ABSTRACT
We are now seeing increased hardware support for improving the security and performance of privilege separation and compartmentalization techniques. Today, developers can benefit from multiple compartmentalization mechanisms such as process-based sandboxes, trusted execution environments (TEEs)/enclaves, and even intra-address space compartments (i.e., intra-process or intra-enclave). We dub such a computing model a “hetero-compartment” environment and observe that existing system stacks still assume single-compartment models (i.e., user space processes), leading to limitations in using, integrating, and monitoring heterogeneous compartments from a security and performance perspective.
We introduce Deluminator, a set of OS abstractions and a userspace framework to enable extensible and fine-grained information flow tracking in hetero-compartment environments. Deluminator allows developers to securely use and combine compartments, define security policies over shared system resources, and audit policy violations and perform digital forensics across heterogeneous compartments. We implemented Deluminator on Linux-based ARM and x86-64 platforms, which supports diverse compartment types ranging from processes, SGX enclaves, TrustZone Trusted Apps (TAs), and intra-address space compartments. Our evaluation shows that our kernel and hardware-assisted approach results in a reasonable overhead (on average 7-29%) that makes it suitable for real-world applications.
- 2019. SGX-OpenSSL. https://github.com/sparkly9399/SGX-OpenSSL.Google Scholar
- 2020. Intel Trust Domain Extensions (Intel TDX). https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html.Google Scholar
- 2020. OP-TEE. https://github.com/OP-TEE. Access Date : 2020-03-28.Google Scholar
- Ross Anderson. 2008. Security engineering. John Wiley & Sons.Google Scholar
- ARM. 2009. Security technology building a secure system using TrustZone technology (white paper). ARM Limited (2009).Google Scholar
- ARM. 2012. Architecture Reference Manual; ARMv7-A and ARMv7-R edition. https://static.docs.arm.com/ddi0406/c/DDI0406C_C_arm_architecture_reference_manual.pdf. Access Date : 2020-5-26.Google Scholar
- Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’keeffe, Mark Stillwell, 2016. SCONE: Secure Linux Containers with Intel SGX.. In OSDI, Vol. 16. 689–703.Google Scholar
- Pierre-Louis Aublin, Florian Kelbert, Dan O’keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. 2017. TaLoS: Secure and transparent TLS termination inside SGX enclaves. Imperial College London, Tech. Rep 5, 2017 (01 2017). https://doi.org/10.25561/94936 See https://github.com/lsds/TaLoS.Google Scholar
- Andrew Baumann. 2017. Hardware is the new software. In Proceedings of the 16th Workshop on Hot Topics in Operating Systems. 132–137.Google ScholarDigital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with Haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015), 8.Google ScholarDigital Library
- David Berard. 2018. Kinibi TEE: Trusted Application Exploitation.Google Scholar
- Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The Guard’s Dilemma: Efficient Code-Reuse Attacks Against Intel SGX. In 27th USENIX Security Symposium (USENIX Security 18). 1213–1227.Google Scholar
- Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting applications into reduced-privilege compartments. In USENIX Association.Google Scholar
- Jay Bosamiya, Wen Shih Lim, and Bryan Parno. 2022. Provably-Safe Multilingual Software Sandboxing using WebAssembly. In 31st USENIX Security Symposium (USENIX Security 22). 1975–1992.Google Scholar
- Pablo Buiras, Dimitrios Vytiniotis, and Alejandro Russo. 2015. HLIO: Mixing static and dynamic typing for information-flow control in Haskell. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming. 289–301.Google ScholarDigital Library
- Sanchuan Chen, Zhiqiang Lin, and Yinqian Zhang. 2023. Controlled Data Races in Enclaves: Attacks and Detection. In 32nd USENIX Security Symposium (USENIX Security 22).Google Scholar
- Xiaoxin Chen, Tal Garfinkel, E Christopher Lewis, Pratap Subrahmanyam, Carl A Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan RK Ports. 2008. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. ACM SIGOPS Operating Systems Review 42, 2 (2008), 2–13.Google ScholarDigital Library
- Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, and Long Lu. 2016. Shreds: Fine-grained execution units with private memory. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 56–71.Google ScholarCross Ref
- Winnie Cheng, Dan RK Ports, David Schultz, Victoria Popic, Aaron Blankstein, James Cowling, Dorothy Curtis, Liuba Shrira, and Barbara Liskov. 2012. Abstractions for usable information flow control in Aeolus. In Presented as part of the 2012 USENIX Annual Technical Conference (USENIX ATC 12). 139–151.Google Scholar
- James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: a generic dynamic taint analysis framework. In Proceedings of the 2007 international symposium on Software testing and analysis. 196–206.Google ScholarDigital Library
- Tobias Cloosters, Michael Rodler, and Lucas Davi. 2020. TeeRex: discovery and exploitation of memory corruption vulnerabilities in SGX enclaves. In Proceedings of the 29th USENIX Conference on Security Symposium. 841–858.Google Scholar
- Tobias Cloosters, Johannes Willbold, Thorsten Holz, and Lucas Davi. 2022. { SGXFuzz} : Efficiently Synthesizing Nested Structures for { SGX} Enclave Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22). 3147–3164.Google Scholar
- Intel Corporation. 2019. Intel Software Guard Extensions for Linux OS. https://github.com/intel/linux-sgx. Access Date :2019-03-01.Google Scholar
- Microsoft Corporation. 2019. Open Enclave SDK. https://github.com/openenclave/openenclave. Access Date :2019-08-12.Google Scholar
- Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, 2014. The matter of heartbleed. In Proceedings of the 2014 conference on internet measurement conference. ACM, 475–488.Google ScholarDigital Library
- William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 1–29.Google ScholarDigital Library
- Andrew Ferraiuolo, Mark Zhao, Andrew C Myers, and G Edward Suh. 2018. HyperFlow: A processor architecture for nonmalleable, timing-safe information flow security. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1583–1600.Google ScholarDigital Library
- Charles García-Tobin. 2021. Unlocking the power of data with ARM CCA. https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/unlocking-the-power-of-data-with-arm-cca?_ga=2.220985304.13311694.1639690475-1159947857.1639439044.Google Scholar
- Daniel B Giffin, Amit Levy, Deian Stefan, David Terei, David Mazieres, John C Mitchell, and Alejandro Russo. 2012. Hails: Protecting data privacy in untrusted web applications. In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12). 47–60.Google Scholar
- GlobalPlatform. 2018. GlobalPlatform Security Task ForceRoot of Trust Definitions and Requirements. Available at: https://globalplatform.org/wp-content/uploads/2018/06/GP_RoT_Definitions_and_Requirements_v1.0.1_PublicRelease_CC.pdf.Google Scholar
- Anitha Gollamudi and Stephen Chong. 2016. Automatic Enforcement of Expressive Security Policies Using Enclaves. In Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (Amsterdam, Netherlands) (OOPSLA 2016). Association for Computing Machinery, New York, NY, USA, 494–513. https://doi.org/10.1145/2983990.2984002Google ScholarDigital Library
- Anitha Gollamudi, Stephen Chong, and Owen Arden. 2019. Information Flow Control for Distributed Trusted Execution Environments. In 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). 304–30414. https://doi.org/10.1109/CSF.2019.00028Google ScholarCross Ref
- Google. 2018. Asylo: An open and flexible framework for enclave applications. http://web.archive.org/web/20080207010024http://www.808multimedia.com/winnt/kernel.htm.Google Scholar
- Jinyu Gu, Bojun Zhu, Mingyu Li, Wentai Li, Yubin Xia, and Haibo Chen. 2022. A { Hardware-Software} Co-design for Efficient { Intra-Enclave} Isolation. In 31st USENIX Security Symposium (USENIX Security 22). 3129–3145.Google Scholar
- Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. 2017. TrustShadow: Secure execution of unmodified applications with ARM TrustZone. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 488–501.Google ScholarDigital Library
- Khilan Gudka, Robert NM Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G Neumann, and Alex Richardson. 2015. Clean application compartmentalization with soaap. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1016–1031.Google ScholarDigital Library
- Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. 2018. Chiron: Privacy-preserving Machine Learning as a Service. arXiv preprint arXiv:1803.05961 (2018).Google Scholar
- Intel. 2016. Overview of Intel Software Guard Extensions Instructions and Data Structures. https://software.intel.com/en-us/blogs/2016/06/10/overview-of-intel-software-guard-extensions-instructions-and-data-structures.Google Scholar
- Intel. 2019. Intel® 64 and IA-32 Architectures Software Developer’s Manual. https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdfGoogle Scholar
- Jin Soo Jang, Sunjune Kong, Minsu Kim, Daegyeong Kim, and Brent Byunghoon Kang. 2015. SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment.. In NDSS.Google Scholar
- Jinghao Jia, Raj Sahu, Adam Oswald, Dan Williams, Michael V Le, and Tianyin Xu. 2023. Kernel extension verification is untenable. In Proceedings of the 19th Workshop on Hot Topics in Operating Systems. 150–157.Google ScholarDigital Library
- Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, and Yutaka Miyake. 2013. Run-time enforcement of information-flow properties on Android. In European Symposium on Research in Computer Security. Springer, 775–792.Google ScholarCross Ref
- David Kaloper-Mersinjak, Hannes Mehnert, Anil Madhavapeddy, and Peter Sewell. 2015. Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation.. In USENIX Security Symposium. 223–238.Google Scholar
- Ryan Karl, Jonathan Takeshita, and Taeho Jung. 2020. Using Intel SGX to Improve Private Neural Network Training and Inference. In Proceedings of the 7th Symposium on Hot Topics in the Science of Security (Lawrence, Kansas) (HotSoS ’20). Association for Computing Machinery, New York, NY, USA, Article 31, 2 pages. https://doi.org/10.1145/3384217.3386399Google ScholarDigital Library
- Mustakimur Rahman Khandaker, Yueqiang Cheng, Zhi Wang, and Tao Wei. 2020. COIN attacks: On insecurity of enclave untrusted interfaces in SGX. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 971–985.Google ScholarDigital Library
- Douglas Kilpatrick. 2003. Privman: A Library for Partitioning Applications.. In USENIX Annual Technical Conference, FREENIX Track. 273–284.Google Scholar
- Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, and Dongsu Han. 2018. SGX-Tor: A Secure and Practical Tor Anonymity Network With SGX Enclaves. IEEE/ACM Transactions on Networking 26, 5 (2018), 2174–2187.Google ScholarDigital Library
- Paul Kirth, Mitchel Dickerson, Stephen Crane, Per Larsen, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz. 2022. PKRU-safe: automatically locking down the heap between safe and unsafe languages. In Proceedings of the Seventeenth European Conference on Computer Systems. 132–148.Google ScholarDigital Library
- Akshay Krishnamurthy, Adrian Mettler, and David Wagner. 2010. Fine-grained privilege separation for web applications. In Proceedings of the 19th international conference on World wide web. 551–560.Google ScholarDigital Library
- Alex Krizhevsky. 2009. The CIFAR-100 dataset. https://www.cs.toronto.edu/ kriz/cifar.html. Access Date : 2020-5-26.Google Scholar
- Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M Frans Kaashoek, Eddie Kohler, and Robert Morris. 2007. Information flow control for standard OS abstractions. In ACM SIGOPS Operating Systems Review, Vol. 41. ACM, 321–334.Google Scholar
- Maxwell N Krohn. 2004. Building Secure High-Performance Web Services with OKWS.. In USENIX Annual Technical Conference, General Track. 185–198.Google Scholar
- Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovic, and Dawn Song. 2020. Keystone: An Open Framework for Architecting Trusted Execution Environments. In Proceedings of the Fifteenth European Conference on Computer Systems(EuroSys ’20).Google ScholarDigital Library
- Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent Byunghoon Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. In 26th USENIX Security Symposium (USENIX Security 17). 523–539.Google Scholar
- Hugo Lefeuvre, Vlad-Andrei Bădoiu, Yi Chien, Felipe Huici, Nathan Dautenhahn, and Pierre Olivier. 2022. Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software. arXiv preprint arXiv:2212.12904 (2022).Google Scholar
- Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O’Keeffe, P Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, 2017. Glamdring: Automatic application partitioning for Intel SGX. In USENIX.Google Scholar
- James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). 49–64.Google ScholarDigital Library
- Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2017. BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments.. In NDSS.Google Scholar
- Marion Marschalek. 2018. The Wolf In SGX Clothing. Bluehat IL (Jan 2018) (2018).Google Scholar
- Yerzhan Mazhkenov. 2019. SGX-SQLite. https://github.com/yerzhan7/SGX_SQLite.git.Google Scholar
- Larry W McVoy, Carl Staelin, 1996. lmbench: Portable tools for performance analysis.. In USENIX annual technical conference. San Diego, CA, USA, 279–294.Google ScholarDigital Library
- Marcela S Melara, Michael J Freedman, and Mic Bowman. 2019. EnclaveDom: Privilege separation for large-TCB applications in trusted execution environments. arXiv preprint arXiv:1907.13245 (2019).Google Scholar
- Fan Mo, Ali Shahin Shamsabadi, Kleomenis Katevas, Soteris Demetriou, Ilias Leontiadis, Andrea Cavallaro, and Hamed Haddadi. 2020. DarkneTZ: Towards Model Privacy at the Edge Using Trusted Execution Environments. In Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services (Toronto, Ontario, Canada) (MobiSys ’20). Association for Computing Machinery, New York, NY, USA, 161–174. https://doi.org/10.1145/3386901.3388946Google ScholarDigital Library
- Fan Mo, Zahra Tarkhani, and Hamed Haddadi. 2022. SoK: Machine Learning with Confidential Computing. arXiv preprint arXiv:2208.10134 (2022).Google Scholar
- James Morris, Stephen Smalley, and Greg Kroah-Hartman. 2002. Linux security modules: General security support for the linux kernel. In USENIX Security Symposium. ACM Berkeley, CA, 17–31.Google Scholar
- Andrew C Myers and Barbara Liskov. 1997. A decentralized model for information flow control. In SOSP, Vol. 97. Citeseer, 129–142.Google Scholar
- Andrew C Myers, Lantian Zheng, Steve Zdancewic, Stephen Chong, and Nathaniel Nystrom. 2001. Jif: Java information flow. Software release. Located at http://www. cs. cornell. edu/jif 2005 (2001).Google Scholar
- Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha. 2016. Practical { DIFC} Enforcement on Android. In 25th USENIX Security Symposium (USENIX Security 16). 1119–1136.Google Scholar
- Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting fine grain isolation in the Firefox renderer. In Proceedings of the 29th USENIX Conference on Security Symposium. 699–716.Google ScholarDigital Library
- Zhenyu Ning and Fengwei Zhang. 2017. Ninja: Towards Transparent Tracing and Debugging on ARM.. In USENIX Security symposium. 33–49.Google Scholar
- NXP. 2022. ASUG-i.MX Android Security User’s Guide. https://www.nxp.com/docs/en/user-guide/IMX_ANDROID_SECURITY_USERS_GUIDE.pdf.Google Scholar
- Aditya Oak, Amir M Ahmadian, Musard Balliu, and Guido Salvaneschi. 2021. Language Support for Secure Software Development with Enclaves. In IEEE Computer Security Foundations Symposium (CSF 2021).Google Scholar
- Joongun Park, Naegyeong Kang, Taehoon Kim, Youngjin Kwon, and Jaehyuk Huh. 2020. Nested enclave: supporting fine-grained hierarchical isolation with SGX. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA). IEEE, 776–789.Google ScholarDigital Library
- Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. 2018. libmpk: Software Abstraction for Intel Memory Protection Keys. arXiv preprint arXiv:1811.07276 (2018).Google Scholar
- Donald E Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C Hunt. 2011. Rethinking the library OS from the top down. In ACM SIGPLAN Notices, Vol. 46. ACM, 291–304.Google Scholar
- Christian Priebe, Divya Muthukumaran, Joshua Lind, Huanzhou Zhu, Shujie Cui, Vasily A. Sartakov, and Peter Pietzuch. 2020. SGX-LKL: Securing the Host OS Interface for Trusted Execution. arxiv:1908.11143 [cs.OS]Google Scholar
- Indrajit Roy, Donald E Porter, Michael D Bond, Kathryn S McKinley, and Emmett Witchel. 2009. Laminar: Practical fine-grained decentralized information flow control. Vol. 44. ACM.Google ScholarDigital Library
- Mark Russinovich, Manuel Costa, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani, and Vikas Bhatia. 2021. Toward confidential cloud computing. Commun. ACM 64, 6 (2021), 54–61.Google ScholarDigital Library
- Mickaël Salaün. 2017. Landlock LSM: toward unprivileged sandboxing. Linux Security Summit (2017).Google Scholar
- Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, and Michael Backes. 2018. Ml-leaks: Model and data independent membership inference attacks and defenses on machine learning models. arXiv preprint arXiv:1806.01246 (2018).Google Scholar
- Jose Rodrigo Sanchez Vicarte, Benjamin Schreiber, Riccardo Paccagnella, and Christopher W Fletcher. 2020. Game of threads: Enabling asynchronous poisoning attacks. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 35–52.Google ScholarDigital Library
- Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM TrustZone to build a trusted language runtime for mobile applications. ACM SIGARCH Computer Architecture News 42, 1 (2014), 67–80.Google ScholarDigital Library
- David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain keys–efficient in-process isolation for RISC-V and x86. In 29th USENIX Security Symposium (USENIX Security 20). 1677–1694.Google Scholar
- Michael Schwarz, Samuel Weiser, and Daniel Gruss. 2019. Practical enclave malware with Intel SGX. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 177–196.Google ScholarCross Ref
- Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2020. Malware Guard Extension: abusing Intel SGX to conceal cache attacks. Cybersecurity 3 (2020), 1–20.Google ScholarCross Ref
- AMD SEV-SNP. 2020. Strengthening VM isolation with integrity protection and more. White Paper, January (2020).Google Scholar
- Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, Yubin Xia, and Shoumeng Yan. 2020. Occlum: Secure and efficient multitasking inside a single enclave of Intel SGX. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 955–970.Google ScholarDigital Library
- Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In Security and Privacy (SP), 2017 IEEE Symposium on. IEEE, 3–18.Google ScholarCross Ref
- Rohit Sinha, Manuel Costa, Akash Lal, Nuno P. Lopes, Sriram Rajamani, Sanjit A. Seshia, and Kapil Vaswani. 2016. A Design and Verification Methodology for Secure Isolated Regions. In Proceedings of the 37th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI). 665–681.Google ScholarDigital Library
- Deian Stefan, Alejandro Russo, David Mazières, and John C Mitchell. 2012. Disjunction category labels. In Information Security Technology for Applications: 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers 16. Springer, 223–239.Google ScholarDigital Library
- Darius Suciu, Stephen McLaughlin, Laurent Simon, and Radu Sion. 2020. Horizontal Privilege Escalation in Trusted Applications. In 29th USENIX Security Symposium (USENIX Security 20).Google Scholar
- Zahra Tarkhani. 2022. Secure Programming with Dispersed Compartments. Ph. D. Dissertation. University of Cambridge.Google Scholar
- Zahra Tarkhani and Anil Madhavapeddy. 2020. Enclave-aware compartmentalization and secure sharing with sirius. arXiv preprint arXiv:2009.01869 (2020).Google Scholar
- Zahra Tarkhani and Anil Madhavapeddy. 2020. uTiles: Efficient Intra-Process Privilege Enforcement of Memory Regions. arXiv preprint arXiv:2004.04846 (2020).Google Scholar
- Zahra Tarkhani, Anil Madhavapeddy, and Richard Mortier. 2019. Snape: The dark art of handling heterogeneous enclaves. In Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking. 48–53.Google ScholarDigital Library
- Chia-Che Tsai, Donald E Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). 645–658.Google ScholarDigital Library
- Chia-Che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, and Donald E Porter. 2020. Civet: An efficient java partitioning framework for hardware enclaves. In 29th USENIX Security Symposium (USENIX Security 20). 505–522.Google Scholar
- Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). 1221–1238.Google Scholar
- Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D Garcia, and Frank Piessens. 2019. A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1741–1758.Google ScholarDigital Library
- Peter M VanNostrand, Ioannis Kyriazis, Michelle Cheng, Tian Guo, and Robert J Walls. 2019. Confidential Deep Learning: Executing Proprietary Models on Untrusted Devices. arXiv preprint arXiv:1908.10730 (2019).Google Scholar
- Marco Vassena, Alejandro Russo, Deepak Garg, Vineet Rajani, and Deian Stefan. 2019. From fine-to coarse-grained dynamic information flow control and back. Proceedings of the ACM on Programming Languages 3, POPL (2019), 1–31.Google ScholarDigital Library
- Nicholas C Wanninger, Joshua J Bowden, Kirtankumar Shetty, Ayush Garg, and Kyle C Hale. 2022. Isolating functions at the hardware limit with virtines. In Proceedings of the Seventeenth European Conference on Computer Systems. 644–662.Google ScholarDigital Library
- Robert NM Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2012. A taste of Capsicum: practical capabilities for UNIX. Commun. ACM 55, 3 (2012), 97–104.Google ScholarDigital Library
- Robert NM Watson, Ben Laurie, Steven J Murdoch, Robert Norton, Michael Roe, Stacey Son, Munraj Vadera, Jonathan Woodruff, Peter G Neumann, Simon W Moore, 2015. Cheri: A hybrid capability-system architecture for scalable software compartmentalization. In 2015 IEEE Symposium on Security and Privacy (SP). IEEE, 20–37.Google ScholarDigital Library
- Jinpeng Wei and Calton Pu. 2005. TOCTTOU Vulnerabilities in UNIX-Style File Systems: An Anatomical Study.. In FAST, Vol. 5. 12–12.Google Scholar
- Nico Weichbrodt, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza. 2016. AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves. In European Symposium on Research in Computer Security. Springer, 440–457.Google ScholarCross Ref
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 640–656.Google ScholarDigital Library
- Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. 2006. Making information flow explicit in HiStar. In Proceedings of the 7th symposium on Operating systems design and implementation. USENIX Association, 263–278.Google ScholarDigital Library
- Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazieres. 2008. Securing Distributed Systems with Information Flow Control.. In NSDI, Vol. 8. 293–308.Google Scholar
- Fan Zhang. 2019. SGX-mbedtls. https://github.com/bl4ck5un/mbedtls-SGX.Google Scholar
Index Terms
- Information Flow Tracking for Heterogeneous Compartmentalized Software
Recommendations
Spatiotemporal model of tripartite synapse with perinodal astrocytic process
AbstractInformation transfer may not be limited only to synapses. Therefore, the processes and dynamics of biological neuron-astrocyte coupling and intercellular interaction within this domain are worth investigating. Existing models of tripartite synapse ...
Dynamic Binary Translation for SGX Enclaves
Enclaves, such as those enabled by Intel SGX, offer a hardware primitive for shielding user-level applications from the OS. While enclaves are a useful starting point, code running in the enclave requires additional checks whenever control or data is ...
Intel Software Guard Extensions: Introduction and Open Research Challenges
SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtectionHardware-enhanced security is an important pillar of secure systems in general and software protection in particular. This presentation will survey the recently announced Intel Software Guard Extensions (Intel SGX) as well as innovative usages for ...
Comments