Sgxbounds

Kuvaiskii, Dmitrii; Oleksenko, Oleksii; Arnautov, Sergei; Trach, Bohdan; Bhatotia, Pramod; Felber, Pascal; Fetzer, Christof

doi:10.1145/3064176.3064192

Cited by 86 publications

(9 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to the traditional approaches to ensure that the supervisor is correctly designed, we also need to ensure that it is correctly executed. Specifically, related work investigates the correct execution of the supervisor when executed on potentially unreliable hardware [25], under security attacks [28,5,27] or even protect its integrity despite the existence of CPU design faults [26].…”

Section: Related Workmentioning

confidence: 99%

Towards Dynamic Dependable Systems Through Evidence-Based Continuous Certification

Faqeh

Fetzer

Hermanns

et al. 2020

Leveraging Applications of Formal Methods, Verification and Validation: Engineering Principles

Self Cite

View full text Add to dashboard Cite

Future cyber-physical systems are expected to be dynamic, evolving while already being deployed. Frequent updates of software components are likely to become the norm even for safety-critical systems. In this setting, a full re-certification before each software update might delay important updates that fix previous bugs, or security or safety issues. Here we propose a vision addressing this challenge, namely through the evidence-based continuous supervision and certification of software variants in the field. The idea is to run both old and new variants of component software inside the same system, together with a supervising instance that monitors their behavior. Updated variants are phased into operation after sufficient evidence for correct behavior has been collected. The variants are required to explicate their decisions in a logical language, enabling the supervisor to reason about these decisions and to identify inconsistencies. To resolve contradictory information, the supervisor can run a component analysis to identify potentially faulty components on the basis of previously observed behavior, and can trigger micro-experiments which plan and execute system behavior specifically aimed at reducing uncertainty. We spell out our overall vision, and provide a first formalization of the different components and their interplay. In order to provide efficient supervisor reasoning as well as automatic verification of supervisor properties we introduce SupERLog, a logic specifically designed to this end.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Dynamic Dependable Systems Through Evidence-Based Continuous Certification

Faqeh

Fetzer

Hermanns

et al. 2020

Leveraging Applications of Formal Methods, Verification and Validation: Engineering Principles

Self Cite

View full text Add to dashboard Cite

show abstract

“…And even a binarycompatible SGX LibOS sometimes demands recompilation so that the legacy source code can be modified to work around the hardware limitatations of SGX or the system call limitations of the LibOS. Futhermore, the recompilation of source code provides the opportunity to integrate SGXspecific, compiler-based hardening techniques [42,45].…”

Section: Library Oses For Intel Sgxmentioning

confidence: 99%

Occlum

Shen

Tian

Chen

et al. 2020

Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Syste

View full text Add to dashboard Cite

Intel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library operating systems (LibOSes) to SGX so that legacy applications can run inside enclaves with few or even no modifications. As virtually any non-trivial application demands multiple processes, it is essential for LibOSes to support multitasking. However, none of the existing SGX LibOSes support multitasking both securely and efficiently.This paper presents Occlum, a system that enables secure and efficient multitasking on SGX. We implement the LibOS processes as SFI-Isolated Processes (SIPs). SFI is a software instrumentation technique for sandboxing untrusted modules (called domains). We design a novel SFI scheme named MPXbased, Multi-Domain SFI (MMDSFI) and leverage MMDSFI to enforce the isolation of SIPs. We also design an independent verifier to ensure the security guarantees of MMDSFI. With SIPs safely sharing the single address space of an enclave,

show abstract

“…The Horizon2020 funded research projects under SERECA 3 focus on a number of goals to build secure enclaves. These goals include application partitioning [36], trusted architectures for web services [8,33], container architecture [3] and library support for unmodified applications (SGX-LKL 4 ), better integrity [5] and isolation [7], and enclave memory safety [35] in the cloud.…”

Section: Research Directionmentioning

confidence: 99%

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Küçük

Grawrock²,

Martin

2019

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Many applications are built upon private algorithms, and executing them in untrusted, remote environments poses confidentiality issues. To some extent, these problems can be addressed by ensuring the use of secure hardware in the execution environment; however, an insecure software-stack can only provide limited algorithm secrecy. This paper aims to address this problem, by exploring the components of the Trusted Computing Base (TCB) in hardware-supported enclaves. First, we provide a taxonomy and give an extensive understanding of trade-offs during secure enclave development. Next, we present a case study on existing secret-code execution frameworks; which have bad TCB design due to processing secrets with commodity software in enclaves. This increased attack surface introduces additional footprints on memory that breaks the confidentiality guarantees; as a result, the private algorithms are leaked. Finally, we propose an alternative approach for remote secret-code execution of private algorithms. Our solution removes the potentially untrusted commodity software from the TCB and provides a minimal loader for secret-code execution. Based on our new enclave development paradigm, we demonstrate three industrial templates for cloud applications: 1 computational power as a service, 2 algorithm querying as a service, and 3 data querying as a service.

show abstract

Sgxbounds

Cited by 86 publications

References 55 publications

Towards Dynamic Dependable Systems Through Evidence-Based Continuous Certification

Towards Dynamic Dependable Systems Through Evidence-Based Continuous Certification

Occlum

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Contact Info

Product

Resources

About