Securing Applications from Untrusted Operating Systems using Enclaves
COM2 Level 4
Executive Classroom, COM2-04-02
Abstract:
For decades, we have been building software with the default assumption of a trusted underlying stack such as the operating system. From a security standpoint, the status quo has been a hierarchical trust model, where trusting one layer implies trusting all the layers underneath it. However, with new usage models such as outsourced computing and analytics on third-party cloud services, trusting the operating system is no longer an option.
As a result, modern CPUs have started supporting new abstractions which address the threats of an untrusted operating system. Intel Software Guard Extensions (SGX) is one such new security capability available in commodity CPUs shipping from 2015. It allows user-level application code to execute in enclaves which are isolated from all other software on the system, even from the privileged operating system or hypervisor. However, these architectural solutions offer a trade-off between security, ease of usability, and compatibility with legacy software (both operating systems and applications).
In this thesis, we envision a low trusted computing base(TCB), POSIX-compatible, side-channel resistant, and a formally verified solution which allows users to securely execute their applications on an untrusted operating system. To this end, we first build architectural support to execute user-level applications in an isolated execution environment. This architecture design is akin Intel SGX extensions, albeit achieving compatibility and scalability with legacy applications. Second, we build a low-TCB solution to execute legacy applications on Intel SGX platform. Third, we demonstrate the threat of a new class of attacks called page fault side-channel on cryptographic library implementations executing in Intel SGX. We build systematic defenses in hardware as well as software to prevent leakage via this side-channel. Finally, we formally model the class of attacks that the OS can launch against SGX enclaves via the filesystem API; and develop a complete set of formally verified specifications and implementation to disable them.