autarky closing controlled channels with self paging
play

Autarky: Closing controlled channels with self-paging enclaves Meni - PowerPoint PPT Presentation

Jul 12, 2023 •662 likes •971 views

Autarky: Closing controlled channels with self-paging enclaves Meni Orenbach, Technion Andrew Baumann, Microsoft Research Mark Silberstein, Technion Public cloud computing Enclave Enclave Enclave Sensitive data 29-Apr-20 Meni Orenbach,

  1. Autarky: Closing controlled channels with self-paging enclaves Meni Orenbach, Technion Andrew Baumann, Microsoft Research Mark Silberstein, Technion

  2. Public cloud computing Enclave Enclave Enclave Sensitive data 29-Apr-20 Meni Orenbach, EuroSys 2020 2

  3. Intel SGX • Isolated user-mode environment • Commodity CPUs Enclave Enclave • Small trusted computing base Enclave • CPU • Enclave’s code and data • Confidentiality Operating • Integrity System 29-Apr-20 Meni Orenbach, EuroSys 2020 3

  4. Page fault side-channel attack Original Recovered • OS-level attacker • Induces page faults • Tracks faulted address • Infer secrets content that depends on page access patterns • Control-dependent accesses • Data-dependent accesses Xu, Y., Cui, W. and Peinado, M., 2015. Controlled-Channel Attacks: Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. 29-Apr-20 Meni Orenbach, EuroSys 2020 4

  5. Controlled-channel attack • Precursor to other attacks • Foreshadow [Usenix Security’18] • Sgxspectre [arXiv’18] • LVI [IEEE S&P’20] • Microscope [ISCA’19] • Zombieload [CCS’19] Why? • Attacker controls the channel • Precise • No noise 29-Apr-20 Meni Orenbach, EuroSys 2020 5

  6. Agenda Background Controlled-Channel Attack Self-Paging Enclaves Evaluation

  7. SGX virtual memory protection • SGX validates the OS does not insert spurious mappings SGX Reverse page table Page table (Inaccessible by OS) (maintained by OS) PA VA VA PA f0000 10000 10000 f0000 • SGX does not validate the prescence of expected mappings 29-Apr-20 Meni Orenbach, EuroSys 2020 7

  8. The missing component Side-channel Active mapping SGX attacks defense attacks defense ? Reverse page table Validate presence of Validate mapping expected mappings 29-Apr-20 Meni Orenbach, EuroSys 2020 8

  9. Implication: Controlled channel attack I know that key[i]=1 Enclave SGX Application code Page fault Page fault Reverse Operating resolve fault on 0x5000 on 0x2000 page for (i=0;i<key_len;i++) table System if (key[i] == 1) Resume mul(msg); VA PA P Branch in page 0x5000 PF addr: 0x2000 PF addr: 0x5000 1 0 5000 f0000 2000 e0000 0 Function in page 0x2000 29-Apr-20 Meni Orenbach, EuroSys 2020 9

  10. Existing Software Mitigations • Detect attack due to high frequency of exceptions • Restrict demand-paging • False positive occurrence • Provably obfuscate all memory accesses • Orders of magnitude performance impact [1] Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. T-SGX: eradicating controlled- channel attacks against enclave programs. In NDSS’2017. [2] Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. Varys: Protecting SGX enclaves from practical side-channel attacks. Software mitigations are limited In USENIX ATC’2018. [3] Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In Asia CCS’2017. [4] Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. ZeroTrace : Oblivious memory primitives from Intel SGX. In NDSS’2018. 29-Apr-20 Meni Orenbach, EuroSys 2020 10

  11. Existing Hardware Mitigations • Private enclave page tables Enclave modify Requires major changes to SGX internals since SGX is entangled with the x86 architecture [1] Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. Sanctum: Minimal hardware extensions for strong software isolation. In USENIX Securi ty’ 2016. [2] Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanović. Keystone: A framework for architecting TEEs. In Eurosys’2020. [3] Shaizeen Aga and Satish Narayanasamy. InvisiPage : Oblivious demand paging for secure enclaves. In ISCA ’19 29-Apr-20 Meni Orenbach, EuroSys 2020 11

  12. Our solution: Autarky • Minimal extension to SGX OS-hardware interface • Backward-compatible with SGX • Validate presence of expected mappings Active mapping Side-channel SGX attacks defense attacks defense Reverse Autarky page table 29-Apr-20 Meni Orenbach, EuroSys 2020 12

  13. Agenda Background Controlled-Channel Attack Self-Paging Enclaves Evaluation

  14. Design principles Give enclave power to control Force the OS to call all page faults the enclave on every page fault Enclave-OS cooperative paging Hide fault information from Force the OS to call the OS the enclave on every Secure demand-paging Secure demand-paging page fault Enclave can enforce its own paging policy

  15. Design overview Enclave Operating System Legacy application Autarky paging module Autarky runtime Cooperative paging Paging mechanism Paging policy Part of Attack detection Library OS, SDK, etc.

  16. Self-Paging Enclaves Enclave SGX Application code Page fault Reverse Operating 0x0 page mov %rax, 0(10000) table System Resume PF addr: 0x10000 VA PA P 0 10000 f0000

  17. Self-Paging Enclaves Enclave SGX Application code Page fault Reverse Operating 0x0 page mov %rax, 0(10000) table System Resume Resume PF addr: 0x10000 VA PA P Enter page fault 0 handler 10000 f0000 Self-paging fault handler Secure tracking Custom Exit VA Present paging policy 10000 1 Attack detected!

  18. Enclave can protect against spurious page faults Original attack required millions of page faults. Removing control is a huge improvement

  19. Support for legitimate page faults Enclave SGX Application code Page fault Reverse Operating Fetch(10000) 0x0 page mov %rax, 0(10000) table System PF addr: 0x10000 Self-paging fault handler Secure tracking Custom Fetch(10000) VA Present paging policy Naïve paging policy leaks Naïve paging policy leaks 10000 0

  20. Paging policy: part of the enclave’s runtime Control the leakage

  21. Agenda Background Controlled-Channel Attack Self-Paging Enclaves Paging policies Evaluation

  22. Rate-limiting policy Unmodified Enforced by • Used by state-of-the-art binaries architecture software mitigations • Put a limit on the rate of exceptions Limit only Low Enclave • Low security guarantees page faults overhead controls paging policy [1] Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. T-SGX: eradicating controlled- channel attacks against enclave programs. In NDSS’2017. [2] Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. Varys: Protecting SGX enclaves from practical side-channel attacks. In USENIX ATC’2018. [3] Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In Asia CCS’2017.

  23. ORAM policy • Provably obfuscates distribution of memory accesses • Prior solutions show substantial performance cost • Autarky is order-of-magnitude faster and makes it practical • Invoke ORAM only for paging See paper for more details [1] Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. ZeroTrace : Oblivious memory primitives from Intel SGX. In NDSS’2018. [2] Meni Orenbach, Yan Michalevsky, Christof Fetzer, and Mark Silberstein. CoSMIX: A compiler-based system for secure memory instrumentation and execution in enclaves. In Usenix ATC’2019. 23

  24. Novel page clusters policy Some applications do not need oblivious paging across all pages Page clusters: cooperative paging for all pages in the cluster Actual faulted address is hidden from the OS Actual page access is not leaked Upon page fault: Fetch all pages belonging to Non-sensitive page cluster C B A B C C Enclave pages 29-Apr-20 Meni Orenbach, EuroSys 2020 24

  25. Page clusters policy use cases Spelling Server Attacker learns victim access to a dictionary. English Not which word queried word, language Hebrew Greek Similarly for libraries: Attacker learns library access, not which function executed. 29-Apr-20 Meni Orenbach, EuroSys 2020 25

  26. More details • SGX1 and SGX2 cooperative paging mechanisms • Eliminate accessed, dirty bit leakage • Practical optimizations • - Remove extra enclave crossing on page faults • - Remove all enclave crossings on page faults

  27. Agenda Background Controlled-Channel Attack Self-Paging Enclaves Evaluation

  28. Memcached stores > 2x available memory Issuing random 1KB GET requests 30% slower due to ORAM only 60% slower enclave crossing overhead compared to insecure Throughput baseline decreases as each page fault fetches 10 pages ORAM has better cache Just 7% slower Throughput increases due to less paging utilization than page clusters 29-Apr-20 Meni Orenbach, EuroSys 2020 28

  29. Conclusion • Autarky mitigates the controlled-channel attack • Practical modifications to the architecture • Runtime with a secure paging policy • Maintains backward compatibility • Operating system • Demand-paging • Attack is not unique to SGX enclaves • Retrofit Autarky for other enclave environments! Thank you! 29-Apr-20 Meni Orenbach, EuroSys 2020 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Memory and Paging 6A. Introduction to Swapping and Paging 6B. Paging MMUs and Demand

Virtual Memory and Paging 6A. Introduction to Swapping and Paging 6B. Paging MMUs and Demand

4/12/2016 Virtual Memory and Paging 6A. Introduction to Swapping and Paging 6B. Paging MMUs and Demand Paging Operating Systems Principles 6C. Replacement Algorithms Virtual Memory and Paging 6D. Thrashing and Working Sets 6E. Other

205 views • 8 slides
Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre

Abusing hardware for fun and profit Agenda Cache-based Covert channels w/ demo Spectre and Meltdown from covert channels Process isola8on + OS (CS 423) OS paging OS services 0x00000000 Communica&lt;on to other processes

568 views • 15 slides
Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races CS 563 Young Li 10/31/18 Intel Software Guard eXtensions (SGX) and Hyper-Threading What is Intel SGX? Set of CPU instructions Present in

718 views • 44 slides
Outline Paging 1 2 Eviction policies 3 Thrashing 4 Details of paging 5 The user-level perspective

Outline Paging 1 2 Eviction policies 3 Thrashing 4 Details of paging 5 The user-level perspective

Outline Paging 1 2 Eviction policies 3 Thrashing 4 Details of paging 5 The user-level perspective 6 Case study: 4.4 BSD 1 / 47 Paging Use disk to simulate larger virtual than physical mem 2 / 47 Working set model # of accesses virtual

804 views • 57 slides
Memory: Paging Summer 2011 Cornell University 1 Today What is paging and why do we need

Memory: Paging Summer 2011 Cornell University 1 Today What is paging and why do we need

CS 4410 Operating Systems Memory: Paging Summer 2011 Cornell University 1 Today What is paging and why do we need it? Paging Address translation scheme Page table Implementation of page table TLB Structure of page

486 views • 23 slides
MobiArch 2008 MobiArch 2008 Shall we apply paging technologies to Shall we apply paging

MobiArch 2008 MobiArch 2008 Shall we apply paging technologies to Shall we apply paging

MobiArch 2008 MobiArch 2008 Shall we apply paging technologies to Shall we apply paging technologies to Proxy Mobile IPv6 ? Jong-Hyouk Lee, Tai-Myoung Chung (Sungkyunkwan University, Korea) J H k L T i M Ch (S k k U i it K )

293 views • 13 slides
Introduction to N2SRP INAP-Controlled IVR N-SQUARED SOFTWARE What is N2SRP? N2SRP is an

Introduction to N2SRP INAP-Controlled IVR N-SQUARED SOFTWARE What is N2SRP? N2SRP is an

Introduction to N2SRP INAP-Controlled IVR N-SQUARED SOFTWARE What is N2SRP? N2SRP is an INAP- Controlled SIP IVR platform a Specialized Resource Platform (ITU -T Q.1200) The key features of an SRP are: Voice Channels are

574 views • 20 slides
Last Class: Paging &amp; Segmentation Paging: divide memory into fixed-sized pages, map to

Last Class: Paging &amp; Segmentation Paging: divide memory into fixed-sized pages, map to

Last Class: Paging &amp; Segmentation Paging: divide memory into fixed-sized pages, map to frames (OS view of memory) Segmentation: divide process into logical segments (compiler view of memory Combine paging and segmentation

332 views • 19 slides
Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging

Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging

Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing Other Considerations Demand Segmentation Silberschatz,

643 views • 48 slides
Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging

Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging

Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing Other Considerations Demand Segmenation Silberschatz and

910 views • 28 slides
Chapter 6 Marks and Channels Vis/Visual Analytics, Chap 6 Marks/Channels 1 CGGM Lab., CS

Chapter 6 Marks and Channels Vis/Visual Analytics, Chap 6 Marks/Channels 1 CGGM Lab., CS

Chapter 6 Marks and Channels Vis/Visual Analytics, Chap 6 Marks/Channels 1 CGGM Lab., CS Dept., NCTU Jung Hong Chuang The Big Picture Marks Basic graphical elements in an image Channels Visual channels to control the

667 views • 43 slides
Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging Page

Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging Page

' $ Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing Other Considerations Demand Segmentation &amp; %

254 views • 14 slides
Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging Page

Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging Page

' $ Module 9: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing Other Considerations Demand Segmentation &amp; %

576 views • 28 slides
Operating Systems Paging Lecture 10 Michael OBoyle 1 Overview Paging Page Tables

Operating Systems Paging Lecture 10 Michael OBoyle 1 Overview Paging Page Tables

Operating Systems Paging Lecture 10 Michael OBoyle 1 Overview Paging Page Tables TLB Shared Pages Hierarchical Pages Hashed Pages Inverted Pages Uses 2 Address Translation Scheme Address

614 views • 33 slides
Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a

Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a

Introduction to Computer Programming Count Controlled CSCI-UA.0002-008 Loops Count Controlled Loops A count controlled loop is a repetition structure that iterates a specific number of times In contrast, a condition controlled loop iterates a

560 views • 39 slides
Opera&amp;ng Systems ECE344 Lecture 8: Paging Ding Yuan

Opera&amp;ng Systems ECE344 Lecture 8: Paging Ding Yuan

Opera&amp;ng Systems ECE344 Lecture 8: Paging Ding Yuan Lecture Overview Today well cover more paging mechanisms: Op&amp;miza&amp;ons Managing page

523 views • 33 slides
CS 744: NAIAD Shivaram Venkataraman Fall 2019 ADMINISTRIVIA - Course Project Proposal

CS 744: NAIAD Shivaram Venkataraman Fall 2019 ADMINISTRIVIA - Course Project Proposal

CS 744: NAIAD Shivaram Venkataraman Fall 2019 ADMINISTRIVIA - Course Project Proposal feedback - Midterm grades - Checkins? Applications Machine Learning SQL Streaming Graph Computational Engines Scalable Storage Systems Resource

386 views • 19 slides
ALD Basics: ALD on Powders December 19 th , 2019 dhiggs@forgenano.com smoulton@forgenano.com A

ALD Basics: ALD on Powders December 19 th , 2019 dhiggs@forgenano.com smoulton@forgenano.com A

Webinar ALD Basics: ALD on Powders December 19 th , 2019 dhiggs@forgenano.com smoulton@forgenano.com A LITTLE BIT ABOUT US Founded in 2013 30 Employees 1,500 m 2 facility in Louisville, CO, USA Expansion in 2020 Mission: To become the world

1.09k views • 52 slides
The Coach Is Is In In: Shape Your QI I Project TODAY Room - Pinn innacle le II II Come

The Coach Is Is In In: Shape Your QI I Project TODAY Room - Pinn innacle le II II Come

The Coach Is Is In In: Shape Your QI I Project TODAY Room - Pinn innacle le II II Come armed with the projects that you are currently working on. This one-on-one mentorship session will offer advice and coaching opportunity with QI

846 views • 16 slides
Reaction Monitoring Kelly Ruggles kelly@fenyolab.org New York University Traditional

Reaction Monitoring Kelly Ruggles kelly@fenyolab.org New York University Traditional

Protein Quantitation II: Multiple Reaction Monitoring Kelly Ruggles kelly@fenyolab.org New York University Traditional Affinity-based proteomics Use antibodies to quantify proteins RPPA Western Blot Immunohistochemistry ELISA

730 views • 45 slides
Space Robotics and the GER: An Industrial Perspective Christian Sallaberger Vice-President &amp;

Space Robotics and the GER: An Industrial Perspective Christian Sallaberger Vice-President &amp;

Space Missions GER Panel 3: Near-Term Implementation Ideas, Strategies and Plans Space Robotics and the GER: An Industrial Perspective Christian Sallaberger Vice-President &amp; Director, Space Exploration MDA GER Opening Observations

376 views • 9 slides
A SerDes Balancing Act: Co-Optimizing Tx and Rx Equalization Settings to Maximize Margin Donald

A SerDes Balancing Act: Co-Optimizing Tx and Rx Equalization Settings to Maximize Margin Donald

A SerDes Balancing Act: Co-Optimizing Tx and Rx Equalization Settings to Maximize Margin Donald Telian, Owner SiGuys Todd Westerhoff, VP SiSoft AGENDA A SerDes Balancing Act Introduction Co-Optimization Examples How to Co-Optimize

321 views • 29 slides
EBCE Data Analytics Platform Ta j Ait-Laoussine February 13, 2019 The EBCE Platform in Context

EBCE Data Analytics Platform Ta j Ait-Laoussine February 13, 2019 The EBCE Platform in Context

EBCE Data Analytics Platform Ta j Ait-Laoussine February 13, 2019 The EBCE Platform in Context External Online Trade Network Services Information Resources Product Marketplace Customer Resources CCA Email Interactive Voice Personalized

479 views • 8 slides
American Workers Nicole Maestas, Harvard and NBER Kathleen J. Mullen, RAND and IZA Stephanie

American Workers Nicole Maestas, Harvard and NBER Kathleen J. Mullen, RAND and IZA Stephanie

C ENTER for D ISABILITY R ESEARCH Absenteeism and Presenteeism Among American Workers Nicole Maestas, Harvard and NBER Kathleen J. Mullen, RAND and IZA Stephanie Rennane, RAND DRC Sixth Annual Meeting August 1, 2018 Funding from DRC grant #5

495 views • 16 slides

More recommend