apps apps ram ring 0 2 os hypervisor os hypervisor remote
play

! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor - PowerPoint PPT Presentation

May 28, 2023 •282 likes •599 views

Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

  1. Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

  2. Trusted Execution Environments (TEEs) Other Sensitive Other Other Ring 3 Integrity Confidentiality Apps App ! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected Trusted Memory Untrusted “Enclave” Trustworthy Hardware Keystone: an Open Framework for Architecting Trusted Execution Environments 2

  3. Trusted Execution Environments (TEEs) Other Sensitive Other Other Ring 3 Integrity Confidentiality Apps App ! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Reducing Trusted Computing Base (TCB) Remote Attestation Trusted Protected Memory Untrusted Trustworthy Hardware Keystone: an Open Framework for Architecting Trusted Execution Environments 3

  4. Challenges in Existing TEEs Security SGX TrustZone SEV Functionality Performance Keystone: an Open Framework for Architecting Trusted Execution Environments 4

  5. Challenges in Existing TEEs Security SGX TrustZone Fixed Design Decisions SEV Functionality Performance Keystone: an Open Framework for Architecting Trusted Execution Environments 5

  6. Challenges in Existing TEEs Security Closed-Source Hardware SGX TrustZone Fixed Design Decisions SEV Functionality Performance Keystone: an Open Framework for Architecting Trusted Execution Environments 6

  7. Technical Contributions q Keystone: Customizable RISC-V TEEs Fine-Grained Modular Minimal No µarch Configuration Extensions TCB Modification q Framework q Open-Source Ø Extensive benchmarking Ø Full-stack available Ø Real-world applications Ø Community-driven efforts Ø Multi-platform deployment Ø TEE verification & research Keystone: an Open Framework for Architecting Trusted Execution Environments 7

  8. Keystone Architecture and Trust Model Trusted User Higher Privilege (U-mode) Supervisor C0 C1 C2 C3 (S-mode) Root of Trust ! Machine (M-mode) Optional HW Trusted Hardware Keystone: an Open Framework for Architecting Trusted Execution Environments 8

  9. Keystone Architecture and Trust Model Trusted Enclave Enclave User App App App App App App Higher Privilege (U-mode) Supervisor OS Runtime Runtime (S-mode) Machine Security Monitor (SM) (M-mode) Trusted C C C C 0 1 2 3 Hardware Root of Trust ! Optional HW Keystone: an Open Framework for Architecting Trusted Execution Environments 9

  10. Keystone Architecture and Trust Model Enclave Enclave User App App App App App App (U-mode) Supervisor OS Runtime Runtime (S-mode) Machine Security Monitor (SM) (M-mode) Hardware-Enforced and Software-Defined Isolation Keystone: an Open Framework for Architecting Trusted Execution Environments 10

  11. Enclave App App Memory Isolation via RISC-V PMP App App App OS Runtime Entries Accessibility defined by each entry Security Monitor (SM) PMP0 Accessibility Higher Priority PMP1 Can Can’t PMP2 Undefined … PMP7 SM Enclave 1 Enclave 2 Physical Memory Keystone: an Open Framework for Architecting Trusted Execution Environments 11

  12. Enclave App App Memory Isolation via RISC-V PMP App App App OS Runtime Entries Accessibility defined by each entry Security Monitor (SM) PMP0 Accessibility Higher Priority PMP1 Can Can’t PMP2 Undefined … PMP7 SM Enclave 1 Enclave 2 Physical Memory Keystone: an Open Framework for Architecting Trusted Execution Environments 12

  13. Keystone Architecture and Trust Model Enclave Enclave User App App App App App App (U-mode) Supervisor OS Runtime Runtime (S-mode) Machine Security Monitor (SM) (M-mode) What Does Keystone Runtime Do? Keystone: an Open Framework for Architecting Trusted Execution Environments 13

  14. What does Keystone Runtime Do? User App Enclave App App (U-mode) " $ Supervisor OS Runtime (S-mode) ⚙ % Machine ! Security Monitor (SM) (M-mode) Keystone: an Open Framework for Architecting Trusted Execution Environments 14

  15. What does Keystone Runtime Do? User App Enclave App seL4 App App (U-mode) Interface Interface Supervisor OS Runtime (S-mode) Machine Security Monitor (SM) (M-mode) Keystone: an Open Framework for Architecting Trusted Execution Environments 15

  16. What does Keystone Runtime Do? User App Enclave App seL4 App App (U-mode) paging freemem Supervisor OS (S-mode) I/O syscall libc Machine Security Monitor (SM) (M-mode) Keystone: an Open Framework for Architecting Trusted Execution Environments 16

  17. Memory Management in Keystone ! = untrusted " = page table ⚙ = management Enclave Enclave " App App Enclave App Eapp RT " ⚙ OS " ⚙ Monitor ⚙ OS OS Security Monitor Intel SGX ARM TrustZone Intel SGX Komodo Keystone q Enclave self resource management (e.g., dynamic memory resizing) q Various memory protection mechanisms Keystone: an Open Framework for Architecting Trusted Execution Environments 17

  18. Various Memory Protection Mechanisms Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 18

  19. Various Memory Protection Mechanisms Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Baseline Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 19

  20. Various Memory Protection Mechanisms " Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Cache Partitioning Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 20

  21. Various Memory Protection Mechanisms " " Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption On-Chip Enclave Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 21

  22. Various Memory Protection Mechanisms " " Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Software Encryption Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 22

  23. Various Memory Protection Mechanisms Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 23

  24. Evaluation q Security Analysis Ø Keystone enclave defends various adversary models q Modularity Analysis Ø Keystone supports fine-grained and modular configuration q Trusted Computing Base Analysis Ø Various of real-world applications with a few thousands of LoC q Performance Analysis Ø Security Monitor Overhead Ø Runtime Overhead Ø Cost of Memory Protection Mechanisms Keystone: an Open Framework for Architecting Trusted Execution Environments 24

  25. Evaluation q Security Analysis Ø Keystone enclave defends various adversary models q Modularity Analysis Please check our paper! Ø Keystone supports fine-grained and modular configuration q Trusted Computing Base Analysis Ø Various of real-world applications with less than thousands of LoC q Performance Analysis Ø Security Monitor Overhead Ø Runtime Overhead Ø Cost of Memory Protection Mechanisms Keystone: an Open Framework for Architecting Trusted Execution Environments 25

  26. Runtime Overhead: Memory Management 600 base (other) keyst (other) keyst-dyn (other) base (user) keyst (eapp) keyst-dyn (eapp) Latency (s) 400 200 0 wLderesnet resnext29 LnceptLonv3 resnet50 densenet vgg19 resnet110 squeezenet lenet q Execution overhead q Torch benchmark Ø Min -3.12% (LeNet) Ø Unmodified NN inference Ø Max 7.35% (DenseNet) q Initialization overhead q Dynamic memory resizing Ø Enclave measurement (SHA3) Ø No noticeable overhead Keystone: an Open Framework for Architecting Trusted Execution Environments 26

  27. Cost of Memory Protection Mechanisms O n-chip Execution C ache Partitioning Self P aging Software E ncryption Cache On-Chip Software Baseline Partitioning Enclave Encryption Keystone: an Open Framework for Architecting Trusted Execution Environments 27

  28. Cost of Memory Protection Mechanisms O n-chip Execution C ache Partitioning Self P aging Software E ncryption Keystone: an Open Framework for Architecting Trusted Execution Environments 28

  29. Conclusion q Introduced Keystone, a customizable framework for TEEs q Modular design with fine-grained customizability q Useful for building TEEs for different threat models, functionality, and performance requirements q Keystone is fully open-source under BSD 3-Clause Ø https://keystone-enclave.org Keystone: an Open Framework for Architecting Trusted Execution Environments 29

  30. Thank You! Keystone: an Open Framework for Architecting Trusted Execution Environments 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Trusted Hardware Sai Krishna Deepak Maram, CS 6410 Move to a Cloud-based model User apps User

Trusted Hardware Sai Krishna Deepak Maram, CS 6410 Move to a Cloud-based model User apps User

Trusted Hardware Sai Krishna Deepak Maram, CS 6410 Move to a Cloud-based model User apps User apps PaaS Software Software Cloud Provider manages the Hypervisor Hypervisor stack OS OS Move to a Cloud-based model Privileged User apps

591 views • 28 slides
To Towards End-to to-en end TEE Ve Verification with Keystone Shweta Shinde UC Berkeley

To Towards End-to to-en end TEE Ve Verification with Keystone Shweta Shinde UC Berkeley

To Towards End-to to-en end TEE Ve Verification with Keystone Shweta Shinde UC Berkeley TEEs reduce the Trusted Computing Base Web Other Server Apps Operating Enclave Systems RAM Ring 3 10 MLOC OS / Hypervisor CVEs in Linux

639 views • 19 slides
Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations Separation

850 views • 63 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi,

Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi,

Hyper-Cube High-Dimensional Hypervisor Fuzzing Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wrner and Thorsten Holz Chair for Systems Security Ruhr-Universitt Bochum Motivation Hypervisor Motivation Hypervisor VM 1 VM 2

688 views • 53 slides
Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can crash OS wants to be your friend Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

548 views • 17 slides
Using the Xen Hypervisor to Turbocharge OS Deployment Mike D. Day Ryan Harper Anthony Liguori

Using the Xen Hypervisor to Turbocharge OS Deployment Mike D. Day Ryan Harper Anthony Liguori

Using the Xen Hypervisor to Turbocharge OS Deployment Mike D. Day Ryan Harper Anthony Liguori Andrew Theurer Michael Hohnbaum Real-world Hypervisor Applications Make more efficient use of expensive hardware Server Consolidation

633 views • 24 slides
Enhance protection from security bugs in the Xen hypervisor Anthony PERARD Xen architecture

Enhance protection from security bugs in the Xen hypervisor Anthony PERARD Xen architecture

Enhance protection from security bugs in the Xen hypervisor Anthony PERARD Xen architecture Dom0 VMs QEMU Xen Scheduler MMU vPIC Memory CPUs I/O HW Emulation in hypervisor For performance Examples: Interrupt controller

859 views • 20 slides
Sun TM xVM Hypervisor Gary Pennington Solaris Kernel Engineer April 24, 2008 USE IMPROVE

Sun TM xVM Hypervisor Gary Pennington Solaris Kernel Engineer April 24, 2008 USE IMPROVE

USE IMPROVE EVANGELIZE Sun TM xVM Hypervisor Gary Pennington Solaris Kernel Engineer April 24, 2008 USE IMPROVE EVANGELIZE Agenda Hypervisors 101 Introduction to Sun TM xVM Hypervisor Use Cases Using the hypervisor

731 views • 36 slides
F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS CEO of large social network in annual development conference 2 months ago Shared vision for next 2 decades: past : with advent of PCs, companies

498 views • 14 slides
The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2

The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2

The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2 App 3 Buggy apps can crash OS Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

1.15k views • 67 slides
Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare metal. Dedicated virtualization machine. Higher performance. Typical for servers. Type 2 Virtualization Hypervisor sits on

571 views • 17 slides
By: Taylor Thomas & Ashley Fischer There are apps for just about EVERYTHING! There are

By: Taylor Thomas & Ashley Fischer There are apps for just about EVERYTHING! There are

By: Taylor Thomas & Ashley Fischer There are apps for just about EVERYTHING! There are new apps being developed and posted everyday. Some of the best apps you will ever find are FREE! There are two ways to download apps for

606 views • 38 slides
Adaptive Progressive Web Apps PWA Progressive Web Apps are just great websites that can behave

Adaptive Progressive Web Apps PWA Progressive Web Apps are just great websites that can behave

Adaptive Progressive Web Apps PWA Progressive Web Apps are just great websites that can behave like native apps Progressive Web Apps are just great apps, powered by Web technologies and delivered with Web infrastructure.

454 views • 32 slides
Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing

Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing

Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing Hypervisor Based Malware Analysis and Visualization Danny Quist Danny Quist Lorie Liebrock New Mexico Tech Computer Science Dept. Offensive

898 views • 64 slides
2015-16 Results: Thank You! Goal = 415,000 apps Actual = 427,695 apps $30,000 in

2015-16 Results: Thank You! Goal = 415,000 apps Actual = 427,695 apps $30,000 in

More Than a Meal Campaign 2016-17 Two applications, one deadline, many student resources 2015-16 Results: Thank You! Goal = 415,000 apps Actual = 427,695 apps $30,000 in recognition awards $60M/3 yrs in new revenue to the

345 views • 10 slides
The Origins of Silicon Valley: Why and How It Happened Paul Wesling, H-P (retired), IEEE Life

The Origins of Silicon Valley: Why and How It Happened Paul Wesling, H-P (retired), IEEE Life

The Origins of Silicon Valley: Why and How It Happened September 25, 2019 Lehigh Valley Section, IEEE at Lehigh University The Origins of Silicon Valley: Why and How It Happened Paul Wesling, H-P (retired), IEEE Life Fellow

1.08k views • 38 slides
United Nation-South Africa Symposium on Basic Space Science Technology Panel Discussion on

United Nation-South Africa Symposium on Basic Space Science Technology Panel Discussion on

United Nation-South Africa Symposium on Basic Space Science Technology Panel Discussion on Fostering Cost effective and need-driv iven Space program in in Afric ica towards reduction in in satell llit ite mis ission cost By: Quansah

512 views • 25 slides
Key Export Markets for U.S. Defense Suppliers A quantitative analysis of Indonesia Prepared for:

Key Export Markets for U.S. Defense Suppliers A quantitative analysis of Indonesia Prepared for:

EDITED FOR PUBLIC RELEASE PRIVATE & CONFIDENTIAL Key Export Markets for U.S. Defense Suppliers A quantitative analysis of Indonesia Prepared for: August 2016 Indonesia: Budget Transparency Regional security concerns spur ambitious

653 views • 5 slides
Informatics as the Key Driver of a Universitie s Strategic Development Plan Wilhelm Schfer

Informatics as the Key Driver of a Universitie s Strategic Development Plan Wilhelm Schfer

Informatics as the Key Driver of a Universitie s Strategic Development Plan Wilhelm Schfer Vice-President Research and Junior Academics Faculties: Reseach Profile: Arts and Humanities Mechatronics and Embedded Systems

521 views • 14 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel McCallum Sr. Principal Engineer Trusted Execution Environments Trusted Execution Environments Host TEE TEE is a protected area within the host,

1.05k views • 22 slides
Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia

1.1k views • 51 slides
OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File System ELC Europe 2017, 23.10.2017 Marc Kleine-Budde <mkl@pengutronix.de> Slide 1 - http://www.pengutronix.de - 2017-10-23 Overview ARM

1.06k views • 18 slides

More recommend