ABSTRACT
For trusted execution environments (TEEs), remote attestation permits establishing trust in software executed on a remote host. It requires that the measurement of a remote TEE is both complete and fresh: We need to measure all aspects that might determine the behavior of an application, and this measurement has to be reasonably fresh. Performing measurements only at the start of a TEE simplifies the attestation but enables "reuse" attacks of enclaves. We demonstrate how to perform such reuse attacks for different TEE frameworks. We also show how to address this issue by enforcing freshness -- through the concept of a singleton enclave -- and completeness of the measurements. Completeness of measurements is not trivial since the secrets provisioned to an enclave and the content of the filesystem can both affect the behavior of the software, i.e., can be used to mount reuse attacks. We present mechanisms to include measurements of these two components in the remote attestation. Our evaluation based on real-world applications shows that our approach incurs only negligible overhead ranging from 1.03% to 13.2%.
- Ittai Anati, Shay Gueron, P. Simon Johnson, and R. Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP).Google Scholar
- Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L Stillwell, et al. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16).Google ScholarDigital Library
- Maurice Bailleu, Dimitra Giantsidi, Vasilis Gavrielatos, Vijay Nagarajan, Pramod Bhatotia, et al. 2021. Avocado: A Secure {In-Memory} Distributed Storage System. In 2021 USENIX Annual Technical Conference (USENIX ATC 21).Google Scholar
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS) (2015).Google Scholar
- Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, and Ahmad-Reza Sadeghi. 2019. DR.SGX: Automated and Adjustable Side-Channel Protection for SGX Using Data Location Randomization. In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC).Google ScholarDigital Library
- Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium (USENIX Security 18).Google ScholarDigital Library
- G. Chen, S. Chen, Y. Xiao, Y. Zhang, Z. Lin, and T. H. Lai. 2019. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. In IEEE European Symposium on Security and Privacy (Euro S&P).Google Scholar
- Intel Corp. [n. d.]. Gramine: A Linux-compatible Library OS for Multi-Process Applications. hhttps://github.com/gramineproject/gramine. Accessed: May 2023.Google Scholar
- Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptol. ePrint Arch. (2016).Google Scholar
- Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive (2016).Google Scholar
- Shuwen Deng, Wenjie Xiong, and Jakub Szefer. 2019. Analysis of Secure Caches using a Three-Step Model for Timing-Based Attacks. Journal of Hardware and Systems Security volume 3.Google ScholarCross Ref
- Aritra Dhar, Ivan Puddu, Kari Kostiainen, and Srdjan Capkun. 2020. ProximiTEE: Hardened SGX attestation by proximity verification. In Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy.Google ScholarDigital Library
- Russell A Fink, Alan T Sherman, Alexander O Mitchell, and David C Challener. 2011. Catching the cuckoo: Verifying tpm proximity using a quote timing side-channel. In International Conference on Trust and Trustworthy Computing.Google ScholarCross Ref
- James C Gordon. 2018. Microsoft Azure Confidential Computing with Intel SGX. https://software.intel.com/content/www/us/en/develop/blogs/microsoft-azure-confidential-computing-with-intel-sgx.html. Accessed: May 2023.Google Scholar
- Franz Gregor, Wojciech Ozga, Sébastien Vaucher, Rafael Pires, Sergei Arnautov, André Martin, Valerio Schiavoni, Pascal Felber, Christof Fetzer, et al. 2020. Trust management as a service: Enabling trusted execution in the face of byzantine stakeholders. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).Google ScholarCross Ref
- Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17).Google Scholar
- Sean Gulley, Vinodh Gopal, Kirk Yap, Wajdi Feghali, Jim Guilford, and Gil Wolrich. 2013. Intel sha extensions--new instructions supporting the secure hash algorithm on intel architecture processor. Intel White Paper (2013).Google Scholar
- Brook Heisler. 2021. Criterion.rs - Statistics-driven Microbenchmarking in Rust. https://github.com/bheisler/criterion.rs. Accessed: May 2023.Google Scholar
- Intel. 2020. Intel® 64 and ia-32 architectures software developer's manual. https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-volume-3d-system-programming-guide-part-4.html. Volume 3D: System programming Guide, Part 4 (2020). Accessed: May 2023.Google Scholar
- Intel. 2021. Intel SGX Linux(R) Driver. https://github.com/intel/linux-sgx-driver. Accessed: May 2023.Google Scholar
- Intel Corporation. 2020. An introductory overview of the Intel TDX technology. Intel White Paper. Intel Corporation.Google Scholar
- Pratheek Karnati. 2018. Data-in-use protection on IBM Cloud using Intel SGX. https://www.ibm.com/cloud/blog/data-use-protection-ibm-cloud-using-intel-sgx. Accessed: May 2023.Google Scholar
- Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19).Google Scholar
- Robert Krahn, Donald Dragoti, Franz Gregor, Do Le Quoc, Valerio Schiavoni, Pascal Felber, Clenimar Souza, Andrey Brito, and Christof Fetzer. 2020. TEEMon: A continuous performance monitoring framework for TEEs. In Proceedings of the 21st International Middleware Conference.Google ScholarDigital Library
- Robert Krahn, Bohdan Trach, Anjo Vahldiek-Oberwagner, Thomas Knauth, Pramod Bhatotia, and Christof Fetzer. 2018. Pesos: Policy enhanced secure object store. In Proceedings of the Thirteenth EuroSys Conference.Google ScholarDigital Library
- Do Le Quoc, Franz Gregor, Jatinder Singh, and Christof Fetzer. 2019. Sgx-pyspark: Secure distributed data analytics. In The World Wide Web Conference (WWW).Google ScholarDigital Library
- Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18).Google ScholarDigital Library
- Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An Execution Infrastructure for Tcb Minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys).Google ScholarDigital Library
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP).Google Scholar
- Ralph Charles Merkle. 1979. Secrecy, authentication, and public key systems. Stanford university.Google Scholar
- Wojciech Ozga, Do Le Quoc, and Christof Fetzer. 2021. Perun: Confidential Multi-stakeholder Machine Learning Framework with Hardware Acceleration Support. In IFIP Annual Conference on Data and Applications Security and Privacy.Google Scholar
- Bryan Parno. 2008. Bootstrapping Trust in a "Trusted" Platform. In Proceedings of the 3rd Conference on Hot Topics in Security.Google ScholarDigital Library
- Wouter Penard and Tim van Werkhoven. 2008. On the secure hash algorithm family. Cryptography in context (2008).Google Scholar
- Christian Priebe, Divya Muthukumaran, Joshua Lind, Huanzhou Zhu, Shujie Cui, Vasily A Sartakov, and Peter Pietzuch. 2019. SGX-LKL: Securing the Host OS Interface for Trusted Execution. arXiv preprint arXiv:1908.11143 (2019).Google Scholar
- FIPS PUB. 2012. Secure hash standard (shs). Fips pub (2012).Google Scholar
- PyTorch. 2021. Training a Classifier. https://pytorch.org/tutorials/beginner/blitz/cifar10_tutorial.html. Accessed: May 2023.Google Scholar
- Do Le Quoc, Franz Gregor, Sergei Arnautov, Roland Kunkel, Pramod Bhatotia, and Christof Fetzer. 2020. Securetf: A secure tensorflow framework. In Proceedings of the 21st International Middleware Conference.Google ScholarDigital Library
- Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing digital side-channels through obfuscated execution. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15).Google Scholar
- Ling Ren, Christopher Fletcher, Albert Kwon, Emil Stefanov, Elaine Shi, Marten Van Dijk, and Srinivas Devadas. 2015. Constants Count: Practical Improvements to Oblivious RAM. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15).Google Scholar
- AMD Sev-Snp. 2020. Strengthening VM isolation with integrity protection and more. White Paper, January (2020), 8.Google Scholar
- Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, Yubin Xia, and Shoumeng Yan. 2020. Occlum: Secure and efficient multitasking inside a single enclave of intel sgx. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems.Google ScholarDigital Library
- Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, Yubin Xia, and Shoumeng Yan. 2020. Occlum: Secure and efficient multitasking inside a single enclave of intel sgx. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).Google ScholarDigital Library
- Brian Smith. 2021. Safe, fast, small crypto using Rust. https://github.com/briansmith/ring. Accessed: May 2023.Google Scholar
- Emil Stefanov, Marten Van Dijk, Elaine Shi, T-H Hubert Chan, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2018. Path oram: An extremely simple oblivious ram protocol. In Journal of the ACM (JACM).Google Scholar
- OpenVino Toolkit. 2020. Security Barrier Camera Demo. https://docs.openvinotoolkit.org/2020.1/_demos_security_barrier_camera_demo_README.html. Accessed: May 2023.Google Scholar
- Chia-Che Tsai, Donald E Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In USENIX Annual Technical Conference (USENIXATC 17).Google Scholar
- Scontain UG. 2021. Python with Encrypted Volume Demo. https://github.com/scontain/volume-demo. Accessed: May 2023.Google Scholar
- Stephan van Schaik, Andrew Kwong, Daniel Genkin, and Yuval Yarom. 2020. SGAxe: How SGX fails in practice.Google Scholar
- Johannes Winter. 2008. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In Proceedings of the 3rd ACM workshop on Scalable trusted computing (STC).Google ScholarDigital Library
Index Terms
- SinClave: Hardware-assisted Singletons for TEEs
Recommendations
Using consumer LED light bulbs for low-cost visible light communication systems
VLCS '14: Proceedings of the 1st ACM MobiCom workshop on Visible light communication systemsLED-to-LED Visible Light Communication (VLC) based on Light Emitting Diodes (LEDs) and microcontrollers provide a foundation for networking using visible light as communication medium. We describe a low-complexity smart LED light bulb prototype that is ...
Hacking in darkness: return-oriented programming against secure enclaves
SEC'17: Proceedings of the 26th USENIX Conference on Security SymposiumIntel Software Guard Extensions (SGX) is a hardware-based Trusted Execution Environment (TEE) that is widely seen as a promising solution to traditional security threats. While SGX promises strong protection to bugfree software, decades of experience ...
Comments