Securing Applications from Untrusted Operating Systems using Enclaves
COM2 Level 4
Executive Classroom, COM2-04-02
Abstract:
Intel SGX, a new security capability in emerging CPUs, allows user-level application code to execute in hardware-isolated enclaves. Enclave memory is isolated from all other software on the system, even from the privileged OS or hypervisor. While being a promising hardware-rooted building block, enclaves have severely limited capabilities, such as no native access to system calls and standard OS abstractions. These OS abstractions are used ubiquitously in real-world applications but are disabled in enclaves for security.
In this thesis, we propose methods to develop a low-TCB, compatible and side-channel resistant platforms for securely executing commodity applications in enclaves. Our new system called Panoply which bridges the gap between the SGX-native abstractions and the standard OS abstractions which feature-rich, commodity Linux applications require. Panoply provides a new abstraction called a micro-container (or a micron), which is a unit of code and data isolated in SGX enclaves. Microns expose the standard POSIX abstractions to application logic, including access to file systems, network, multi-threading, multi-processing and thread synchronization primitives while achieving two orders of magnitude lower TCB.
Enclaved-execution systems are vulnerable to the page fault side-channel. We show that these pigeonhole-attacks have sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines. To mitigate this attack, we propose a software-only defense that masks page fault patterns by determinising the programs memory access behavior. Alternative, our hardware-assisted defense achieves this guarantee with drastically reduced overheads.
Our new architecture feature called PodArch makes it easy to import executables on an OS without risking the target systems security or the execution of the imported application. PodArch is implemented as a backwards-compatible extension to the Intel ISA, and overall, offers strong compatibility with existing applications and OSes beyond those offered by several existing architectural primitives like enclaves.