Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors

Busi, Matteo; Noorman, Job; Bulck, Jo Van; Galletta, Letterio; Degano, Pierpaolo; Mühlberg, Jan Tobias; Piessens, Frank

doi:10.1109/csf49147.2020.00026

Cited by 19 publications

(16 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nevertheless, following a long line of microarchitectural attacks [40,48,53,74,75] abusing interrupts, our study provides strong evidence that interrupts may also amplify deterministic controlled-channel leakage and should be taken into account in the enclaved execution threat model. We advocate architectural changes in the Intel SGX design and further research to rule out interrupt-driven attack surface [19].…”

Section: Discussion and Mitigationsmentioning

confidence: 99%

CopyCat: Controlled Instruction-Level Attacks on Enclaves

Moghimi,

Van Bulck,

Heninger

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

The adversarial model presented by trusted execution environments (TEEs) has prompted researchers to investigate unusual attack vectors. One particularly powerful class of controlled-channel attacks abuses page-table modifications to reliably track enclave memory accesses at a page-level granularity. Crucially, in contrast to noisy microarchitectural timing leakages, this line of deterministic controlled-channel attacks abuses indispensable architectural interfaces and hence cannot be mitigated by tweaking microarchitectural resources.We propose an innovative controlled-channel attack, named COPYCAT, that deterministically counts the number of instructions executed within a single enclave code page. We show that combining the instruction counts harvested by COPYCAT with traditional, coarse-grained page-level leakage allows to accurately reconstruct enclave control flow at a maximal instruction-level granularity. COPYCAT can identify intra-page and intra-cache line branch decisions which may ultimately differ only in a single instruction, highlighting that even extremely subtle control flow deviations can deterministically be leaked from secure enclaves. We demonstrate the improved resolution and practicality of COPYCAT on Intel SGX platforms in an extensive study of single-trace and deterministic attacks against side-channel hardened cryptographic libraries. As a result, we disclose multiple vulnerabilities in the the latest version of widely-used cryptographic libraries: WolfSSL, Libgcrypt and OpenSSL, and propose novel algorithmic attacks to perform single-trace key extraction. Our findings mark the importance of stricter verification of cryptographic implementations, especially in the context of TEEs.

show abstract

Section: Discussion and Mitigationsmentioning

confidence: 99%

CopyCat: Controlled Instruction-Level Attacks on Enclaves

Moghimi,

Van Bulck,

Heninger

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…In order to assure that the TCB code is invoked and executed properly, GAROTA hardware implements LTL-s ( 9), (10), and (11). LTL 9 enforces that the only way for TCB's execution to terminate, without causing a reset, is through its last instruction (its only legal exit): PC = TCB max .…”

Section: Garota Sub-propertiesmentioning

confidence: 99%

“…PURE [15] implements provably secure services for software updates, memory erasure, and system-wide resets atop VRASED's RoT. Another recent result [10] formalized, and proved security of, a hardware-assisted mechanism to prevent leakage of secrets through time-based side-channel that can be abused by malware in control of the MCU interrupts. Inline with aforementioned work, GAROTA also formalizes its assumptions along with its goals and implements the first formally verified active RoT design.…”

Section: Related Workmentioning

confidence: 99%

GAROTA: Generalized Active Root-Of-Trust Architecture

Aliaj¹,

Nunes²,

Tsudik³

2021

Preprint

View full text Add to dashboard Cite

Embedded (aka smart or IoT) devices are increasingly popular and becoming ubiquitous. Unsurprisingly, they are also attractive attack targets for exploits and malware. Low-end embedded devices, designed with strict cost, size, and energy limitations, are especially challenging to secure, given their lack of resources to implement sophisticated security services, available on higher-end computing devices. To this end, several tiny Roots-of-Trust (RoTs) were proposed to enable services, such as remote verification of device's software state and runtime integrity. Such RoTs operate reactively: they can prove whether a desired action (e.g., software update, or execution of a program) was performed on a specific device. However, they can not guarantee that a desired action will be performed, since malware controlling the device can trivially block access to the RoT by ignoring/discarding received commands and other trigger events. This is a major and important problem because it allows malware to effectively "brick" or incapacitate a potentially huge number of (possibly mission-critical) devices.Though recent work made progress in terms of incorporating more active behavior atop existing RoTs, it relies on extensive hardware support -Trusted Execution Environments (TEEs) which are too costly for low-end devices. In this paper, we set out to systematically design a minimal active RoT for tiny low-end MCU-s. We begin with the following questions: (1) What functions and hardware support are required to guarantee actions in the presence of malware?, (2) How to implement this efficiently?, and (3) What security benefits stem from such an active RoT architecture? We then design, implement, formally verify, and evaluate GAROTA : Generalized Active Root-Of-Trust Architecture. We believe that GAROTA is the first clean-slate design of an active RoT for low-end MCU-s. We show how GAROTA guarantees that even a fully softwarecompromised low-end MCU performs a desired action. We demonstrate its practicality by implementing GAROTA in the context of three types of applications where actions are triggered by: sensing hardware, network events and timers. We also formally specify and verify GAROTA functionality and properties.

show abstract

“…This can be seen as a lower-layer instance of the secure compilation problem: a user-level ISA program must be protected against attacks from a more powerful context. Busi et al [43] have very recently studied an instance of this class of problems as a full abstraction problem.…”

Section: Controlled Channel Attacksmentioning

confidence: 99%

Security across abstraction layers: old and new examples

Piessens

2020

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

A common technique for building ICT systems is to build them as successive layers of abstraction: for instance, the Instruction Set Architecture (ISA) is an abstraction of the hardware, and compilers or interpreters build higher level abstractions on top of the ISA.The functionality of an ICT application can often be understood by considering only a single level of abstraction. For instance the source code of the application defines the functionality using the level of abstraction of the source programming language. Functionality can be well understood by just studying this source code.Many important security issues in ICT system however are cross-layer issues: they can not be understood by considering the system at a single level of abstraction, but they require understanding how multiple levels of abstraction are implemented. Attacks may rely on, or exploit, implementation details of one or more layers below the source code level of abstraction.The purpose of this paper is to illustrate this cross-layer nature of security by discussing old and new examples of cross-layer security issues, and by providing a classification of these issues.

show abstract

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors

Cited by 19 publications

References 34 publications

CopyCat: Controlled Instruction-Level Attacks on Enclaves

CopyCat: Controlled Instruction-Level Attacks on Enclaves

GAROTA: Generalized Active Root-Of-Trust Architecture

Security across abstraction layers: old and new examples

Contact Info

Product

Resources

About