 2001.
[12]
B. Blanchet. A computationally sound automatic prover for cryptographic protocols. In Workshop on the link between formal and computational models, Paris, France, June 2005.
[13]
N. Borisov, I. Goldberg, and E. Brewer. Off-the-record communication, or, why not to use pgp. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES '04, pages 77--84, New York, NY, USA, 2004. ACM.
[14]
D. Brumley, I. Jager, T. Avgerinos, and E. J. Schwartz. BAP: A binary analysis platform. In Proceedings of the 23rd International Conference on Computer Aided Verification, CAV'11, pages 463--469, 2011.
[15]
R. E. Bryant, S. K. Lahiri, and S. A. Seshia. Modeling and Verifying Systems using a Logic of Counter Arithmetic with Lambda Expressions and Uninterpreted Functions. In Computer-Aided Verification (CAV'02), LNCS 2404, pages 78--92, July 2002.
[16]
M. R. Clarkson and F. B. Schneider. Hyperproperties. Journal of Computer Security, 18(6):1157--1210, Sept. 2010.
[17]
L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS '08, pages 337--340, 2008.
[18]
Z. Durumeric, J. Kasten, D. Adrian, J. A. Halderman, M. Bailey, F. Li, N. Weaver, J. Amann, J. Beekman, M. Payer, and V. Paxson. The matter of heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference, pages 475--488, 2014.
[19]
C. Fournet and T. Rezk. Cryptographically sound implementations for typed information-flow security. In Proceedings 35th Symposium on Principles of Programming Languages. G. Smith, 2008.
[20]
V. Ganapathy, S. A. Seshia, S. Jha, T. W. Reps, and R. E. Bryant. Automatic discovery of API-level exploits. In Proceedings of the 27th International Conference on Software Engineering (ICSE), pages 312--321, May 2005.
[21]
C. Hawblitzel, J. Howell, J. R. Lorch, A. Narayan, B. Parno, D. Zhang, and B. Zill. Ironclad apps: end-to-end security via automated full-system verification. In Proceedings of the 11th USENIX conference on Operating Systems Design and Implementation, pages 165--181, 2014.
[22]
J. Heusser and P. Malacaria. Quantifying information leaks in software. In Proceedings of the 26th Annual Computer Security Applications Conference, pages 261--269. ACM, 2010.
[23]
M. Hoekstra, R. Lal, P. Pappachan, C. Rozas, V. Phegade, and J. Cuvillo. Using innovative instructions to create trustworthy software solutions. In Workshop on Hardware and Architectural Support for Security and Privacy, 2013.
[24]
Intel Software Guard Extensions Programming Reference. Available at https://software.intel.com/sites/default/files/329298-001.pdf.
[25]
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: Formal verification of an os kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP '09, pages 207--220, New York, USA, 2009.
[26]
F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP '13, pages 10:1--10:1, New York, NY, USA, 2013. ACM.
[27]
J. Mclean. Proving noninterference and functional correctness using traces. Journal of Computer Security, 1:37--58, 1992.
[28]
A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proceedings of the 16th ACM Symposium on Operating Systems Principles, SOSP '97, pages 129--142, New York, USA, 1997.
[29]
J. Noorman, P. Agten, W. Daniels, R. Strackx, A. Van Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In Proceedings of the 22nd USENIX Conference on Security, pages 479--494, 2013.
[30]
A. Sabelfeld and A. C. Myers. Language-based information-flow security. Selected Areas in Communications, IEEE Journal on, 21(1):5--19, 2003.
[31]
A. Sabelfeld and A. C. Myers. A model for delimited information release. In In Proc. International Symp. on Software Security, pages 174--191. Springer-Verlag, 2004.
[32]
N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using ARM TrustZone to build a trusted language runtime for mobile applications. In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems (ASPLOS), pages 67--80. ACM, 2014.
[33]
F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: trustworthy data analytics in the cloud using SGX. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17--21, 2015, pages 38--54, 2015.
[34]
D. Volpano, C. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2--3):167--187, Jan. 1996.
[35]
J. Yang and C. Hawblitzel. Safe to the last instruction: Automated verification of a type-safe operating system. In Proceedings of the 31st Conference on Programming Language Design and Implementation, pages 99--110, 2010.

Cited By

View all
  • (2024)ProveriT: A Parameterized, Composable, and Verified Model of TEE Protection ProfileIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.337531121:6(5341-5358)Online publication date: Nov-2024
  • (2024)Verifying Memory Confidentiality and Integrity of Intel TDX Trusted Execution Environments2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545349(44-54)Online publication date: 6-May-2024
  • (2024)Deployment Issues, Attacks, and Other ChallengesTrusted Execution Environments10.1007/978-3-031-55561-9_8(167-184)Online publication date: 22-Feb-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
October 2015
1750 pages
ISBN:9781450338325
DOI:10.1145/2810103
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. confidentiality
  2. enclave programs
  3. formal verification
  4. secure computation

Qualifiers

  • Research-article

Funding Sources

  • NSF STARSS
  • SRC

Conference

CCS'15
Sponsor:

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)36
  • Downloads (Last 6 weeks)1
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)ProveriT: A Parameterized, Composable, and Verified Model of TEE Protection ProfileIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.337531121:6(5341-5358)Online publication date: Nov-2024
  • (2024)Verifying Memory Confidentiality and Integrity of Intel TDX Trusted Execution Environments2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545349(44-54)Online publication date: 6-May-2024
  • (2024)Deployment Issues, Attacks, and Other ChallengesTrusted Execution Environments10.1007/978-3-031-55561-9_8(167-184)Online publication date: 22-Feb-2024
  • (2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
  • (2023)HasTEE: Programming Trusted Execution Environments with HaskellProceedings of the 16th ACM SIGPLAN International Haskell Symposium10.1145/3609026.3609731(72-88)Online publication date: 30-Aug-2023
  • (2023)SEnFuzzer: Detecting SGX Memory Corruption via Information Feedback and Tailored Interface AnalysisProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607215(485-498)Online publication date: 16-Oct-2023
  • (2023)Generalized Policy-Based Noninterference for Efficient Confidentiality-PreservationProceedings of the ACM on Programming Languages10.1145/35912317:PLDI(267-291)Online publication date: 6-Jun-2023
  • (2023)TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution EnvironmentsProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589070(1-15)Online publication date: 17-Jun-2023
  • (2023)Survey of Approaches and Techniques for Security Verification of Computer SystemsACM Journal on Emerging Technologies in Computing Systems10.1145/356478519:1(1-34)Online publication date: 19-Jan-2023
  • (2023)ENCIDER: Detecting Timing and Cache Side Channels in SGX Enclaves and Cryptographic APIsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.316034620:2(1577-1595)Online publication date: 1-Mar-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media