advanced systems security attacks on sgx
play

Advanced Systems Security: Attacks on SGX Trent Jaeger Systems - PowerPoint PPT Presentation

Jan 27, 2024 •323 likes •523 views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Attacks on SGX Trent Jaeger

  1. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: � Attacks on SGX Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Intel SGX • Hardware support that eliminates need to trust the operating system Aim to prevent “cold boot” attacks ‣ Does it prevent all OS attacks? ‣ • Some types of attacks become more significant when you do not trust the operating system Iago attacks ‣ Side channels ‣ Runtime attacks (ROP) ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

  3. Cold Boot Attacks • An attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine • Problem: Transient memory may retain values across reboots - for hours by cooling them with a refrigerant • Assume you have a system that has been booted securely, so it runs only secure software And you want to extract secret keys used by such a machine ‣ • Attack Memory modules are removed from victim system ‣ Place in a compatible machine under the attacker's control, which is ‣ then booted to access the memory Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. SGX Blocks Cold Boot Attacks • How does SGX prevent the Cold Boot attack? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

  5. Threats to SGX Processes • However, threats remain for SGX processes What do you think are the sources of threats? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  6. Threats to SGX Processes • However, threats remain for SGX processes What do you think are the sources of threats? ‣ All the untrusted software – especially the operating system ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  7. Operating System Is Threat • Since the operating system was built to be trusted, it performs actions that may be exploited against SGX That have not typically been exploited ‣ At least not to this extent • • Types of attacks Iago attacks ‣ Attacks through system call responses • Side channel attacks ‣ Attacks through shared storage and/or operation timing • Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  8. Iago Attack • What is one major thing we depend on from the OS? System call responses ‣ • While it is hard to prove that an operating system should be trusted (e.g., verification in the reference monitor concept), we typically assume the OS is benign • But, what if it is not Iago attacks paper – Checkoway and Shacham [ASPLOS 2013] ‣ Definition: Attacks in which a malicious kernel induces a protected ‣ process to act against its interests by manipulating system call return values Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  9. Iago Attack • Example Kernel becomes an active network adversary for a trusted ‣ application that needs to communicate remotely Why is this an issue? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  10. Iago Attack • Example Kernel becomes an active network adversary for a trusted ‣ application that needs to communicate remotely Why is this an issue? ‣ • Trusted inputs obtained from kernel to perform crypto operations Kernel can manipulate /dev/random ‣ VMM could prevent such an action ‣ But attack is more subtle • Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

  11. Iago Attack • Example Kernel becomes an active network adversary for a trusted ‣ application that needs to communicate remotely • Application depends on kernel for inputs to crypto Kernel could replay the client connection’s messages from ‣ one client for a fake client Kernel could return same values for getpid and time as ‣ prior connection to reduce entropy Even getpid is an issue – used as a non-repeating nonce for ‣ Apache child process, but malicious OS can repeat PIDs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

  12. Iago Attack • Example Kernel becomes an active network adversary for a trusted ‣ application that needs to communicate remotely • Application depends on kernel for inputs to crypto Kernel could replay the client connection’s messages from ‣ one client for a fake client Kernel could return same values for getpid and time as ‣ prior connection to reduce entropy Even if trusted entity (VMM or SGX) is used for time ‣ source, the kernel can replay with limit (same second) Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

  13. Side Channels • Another challenge is created by side channels available in computing systems Side channels are channels created as side effects of an ‣ implementation Rather than channels designed into a system ‣ • An adversary may learn unauthorized information via side channels, as they are not monitored Typically, a victim – with access to secret data – produces ‣ a signal on one or more side channels An adversary can also take actions to increase the ‣ bandwidth and reliability of the side channel Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  14. Side Channels • Classic side channel attacks measure the time for the victim to perform an operation using secret data • Timing channels Can attack a cryptosystem if an operation takes a ‣ different amount of time based on the inputs provided, such as the key value Does your program have an algorithm whose execution time is • dependent on the value of secret inputs? Square-and-multiply and modular exponentation algorithms used • in cryptography have different execution times depending on the number of ‘1’ bits in the input Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

  15. SGX Side Channels • The SGX approach results in a variety of side channels because we do not trust any other software Page faults ‣ Noise-free, but coarse-grained (page granularity) • Measure cache hit/miss timing ‣ Fine-grained (cache line granularity), but can be noisy • Branch prediction ‣ Other paper • Can manage execution in a fine-grained way using small time • slices Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

  16. Cache Channels • The SGX approach results in a variety of side channels because we do not trust any other software One popular kind of side channel is a cache side channel ‣ In a cache side channel, the adversary primes (fills) or ‣ flushes (invalidates) cache entries shared with the victim to detect victim accesses • One attack PRIME and PROBE Fill a cache line shared with a victim – subsequent access by ‣ adversary will show a slowdown if victim accessed entry • If cache line use depends on input value – detect value Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  17. Cache Channels • The SGX approach results in a variety of side channels because we do not trust any other software One popular kind of side channel is a cache side channel ‣ In a cache side channel, the adversary primes (fills) or ‣ flushes (invalidates) cache entries shared with the victim to detect victim accesses • One attack FLUSH and RELOAD Flush cache line with clflush and reload after victim runs to ‣ detect performance • Advantage: Flushes LLC which applies to all cores Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

  18. Runtime Attacks • SGX may have side channels, but at least it runs programs in a manner that is encrypted to adversary • Should make some runtime attacks harder Such as return-oriented attacks ‣ • But does it? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18

  19. Take Away • Problem: Do not want to trust systems software However, we have not considered the OS as an adversary ‣ deeply yet • Attacks Iago attacks – OS as an active man-in-middle ‣ Side channel attacks – even more side channels and more ‣ effective attacks when controlled by the OS Runtime attacks – still possible against encrypted ‣ processes • Lots of future work to close these holes Systems and Internet Infrastructure Security (SIIS) Laboratory Page 43

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Security Explorative Lecture A brief history of security problems attacks on

Software Security Explorative Lecture A brief history of security problems attacks on

1/30/2020 Software Security Explorative Lecture A brief history of security problems attacks on multi-user UNIX systems for fun viruses & worms attacking operating systems due to buffer overflow, format string attacks, integer

477 views • 37 slides
Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced

Understanding Cyber Risks and Security Options The Spectrum of Cyber Attacks Advanced Persistent Threats (APT) Cybercriminals, Exploits and Malware Denial of Service attacks (DDoS) Domain name hijacking Corporate

347 views • 13 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Capability Systems Trent Jaeger

622 views • 36 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

555 views • 35 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

589 views • 23 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

420 views • 24 slides
Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Multics Trent Jaeger Systems and

569 views • 33 slides
A weakest precondition approach to active analysis attacks analysis Musard Balliu, Isabella

A weakest precondition approach to active analysis attacks analysis Musard Balliu, Isabella

A weakest precondition approach to active attacks A weakest precondition approach to active analysis attacks analysis Musard Balliu, Isabella Mastroeni Musard Balliu Isabella Mastroeni School of Computer Science and Communication Royal

887 views • 74 slides
Newsvendor Model Of Capacity Sharing Vijay G Subramanian EECS Dept., Northwestern University

Newsvendor Model Of Capacity Sharing Vijay G Subramanian EECS Dept., Northwestern University

Newsvendor Model Of Capacity Sharing Vijay G Subramanian EECS Dept., Northwestern University Joint work with R. Berry, M. Honig, T. Nguyen, H. Zhou & R. Vohra 11 th June 2012 W-PIN 2012 Imperial College, London Facing A Spectrum Crunch?

556 views • 39 slides
Banking Case study: Scaling with low latency using NewSQL Jags Ramnarayan (VMWare) Jim

Banking Case study: Scaling with low latency using NewSQL Jags Ramnarayan (VMWare) Jim

Banking Case study: Scaling with low latency using NewSQL Jags Ramnarayan (VMWare) Jim Bedenbaugh (VMWare) Qcon 2012 Agenda Business Requirements Operational data Analysis Problem Statement Scaling pain Introduction to SQLfire Driving

865 views • 47 slides
Problems Caused by Failures Update all account balances at a bank branch. Accounts(Anum, CId,

Problems Caused by Failures Update all account balances at a bank branch. Accounts(Anum, CId,

Transactions 1 Problems Caused by Failures Update all account balances at a bank branch. Accounts(Anum, CId, BranchId, Balance) update Accounts set Balance = Balance * 1.05 where BranchId = 12345 If the system crashes while processing

251 views • 22 slides
Chapter 0 Readers Guide Cryptography and Network Security The art of war teaches us to rely

Chapter 0 Readers Guide Cryptography and Network Security The art of war teaches us to rely

Chapter 0 Readers Guide Cryptography and Network Security The art of war teaches us to rely not on the Overview & Chapter 1 likelihood of the enemy's not coming, but on our own readiness to receive him; not on the ; chance of his not

450 views • 4 slides
CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

Diffie-Hellman key exchange Secure against passive eavesdropping but insecure against a man-in-the-middle attack CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1 2 Adding key

492 views • 5 slides
Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M.

Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M.

Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M. Backes 1 , I. Cervesato 2 , A. D. Jaggard 3 , A. Scedrov 4 , and J.-K. Tsay 4 1 Saarland University, 2 Carnegie Mellon University - Qatar, 3 Tulane

370 views • 18 slides
DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids Cyber-Physical Infrastructures Hui Lin 1 , Jianing Zhuang 1 , Yih-Chun Hu 2 , Huayu Zhou 1 1 University of Nevada, Reno 2 University of Illinois,

574 views • 33 slides

More recommend