Establishing Trusted I/O Paths for SGX Client Systems With Aurora

Liu, Hongliang; Li, Mingyu; Chen, Yixiu; Jiang, Lin; Xie, Zhuosi; Yang, Tianqi

doi:10.1109/tifs.2019.2945621

Cited by 20 publications

(11 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By augmenting TEEs with secure I/O, e.g. [34,53] for Intel SGX, OIM and IIM can be in principle realized using a TEE. However, we believe that these approaches for TEEs with secure I/O should be considered proofof-concepts not yet fit for practice.…”

Section: Oim and Iimmentioning

confidence: 99%

Fortified Multi-Party Computation: Taking Advantage of Simple Secure Hardware Modules

Broadnax¹,

Koch

Mechler

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

In practice, there are numerous settings where mutually distrusting parties need to perform distributed computations on their private inputs. For instance, participants in a first-price sealed-bid online auction do not want their bids to be disclosed. This problem can be addressed using secure multi-party computation (MPC), where parties can evaluate a publicly known function on their private inputs by executing a specific protocol that only reveals the correct output, but nothing else about the private inputs. Such distributed computations performed over the Internet are susceptible to remote hacks that may take place during the computation. As a consequence, sensitive data such as private bids may leak. All existing MPC protocols do not provide any protection against the consequences of such remote hacks. We present the first MPC protocols that protect the remotely hacked parties’ inputs and outputs from leaking. More specifically, unless the remote hack takes place before the party received its input or all parties are corrupted, a hacker is unable to learn the parties’ inputs and outputs, and is also unable to modify them. We achieve these strong (privacy) guarantees by utilizing the fact that in practice parties may not be susceptible to remote attacks at every point in time, but only while they are online, i.e. able to receive messages. To this end, we model communication via explicit channels. In particular, we introduce channels with an airgap switch (disconnect-able by the party in control of the switch), and unidirectional data diodes. These channels and their isolation properties, together with very few, similarly simple and plausibly remotely unhackable hardware modules serve as the main ingredient for attaining such strong security guarantees. In order to formalize these strong guarantees, we propose the UC with Fortified Security (UC#) framework, a variant of the Universal Composability (UC) framework.

show abstract

Section: Oim and Iimmentioning

confidence: 99%

Fortified Multi-Party Computation: Taking Advantage of Simple Secure Hardware Modules

Broadnax¹,

Koch

Mechler

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…To overcome this, Aurora [24] uses System Management Mode (SMM), another privileged mode provided by the processor, to ensure secure I/O between the Enclave and external devices. Aurora fundamentally blocks the possibility of manin-the-middle attacks by privileged malware by excluding the kernel from the data transmission procedure between an external device and Enclave.…”

Section: A Intel Sgxmentioning

confidence: 99%

“…The core role of the SPM is to securely deliver policy information set by the user to the SSD to prevent rootkit-level malware. By utilizing existing research such as Intel PAVP and Intel SGX [24], [30], a graphical interface safely isolated from rootkit-level malware can be provided to the user. Also, by utilizing the existing research, Aurora [24] and Intel SGX, the user's input through an input device such as a keyboard can be safely transmitted to the SGX enclave.…”

Section: A Secure Policy Managementmentioning

confidence: 99%

“…By utilizing existing research such as Intel PAVP and Intel SGX [24], [30], a graphical interface safely isolated from rootkit-level malware can be provided to the user. Also, by utilizing the existing research, Aurora [24] and Intel SGX, the user's input through an input device such as a keyboard can be safely transmitted to the SGX enclave. Therefore, SGX-SSD adopts the design of Aurora [24] and Intel PAVP to get a trusted screen and safely transmit user input to the enclave.…”

Section: A Secure Policy Managementmentioning

confidence: 99%

“…For this, SGX-SSD implements the SPM inside a Trusted Execution Environment(TEE) provided by Intel SGX [23]. The SPM combines Aurora [24] with a two-way authentication module for secure communication with the SSD and ensures that only an authorized user can set policies. • To overcome Challenge#3, SGX-SSD provides an autonomous file-to-policy mapping utility (Policy Manager).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Policy-based Versioning SSD with Intel SGX

Ahn,

Lee,

Lee

et al. 2021

Preprint

View full text Add to dashboard Cite

Privileged malware neutralizes software-based versioning systems and destroys data. To counter this threat, a versioning solid-state drive (SSD) that performs versioning inside the SSD has been studied. An SSD is a suitable candidate for data versioning because it can preserve previous versions without additional copying, and provide high security with a very small trusted computing base (TCB). However, the versioning SSDs studied so far commonly use a full disk versioning method that preserves all file versions in a batch. This paper demonstrates that SSDs, which provide full disk versioning, can be exposed to data tampering attacks when the retention time of data is less than the malware's dwell time. To deal with this threat, we propose SGX-SSD, a policy-based per-file versioning SSD to keep a deeper history for only the important files of users. However, since the SSD isn't aware of a file semantic, and the versioning policy information should be securely received from the untrusted host computer, implementing the per-file versioning in SSD is a huge challenge. To solve this problem, SGX-SSD utilizes the Intel SGX and has a secure host interface to securely receive policy information (configuration values) from the user. Also, to solve the file semantic unawareness problem of the SSD, a piggyback module is designed to give a file hint at the host layer, and an algorithm for selective versioning based on the policy is implemented in the SSD. To prove our system, we prototyped SGX-SSD the Jasmine OpenSSD platform in Linux environment. In the experimental evaluation, we proved that SGX-SSD provides strong security with little additional overhead for selective per-file versioning.

show abstract