research-article

Information Flow Tracking for Heterogeneous Compartmentalized Software

Authors:
Zahra Tarkhani

Microsoft, United Kingdom

Microsoft, United Kingdom

0000-0001-7030-4796
View Profile

,
Anil Madhavapeddy

University of Cambridge, United Kingdom

University of Cambridge, United Kingdom

0000-0001-8954-2428
View Profile

RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and DefensesOctober 2023Pages 564–579https://doi.org/10.1145/3607199.3607235

Published:16 October 2023Publication History

RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses

Pages 564–579

ABSTRACT

We are now seeing increased hardware support for improving the security and performance of privilege separation and compartmentalization techniques. Today, developers can benefit from multiple compartmentalization mechanisms such as process-based sandboxes, trusted execution environments (TEEs)/enclaves, and even intra-address space compartments (i.e., intra-process or intra-enclave). We dub such a computing model a “hetero-compartment” environment and observe that existing system stacks still assume single-compartment models (i.e., user space processes), leading to limitations in using, integrating, and monitoring heterogeneous compartments from a security and performance perspective.

We introduce Deluminator, a set of OS abstractions and a userspace framework to enable extensible and fine-grained information flow tracking in hetero-compartment environments. Deluminator allows developers to securely use and combine compartments, define security policies over shared system resources, and audit policy violations and perform digital forensics across heterogeneous compartments. We implemented Deluminator on Linux-based ARM and x86-64 platforms, which supports diverse compartment types ranging from processes, SGX enclaves, TrustZone Trusted Apps (TAs), and intra-address space compartments. Our evaluation shows that our kernel and hardware-assisted approach results in a reasonable overhead (on average 7-29%) that makes it suitable for real-world applications.

References

2019. SGX-OpenSSL. https://github.com/sparkly9399/SGX-OpenSSL.Google Scholar
2020. Intel Trust Domain Extensions (Intel TDX). https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html.Google Scholar
2020. OP-TEE. https://github.com/OP-TEE. Access Date : 2020-03-28.Google Scholar
Ross Anderson. 2008. Security engineering. John Wiley & Sons.Google Scholar
ARM. 2009. Security technology building a secure system using TrustZone technology (white paper). ARM Limited (2009).Google Scholar
ARM. 2012. Architecture Reference Manual; ARMv7-A and ARMv7-R edition. https://static.docs.arm.com/ddi0406/c/DDI0406C_C_arm_architecture_reference_manual.pdf. Access Date : 2020-5-26.Google Scholar
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’keeffe, Mark Stillwell, 2016. SCONE: Secure Linux Containers with Intel SGX.. In OSDI, Vol. 16. 689–703.Google Scholar
Pierre-Louis Aublin, Florian Kelbert, Dan O’keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. 2017. TaLoS: Secure and transparent TLS termination inside SGX enclaves. Imperial College London, Tech. Rep 5, 2017 (01 2017). https://doi.org/10.25561/94936 See https://github.com/lsds/TaLoS.Google Scholar
Andrew Baumann. 2017. Hardware is the new software. In Proceedings of the 16th Workshop on Hot Topics in Operating Systems. 132–137.Google ScholarDigital Library
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with Haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015), 8.Google ScholarDigital Library
David Berard. 2018. Kinibi TEE: Trusted Application Exploitation.Google Scholar
Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The Guard’s Dilemma: Efficient Code-Reuse Attacks Against Intel SGX. In 27th USENIX Security Symposium (USENIX Security 18). 1213–1227.Google Scholar
Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting applications into reduced-privilege compartments. In USENIX Association.Google Scholar
Jay Bosamiya, Wen Shih Lim, and Bryan Parno. 2022. Provably-Safe Multilingual Software Sandboxing using WebAssembly. In 31st USENIX Security Symposium (USENIX Security 22). 1975–1992.Google Scholar
Pablo Buiras, Dimitrios Vytiniotis, and Alejandro Russo. 2015. HLIO: Mixing static and dynamic typing for information-flow control in Haskell. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming. 289–301.Google ScholarDigital Library
Sanchuan Chen, Zhiqiang Lin, and Yinqian Zhang. 2023. Controlled Data Races in Enclaves: Attacks and Detection. In 32nd USENIX Security Symposium (USENIX Security 22).Google Scholar
Xiaoxin Chen, Tal Garfinkel, E Christopher Lewis, Pratap Subrahmanyam, Carl A Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan RK Ports. 2008. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. ACM SIGOPS Operating Systems Review 42, 2 (2008), 2–13.Google ScholarDigital Library
Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, and Long Lu. 2016. Shreds: Fine-grained execution units with private memory. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 56–71.Google ScholarCross Ref
Winnie Cheng, Dan RK Ports, David Schultz, Victoria Popic, Aaron Blankstein, James Cowling, Dorothy Curtis, Liuba Shrira, and Barbara Liskov. 2012. Abstractions for usable information flow control in Aeolus. In Presented as part of the 2012 USENIX Annual Technical Conference (USENIX ATC 12). 139–151.Google Scholar
James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: a generic dynamic taint analysis framework. In Proceedings of the 2007 international symposium on Software testing and analysis. 196–206.Google ScholarDigital Library
Tobias Cloosters, Michael Rodler, and Lucas Davi. 2020. TeeRex: discovery and exploitation of memory corruption vulnerabilities in SGX enclaves. In Proceedings of the 29th USENIX Conference on Security Symposium. 841–858.Google Scholar
Tobias Cloosters, Johannes Willbold, Thorsten Holz, and Lucas Davi. 2022. { SGXFuzz} : Efficiently Synthesizing Nested Structures for { SGX} Enclave Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22). 3147–3164.Google Scholar
Intel Corporation. 2019. Intel Software Guard Extensions for Linux OS. https://github.com/intel/linux-sgx. Access Date :2019-03-01.Google Scholar
Microsoft Corporation. 2019. Open Enclave SDK. https://github.com/openenclave/openenclave. Access Date :2019-08-12.Google Scholar
Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, 2014. The matter of heartbleed. In Proceedings of the 2014 conference on internet measurement conference. ACM, 475–488.Google ScholarDigital Library
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 1–29.Google ScholarDigital Library
Andrew Ferraiuolo, Mark Zhao, Andrew C Myers, and G Edward Suh. 2018. HyperFlow: A processor architecture for nonmalleable, timing-safe information flow security. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1583–1600.Google ScholarDigital Library
Charles García-Tobin. 2021. Unlocking the power of data with ARM CCA. https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/unlocking-the-power-of-data-with-arm-cca?_ga=2.220985304.13311694.1639690475-1159947857.1639439044.Google Scholar
Daniel B Giffin, Amit Levy, Deian Stefan, David Terei, David Mazieres, John C Mitchell, and Alejandro Russo. 2012. Hails: Protecting data privacy in untrusted web applications. In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12). 47–60.Google Scholar
GlobalPlatform. 2018. GlobalPlatform Security Task ForceRoot of Trust Definitions and Requirements. Available at: https://globalplatform.org/wp-content/uploads/2018/06/GP_RoT_Definitions_and_Requirements_v1.0.1_PublicRelease_CC.pdf.Google Scholar
Anitha Gollamudi and Stephen Chong. 2016. Automatic Enforcement of Expressive Security Policies Using Enclaves. In Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (Amsterdam, Netherlands) (OOPSLA 2016). Association for Computing Machinery, New York, NY, USA, 494–513. https://doi.org/10.1145/2983990.2984002Google ScholarDigital Library
Anitha Gollamudi, Stephen Chong, and Owen Arden. 2019. Information Flow Control for Distributed Trusted Execution Environments. In 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). 304–30414. https://doi.org/10.1109/CSF.2019.00028Google ScholarCross Ref
Google. 2018. Asylo: An open and flexible framework for enclave applications. http://web.archive.org/web/20080207010024http://www.808multimedia.com/winnt/kernel.htm.Google Scholar
Jinyu Gu, Bojun Zhu, Mingyu Li, Wentai Li, Yubin Xia, and Haibo Chen. 2022. A { Hardware-Software} Co-design for Efficient { Intra-Enclave} Isolation. In 31st USENIX Security Symposium (USENIX Security 22). 3129–3145.Google Scholar
Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. 2017. TrustShadow: Secure execution of unmodified applications with ARM TrustZone. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 488–501.Google ScholarDigital Library
Khilan Gudka, Robert NM Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G Neumann, and Alex Richardson. 2015. Clean application compartmentalization with soaap. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1016–1031.Google ScholarDigital Library
Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. 2018. Chiron: Privacy-preserving Machine Learning as a Service. arXiv preprint arXiv:1803.05961 (2018).Google Scholar
Intel. 2016. Overview of Intel Software Guard Extensions Instructions and Data Structures. https://software.intel.com/en-us/blogs/2016/06/10/overview-of-intel-software-guard-extensions-instructions-and-data-structures.Google Scholar
Intel. 2019. Intel® 64 and IA-32 Architectures Software Developer’s Manual. https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdfGoogle Scholar
Jin Soo Jang, Sunjune Kong, Minsu Kim, Daegyeong Kim, and Brent Byunghoon Kang. 2015. SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment.. In NDSS.Google Scholar
Jinghao Jia, Raj Sahu, Adam Oswald, Dan Williams, Michael V Le, and Tianyin Xu. 2023. Kernel extension verification is untenable. In Proceedings of the 19th Workshop on Hot Topics in Operating Systems. 150–157.Google ScholarDigital Library
Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, and Yutaka Miyake. 2013. Run-time enforcement of information-flow properties on Android. In European Symposium on Research in Computer Security. Springer, 775–792.Google ScholarCross Ref
David Kaloper-Mersinjak, Hannes Mehnert, Anil Madhavapeddy, and Peter Sewell. 2015. Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation.. In USENIX Security Symposium. 223–238.Google Scholar
Ryan Karl, Jonathan Takeshita, and Taeho Jung. 2020. Using Intel SGX to Improve Private Neural Network Training and Inference. In Proceedings of the 7th Symposium on Hot Topics in the Science of Security (Lawrence, Kansas) (HotSoS ’20). Association for Computing Machinery, New York, NY, USA, Article 31, 2 pages. https://doi.org/10.1145/3384217.3386399Google ScholarDigital Library
Mustakimur Rahman Khandaker, Yueqiang Cheng, Zhi Wang, and Tao Wei. 2020. COIN attacks: On insecurity of enclave untrusted interfaces in SGX. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 971–985.Google ScholarDigital Library
Douglas Kilpatrick. 2003. Privman: A Library for Partitioning Applications.. In USENIX Annual Technical Conference, FREENIX Track. 273–284.Google Scholar
Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, and Dongsu Han. 2018. SGX-Tor: A Secure and Practical Tor Anonymity Network With SGX Enclaves. IEEE/ACM Transactions on Networking 26, 5 (2018), 2174–2187.Google ScholarDigital Library
Paul Kirth, Mitchel Dickerson, Stephen Crane, Per Larsen, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz. 2022. PKRU-safe: automatically locking down the heap between safe and unsafe languages. In Proceedings of the Seventeenth European Conference on Computer Systems. 132–148.Google ScholarDigital Library
Akshay Krishnamurthy, Adrian Mettler, and David Wagner. 2010. Fine-grained privilege separation for web applications. In Proceedings of the 19th international conference on World wide web. 551–560.Google ScholarDigital Library
Alex Krizhevsky. 2009. The CIFAR-100 dataset. https://www.cs.toronto.edu/ kriz/cifar.html. Access Date : 2020-5-26.Google Scholar
Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M Frans Kaashoek, Eddie Kohler, and Robert Morris. 2007. Information flow control for standard OS abstractions. In ACM SIGOPS Operating Systems Review, Vol. 41. ACM, 321–334.Google Scholar
Maxwell N Krohn. 2004. Building Secure High-Performance Web Services with OKWS.. In USENIX Annual Technical Conference, General Track. 185–198.Google Scholar
Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovic, and Dawn Song. 2020. Keystone: An Open Framework for Architecting Trusted Execution Environments. In Proceedings of the Fifteenth European Conference on Computer Systems(EuroSys ’20).Google ScholarDigital Library
Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent Byunghoon Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. In 26th USENIX Security Symposium (USENIX Security 17). 523–539.Google Scholar
Hugo Lefeuvre, Vlad-Andrei Bădoiu, Yi Chien, Felipe Huici, Nathan Dautenhahn, and Pierre Olivier. 2022. Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software. arXiv preprint arXiv:2212.12904 (2022).Google Scholar
Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O’Keeffe, P Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, 2017. Glamdring: Automatic application partitioning for Intel SGX. In USENIX.Google Scholar
James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). 49–64.Google ScholarDigital Library
Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2017. BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments.. In NDSS.Google Scholar
Marion Marschalek. 2018. The Wolf In SGX Clothing. Bluehat IL (Jan 2018) (2018).Google Scholar
Yerzhan Mazhkenov. 2019. SGX-SQLite. https://github.com/yerzhan7/SGX_SQLite.git.Google Scholar
Larry W McVoy, Carl Staelin, 1996. lmbench: Portable tools for performance analysis.. In USENIX annual technical conference. San Diego, CA, USA, 279–294.Google ScholarDigital Library
Marcela S Melara, Michael J Freedman, and Mic Bowman. 2019. EnclaveDom: Privilege separation for large-TCB applications in trusted execution environments. arXiv preprint arXiv:1907.13245 (2019).Google Scholar
Fan Mo, Ali Shahin Shamsabadi, Kleomenis Katevas, Soteris Demetriou, Ilias Leontiadis, Andrea Cavallaro, and Hamed Haddadi. 2020. DarkneTZ: Towards Model Privacy at the Edge Using Trusted Execution Environments. In Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services (Toronto, Ontario, Canada) (MobiSys ’20). Association for Computing Machinery, New York, NY, USA, 161–174. https://doi.org/10.1145/3386901.3388946Google ScholarDigital Library
Fan Mo, Zahra Tarkhani, and Hamed Haddadi. 2022. SoK: Machine Learning with Confidential Computing. arXiv preprint arXiv:2208.10134 (2022).Google Scholar
James Morris, Stephen Smalley, and Greg Kroah-Hartman. 2002. Linux security modules: General security support for the linux kernel. In USENIX Security Symposium. ACM Berkeley, CA, 17–31.Google Scholar
Andrew C Myers and Barbara Liskov. 1997. A decentralized model for information flow control. In SOSP, Vol. 97. Citeseer, 129–142.Google Scholar
Andrew C Myers, Lantian Zheng, Steve Zdancewic, Stephen Chong, and Nathaniel Nystrom. 2001. Jif: Java information flow. Software release. Located at http://www. cs. cornell. edu/jif 2005 (2001).Google Scholar
Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha. 2016. Practical { DIFC} Enforcement on Android. In 25th USENIX Security Symposium (USENIX Security 16). 1119–1136.Google Scholar
Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting fine grain isolation in the Firefox renderer. In Proceedings of the 29th USENIX Conference on Security Symposium. 699–716.Google ScholarDigital Library
Zhenyu Ning and Fengwei Zhang. 2017. Ninja: Towards Transparent Tracing and Debugging on ARM.. In USENIX Security symposium. 33–49.Google Scholar
NXP. 2022. ASUG-i.MX Android Security User’s Guide. https://www.nxp.com/docs/en/user-guide/IMX_ANDROID_SECURITY_USERS_GUIDE.pdf.Google Scholar
Aditya Oak, Amir M Ahmadian, Musard Balliu, and Guido Salvaneschi. 2021. Language Support for Secure Software Development with Enclaves. In IEEE Computer Security Foundations Symposium (CSF 2021).Google Scholar
Joongun Park, Naegyeong Kang, Taehoon Kim, Youngjin Kwon, and Jaehyuk Huh. 2020. Nested enclave: supporting fine-grained hierarchical isolation with SGX. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA). IEEE, 776–789.Google ScholarDigital Library
Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. 2018. libmpk: Software Abstraction for Intel Memory Protection Keys. arXiv preprint arXiv:1811.07276 (2018).Google Scholar
Donald E Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C Hunt. 2011. Rethinking the library OS from the top down. In ACM SIGPLAN Notices, Vol. 46. ACM, 291–304.Google Scholar
Christian Priebe, Divya Muthukumaran, Joshua Lind, Huanzhou Zhu, Shujie Cui, Vasily A. Sartakov, and Peter Pietzuch. 2020. SGX-LKL: Securing the Host OS Interface for Trusted Execution. arxiv:1908.11143 [cs.OS]Google Scholar
Indrajit Roy, Donald E Porter, Michael D Bond, Kathryn S McKinley, and Emmett Witchel. 2009. Laminar: Practical fine-grained decentralized information flow control. Vol. 44. ACM.Google ScholarDigital Library
Mark Russinovich, Manuel Costa, Cédric Fournet, David Chisnall, Antoine Delignat-Lavaud, Sylvan Clebsch, Kapil Vaswani, and Vikas Bhatia. 2021. Toward confidential cloud computing. Commun. ACM 64, 6 (2021), 54–61.Google ScholarDigital Library
Mickaël Salaün. 2017. Landlock LSM: toward unprivileged sandboxing. Linux Security Summit (2017).Google Scholar
Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, and Michael Backes. 2018. Ml-leaks: Model and data independent membership inference attacks and defenses on machine learning models. arXiv preprint arXiv:1806.01246 (2018).Google Scholar
Jose Rodrigo Sanchez Vicarte, Benjamin Schreiber, Riccardo Paccagnella, and Christopher W Fletcher. 2020. Game of threads: Enabling asynchronous poisoning attacks. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 35–52.Google ScholarDigital Library
Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM TrustZone to build a trusted language runtime for mobile applications. ACM SIGARCH Computer Architecture News 42, 1 (2014), 67–80.Google ScholarDigital Library
David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain keys–efficient in-process isolation for RISC-V and x86. In 29th USENIX Security Symposium (USENIX Security 20). 1677–1694.Google Scholar
Michael Schwarz, Samuel Weiser, and Daniel Gruss. 2019. Practical enclave malware with Intel SGX. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 177–196.Google ScholarCross Ref
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2020. Malware Guard Extension: abusing Intel SGX to conceal cache attacks. Cybersecurity 3 (2020), 1–20.Google ScholarCross Ref
AMD SEV-SNP. 2020. Strengthening VM isolation with integrity protection and more. White Paper, January (2020).Google Scholar
Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, Yubin Xia, and Shoumeng Yan. 2020. Occlum: Secure and efficient multitasking inside a single enclave of Intel SGX. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 955–970.Google ScholarDigital Library
Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In Security and Privacy (SP), 2017 IEEE Symposium on. IEEE, 3–18.Google ScholarCross Ref
Rohit Sinha, Manuel Costa, Akash Lal, Nuno P. Lopes, Sriram Rajamani, Sanjit A. Seshia, and Kapil Vaswani. 2016. A Design and Verification Methodology for Secure Isolated Regions. In Proceedings of the 37th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI). 665–681.Google ScholarDigital Library
Deian Stefan, Alejandro Russo, David Mazières, and John C Mitchell. 2012. Disjunction category labels. In Information Security Technology for Applications: 16th Nordic Conference on Secure IT Systems, NordSec 2011, Tallinn, Estonia, October 26-28, 2011, Revised Selected Papers 16. Springer, 223–239.Google ScholarDigital Library
Darius Suciu, Stephen McLaughlin, Laurent Simon, and Radu Sion. 2020. Horizontal Privilege Escalation in Trusted Applications. In 29th USENIX Security Symposium (USENIX Security 20).Google Scholar
Zahra Tarkhani. 2022. Secure Programming with Dispersed Compartments. Ph. D. Dissertation. University of Cambridge.Google Scholar
Zahra Tarkhani and Anil Madhavapeddy. 2020. Enclave-aware compartmentalization and secure sharing with sirius. arXiv preprint arXiv:2009.01869 (2020).Google Scholar
Zahra Tarkhani and Anil Madhavapeddy. 2020. uTiles: Efficient Intra-Process Privilege Enforcement of Memory Regions. arXiv preprint arXiv:2004.04846 (2020).Google Scholar
Zahra Tarkhani, Anil Madhavapeddy, and Richard Mortier. 2019. Snape: The dark art of handling heterogeneous enclaves. In Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking. 48–53.Google ScholarDigital Library
Chia-Che Tsai, Donald E Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). 645–658.Google ScholarDigital Library
Chia-Che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, and Donald E Porter. 2020. Civet: An efficient java partitioning framework for hardware enclaves. In 29th USENIX Security Symposium (USENIX Security 20). 505–522.Google Scholar
Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). 1221–1238.Google Scholar
Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D Garcia, and Frank Piessens. 2019. A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1741–1758.Google ScholarDigital Library
Peter M VanNostrand, Ioannis Kyriazis, Michelle Cheng, Tian Guo, and Robert J Walls. 2019. Confidential Deep Learning: Executing Proprietary Models on Untrusted Devices. arXiv preprint arXiv:1908.10730 (2019).Google Scholar
Marco Vassena, Alejandro Russo, Deepak Garg, Vineet Rajani, and Deian Stefan. 2019. From fine-to coarse-grained dynamic information flow control and back. Proceedings of the ACM on Programming Languages 3, POPL (2019), 1–31.Google ScholarDigital Library
Nicholas C Wanninger, Joshua J Bowden, Kirtankumar Shetty, Ayush Garg, and Kyle C Hale. 2022. Isolating functions at the hardware limit with virtines. In Proceedings of the Seventeenth European Conference on Computer Systems. 644–662.Google ScholarDigital Library
Robert NM Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2012. A taste of Capsicum: practical capabilities for UNIX. Commun. ACM 55, 3 (2012), 97–104.Google ScholarDigital Library
Robert NM Watson, Ben Laurie, Steven J Murdoch, Robert Norton, Michael Roe, Stacey Son, Munraj Vadera, Jonathan Woodruff, Peter G Neumann, Simon W Moore, 2015. Cheri: A hybrid capability-system architecture for scalable software compartmentalization. In 2015 IEEE Symposium on Security and Privacy (SP). IEEE, 20–37.Google ScholarDigital Library
Jinpeng Wei and Calton Pu. 2005. TOCTTOU Vulnerabilities in UNIX-Style File Systems: An Anatomical Study.. In FAST, Vol. 5. 12–12.Google Scholar
Nico Weichbrodt, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza. 2016. AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves. In European Symposium on Research in Computer Security. Springer, 440–457.Google ScholarCross Ref
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 640–656.Google ScholarDigital Library
Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. 2006. Making information flow explicit in HiStar. In Proceedings of the 7th symposium on Operating systems design and implementation. USENIX Association, 263–278.Google ScholarDigital Library
Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazieres. 2008. Securing Distributed Systems with Information Flow Control.. In NSDI, Vol. 8. 293–308.Google Scholar
Fan Zhang. 2019. SGX-mbedtls. https://github.com/bl4ck5un/mbedtls-SGX.Google Scholar

Index Terms

Information Flow Tracking for Heterogeneous Compartmentalized Software
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security
      1. Trusted computing

Recommendations

Spatiotemporal model of tripartite synapse with perinodal astrocytic process
Abstract
Information transfer may not be limited only to synapses. Therefore, the processes and dynamics of biological neuron-astrocyte coupling and intercellular interaction within this domain are worth investigating. Existing models of tripartite synapse ...
Read More
Dynamic Binary Translation for SGX Enclaves
Enclaves, such as those enabled by Intel SGX, offer a hardware primitive for shielding user-level applications from the OS. While enclaves are a useful starting point, code running in the enclave requires additional checks whenever control or data is ...
Read More
Intel Software Guard Extensions: Introduction and Open Research Challenges
SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

Hardware-enhanced security is an important pillar of secure systems in general and software protection in particular. This presentation will survey the recently announced Intel Software Guard Extensions (Intel SGX) as well as innovative usages for ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in

RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses
October 2023
769 pages
ISBN:9798400707650
DOI:10.1145/3607199

Copyright © 2023 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 October 2023
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Compartmentalization
Information Flow Tracking
TEEs
enclaves
Qualifiers
- research-article
- Research
- Refereed limited
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 181
  Total Downloads
- Downloads (Last 12 months)181
- Downloads (Last 6 weeks)22
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Information Flow Tracking for Heterogeneous Compartmentalized Software

RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses

ABSTRACT

References

Cited By

Index Terms

Recommendations

Spatiotemporal model of tripartite synapse with perinodal astrocytic process

Dynamic Binary Translation for SGX Enclaves

Intel Software Guard Extensions: Introduction and Open Research Challenges

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

HTML Format

Caption

Information Flow Tracking for Heterogeneous Compartmentalized Software

RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses

ABSTRACT

References

Cited By

Index Terms

Recommendations

Spatiotemporal model of tripartite synapse with perinodal astrocytic process

Dynamic Binary Translation for SGX Enclaves

Intel Software Guard Extensions: Introduction and Open Research Challenges

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

HTML Format

Share this Publication link

Share on Social Media