Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment

Wen, Yuanfeng; Lee, Jonghyuk; Liu, Ziyi; Zheng, Qingji; Shi, Weidong; Xu, Shouhuai; Suh, Taeweon

doi:10.1145/2482767.2482799

Cited by 5 publications

(8 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Flicker [5] x86 DRTM SEA [6] x86 DRTM SICE [23] x86 SRTM PodArch [24] x86 SRTM HyperCoffer [25] x86 SRTM H-SVM [26], [27] x86 SRTM EqualVisor [18] x86 SRTM xu-cc15 [28] x86 SRTM wen-cf13 [29] x86 SRTM Komodo [30] ARM SRTM SANCTUARY [31] ARM SRTM TrustICE [32] ARM SRTM HA-VMSI [33] ARM SRTM Sanctum [4] RISC-V SRTM TIMBER-V [34] RISC-V SRTM Keystone [35] RISC-V SRTM Penglai [36] RISC-V SRTM CURE [37] RISC-V SRTM Iso-X [38] OpenRISC SRTM HyperWall [39] SPARC SRTM Sancus [40], [41] MSP430 HW TrustLite [42] Custom SRTM TyTan [43] Custom SRTM XOM [44] Custom SRTM AEGIS [45] Custom SRTM TABLE I: The surveyed TEEs with their respective Root-of-Trust for Measurement (RTM) and their support for local and remote attestation. We use SRTM for static Root-of-Trust, DRTM for dynamic Root-of-Trust, and HW for hardware based systems that do not rely on SRTM or DRTM (c.f., Section IV-A).…”

Section: Academiamentioning

confidence: 99%

“…Provisioning secrets into enclaves is often the last optional step during its launch. Some TEEs such as IBM PEF [22], AMD SEV-SNP [3], PodArch [24], and Wen-cf13 [29] allow enclaves to be provisioned with secret data prior to the attestation. In this case, the enclave's initial state will contain some secret values also reflected in the measurement.…”

Section: Provisioning Secrets Into An Enclavementioning

confidence: 99%

See 1 more Smart Citation

SoK: Hardware-supported Trusted Execution Environments

Schneider¹,

Masti²,

Shinde³

et al. 2022

Preprint

View full text Add to dashboard Cite

The growing complexity of modern computing platforms and the need for strong isolation protections among their software components has led to the increased adoption of Trusted Execution Environments (TEEs). While several commercial and academic TEE architectures have emerged in recent times, they remain hard to compare and contrast. More generally, existing TEEs have not been subject to a holistic systematization to understand the available design alternatives for various aspects of TEE design and their corresponding pros-and-cons.Therefore, in this work, we analyze the design of existing TEEs and systematize the mechanisms that TEEs implement to achieve their security goals, namely, verifiable launch, run-time isolation, trusted IO and secure storage. More specifically, we analyze the typical architectural building blocks underlying TEE solutions, design alternatives for each of these components and the trade-offs that they entail. We focus on hardware-assisted TEEs and cover a wide range of TEE proposals from academia and the industry. Our analysis shows that although TEEs are diverse in terms of their goals, usage models and instruction set architectures, they all share many common building blocks in terms of their design.

show abstract

Section: Academiamentioning

confidence: 99%

Section: Provisioning Secrets Into An Enclavementioning

confidence: 99%

SoK: Hardware-supported Trusted Execution Environments

Schneider¹,

Masti²,

Shinde³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Moreover, the integrity and confidentiality of the physical memory space is also not assured by TPMs. Recently, Wen et al have proposed another architectural based security mechanism for untrusted cloud environment [42], which imposes an access control policy over the shared resources in order to protect the virtual machine's memory integrity. In addition, it provides security for data sharing and inter-processor communications.…”

Section: Fig 3 Assumptions Based Vcmentioning

confidence: 99%

“…Another series of solutions towards VC were put forward by the researchers during the session 1994-2009 based on assumptions such as; 1) the usage of trusted hardware (secure crypto-processors, trusted platform modules etc.) [41,42], 2) attestation [43,44], 3) replication [45,46] and 4) auditability [47,48]. These proposals are discussed in detail within Section 2.…”

Section: Introductionmentioning

confidence: 99%

Primitives towards verifiable computation: a survey

Ahmad

Wang

Hong

et al. 2018

Front. Comput. Sci.

View full text Add to dashboard Cite

Verifiable computation (VC) paradigm has got the captivation that in real term is highlighted by the concept of third party computation. In more explicate terms, VC allows resource constrained clients/organizations to securely outsource expensive computations to untrusted service providers, while acquiring the publicly or privately verifiable results. Many mainstream solutions have been proposed to address the diverse problems within the VC domain. Some of them imposed assumptions over performed computations, while the others took advantage of interactivity /non-interactivity, zero knowledge proofs, and arguments. Further proposals utilized the powers of probabilistic checkable or computationally sound proofs. In this survey, we present a chronological study and classify the VC proposals based on their adopted domains. First, we provide a broader overview of the theoretical advancements while critically analyzing them. Subsequently, we present a comprehensive view of their utilization in the state of the art VC approaches. Moreover, a brief overview of recent proof based VC systems is also presented that lifted up the VC domain to the verge of practicality. We use the presented study and reviewed results to identify the similarities and alterations, modifications, and hybridization of different approaches, while comparing their advantages and reporting their overheads. Finally, we discuss implementation of such VC based systems, their applications, and the likely future directions.

show abstract

“…It does so by introducing paraverification, where an untrusted OS is required to verify its own behavior by communicating its intent to the hypervisor. [Wen et al 2013] propose a solution to protect VMs from VMMs in multi-processor Cloud environments by exploiting hardware mechanisms to enforce access control over the shared resources (e.g., memory spaces). STEALTHMEM [Kim et al 2012] is a system-level protection mechanism against cache-based side channel attacks in the Cloud.…”

Section: Using the Hypervisor For Protectionmentioning

confidence: 99%

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Sgandurra

Lupu

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have considerably evolved over the years to cope with new attacks and threat models. In this work we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems which have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application.

show abstract

Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment

Cited by 5 publications

References 33 publications

SoK: Hardware-supported Trusted Execution Environments

SoK: Hardware-supported Trusted Execution Environments

Primitives towards verifiable computation: a survey

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Contact Info

Product

Resources

About