bringing memory safety to keystone enclave
play

Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab - PowerPoint PPT Presentation

Jan 12, 2024 •328 likes •662 views

Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop (OSEW 2019) Berkeley, July 2019 https://mesatee.org Rust and Keystone Enclave Open-Source Enclave (RISC-V Hardware/Keystone Enclave) :

  1. Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop (OSEW 2019) Berkeley, July 2019

  2. https://mesatee.org

  3. Rust and Keystone Enclave • Open-Source Enclave (RISC-V Hardware/Keystone Enclave) : openness, simplicity, and flexibility • Rust : Safety, performance, and productivity • Outline : 1. Briefly introduce our progress in bringing Rust to Keystone Enclave 2. Discuss our e ff orts in implementing safe GlobalPlatform TEE APIs implemented in OP-TEE � 3

  4. Why Rust • Memory-safety issues break security guarantees of TrustZone. • Qualcomm's Secure Execution Environment (QSEE) privilege escalation vulnerability and exploit (CVE-2015-6639) : http://bits-please.blogspot.com/ 2016/05/qsee-privilege-escalation-vulnerability.html • Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption : http://bits- please.blogspot.com/2016/06/extracting-qualcomms- keymaster-keys.html � 4

  5. Rust and Keystone Enclave • SDK Overview: https://docs.keystone-enclave.org/en/ latest/Keystone-Applications/SDK-Basics.html • Host libraries ( lib/host ) • Enclave Application libraries ( lib/app ) • Edge libraries ( lib/edge ) • Runtimes ( rts/ ) � 5

  6. Rust Keystone • Target: riscv64imac-unknown-none-elf � 6

  7. TEE Specs • GlobalPlatform TEE specifications • TEE System Architecture ( GPD_SPE_009 ): defines a general TEE architecture • TEE Internal Core API Specification ( GPD_SPE_010 ) • TEE Client API Specification ( GPD_SPE_007 ): defines communication interface between Rich OS apps and trusted apps. • OP-TEE : open portable trusted execution environment in compliance with GlobalPlatform specs. � 7

  8. TrustZone Architecture Secure World Normal World S-EL0 EL0 trusted apps client apps SVC SVC S-EL1 Trusted OS Rich OS EL1 HVC/SMC Hypervisor EL2 SMC SMC S-EL3 Secure Monitor � 8

  9. OP-TEE Implementation Secure World Normal World GlobalPlatform GlobalPlatform trusted apps client apps OP-TEE Internal OP-TEE Client C API Core C API TEE Supplicant TEE TA SDK TEE Client SDK EL0 EL1 OP-TEE Trusted OS Rich OS (OP-TEE driver) ARM Trusted Firmware (Secure Monitor) � 9

  10. Safe SDK Design Secure World Normal World Safe GlobalPlatform Safe GlobalPlatform trusted apps client apps TEE Client API TEE Internal Core API TEE TA SDK TEE Client SDK OP-TEE Trusted OS Rich OS (OP-TEE driver) Rust OP-TEE TrustZone SDK ARM Trusted Firmware (Secure Monitor) � 10

  11. Design of Client SDK client apps Client apps targets: • aarch64-unknown-linux-gnu • arm-unknown-linux-gnu optee-teec third-party crates optee-teec-sys rust/libstd ... libteec C library Rust foundation layer Rust crates Upstream projects � 11

  12. Design of TA SDK trusted apps Two new targets in the Rust compiler/std: • aarch64-unknown-optee-trustzone • arm-unknown-optee-trustzone third-party crates optee-utee ... compiler-builtins libc rust/libstd optee-utee-sys libutil libutee C library Rust foundation layer Rust crates Upstream projects � 12

  13. Project Structure • optee-teec : client-side Rust library (LoC: ~933) • optee-utee : TA-side Rust library (LoC: ~2827) • optee : upstream optee library ( optee_client , optee_os ) • rust : modified Rust including • rust: ~ 29 files changed, 1800 insertions • libc: ~ 4 files changed, 131 insertions • compiler-builtins: ~ 3 files changed, 3 insertions(+), 1 deletion(-) • examples : hello_world , aes , hotp , random , secure_storage , and serde (LoC: ~3373) � 13

  14. Example - Demo in QEMU � 14

  15. ④ ③ ② ① GlobalPlatform TEE API Specification Normal World Secure World TEEC_InitializeContext TA_CreateEntryPoint TEEC_OpenSession TEEC_InvokeCommand TA_OpenSessionEntryPoint TEEC_CloseSession TA_InvokeCommandEntryPoint TEEC_OpenSession TA_CloseSessionEntryPoint TEEC_InvokeCommand TEEC_CloseSession TA_DestroyEntryPoint TEEC_FinalizeContext � 15

  16. Example - Client (Current Design) ParamValue::new() Operation::new() session.invoke_command() Context::new() ctx.open_session() � 16

  17. Example - Trusted App (First Commit) #[no_mangle] pub extern "C" fn TA_CreateEntryPoint() -> TEE_Result { return TEE_SUCCESS; } #[no_mangle] pub extern "C" fn TA_OpenSessionEntryPoint( _paramTypes: ParamTypes, _params: TEE_Param, _sessionContext: SessionP) -> TEE_Result { return TEE_SUCCESS; } 0 => { unsafe { _params[0].value.a += 121; } }, � 17

  18. Example - Trusted App (Current Design) #[ta_create] #[ta_open_session] #[ta_close_session] #[ta_destory] #[ta_invoke_command] � 18

  19. Example - Use Serde Use serde to handle invoke command � 19

  20. Other Examples • hello_world : minimal project structure • aes : crypto, shared memory APIs • hotp : crypto APIs • random : crypto APIs • secure_storage : secure object related APIs • serde : Rust third-party crates for de/serialization • message_passing_interface � 20

  21. Thanks • Rust and Keystone Enclave • Safe GlobalPlatform APIs implemented in OP-TEE • Baidu ❤ Rust • Rust SGX SDK • MesaTEE: A Framework for Universal Secure Computing • MesaLock Linux, MesaLink, MesaPy, etc.

  22. Backup Slides

  23. Example - Client (Initial Design) raw::TEEC_Context raw::TEEC_Session raw::TEEC_Parameter raw::TEEC_Operation raw::TEEC_InitializeContext raw::TEEC_OpenSession raw::TEEC_InvokeCommand raw::TEEC_CloseSession raw::TEEC_FinalizeContext unsafe { } � 23

  24. Example - Project Structure arm-unknown-linux-gnu • host/ : source code of the client app aarch64-unknown-linux-gnu • ta/ : source code of TA arm-unknown-optee-trustzone • ta.lds : linker script aarch64-unknown-optee-trustzone • Xargo.toml : " Cargo.toml " for cross compilation • ta_static.rs : some static data structure for TA • proto/ : shared data structure and configurations like a protocol • Makefile : Makefile to build host and client • uuid.txt : UUID for TA, randomly generated if the file does not exist. � 24

  25. Project Structure - rust/libstd src/librustc_target/spec/aarch64_unknown_optee_trustzone.rs src/libstd/sys/optee/alloc.rs src/libstd/sys/optee/net.rs src/libstd/sys/optee/args.rs src/libstd/sys/optee/os.rs src/libstd/sys/optee/backtrace.rs src/libstd/sys/optee/os_str.rs src/libstd/sys/optee/cmath.rs src/libstd/sys/optee/path.rs src/libstd/sys/optee/condvar.rs src/libstd/sys/optee/pipe.rs src/libstd/sys/optee/env.rs src/libstd/sys/optee/process.rs src/libstd/sys/optee/fs.rs src/libstd/sys/optee/rwlock.rs src/libstd/sys/optee/io.rs src/libstd/sys/optee/stack_overflow.rs src/libstd/sys/optee/memchr.rs src/libstd/sys/optee/stdio.rs src/libstd/sys/optee/mod.rs src/libstd/sys/optee/thread.rs src/libstd/sys/optee/mutex.rs src/libstd/sys/optee/thread_local.rs src/libstd/sys/optee/time.rs � 25

  26. Example: alloc.rs The underlying library of libc is libutil from OP-TEE � 26

  27. Example: thread.rs Thread is not supported in OP-TEE OS. Currently, we will raise a panic. � 27

  28. Background • ARM TrustZone provide trusted execution environment in mobile phone and embedded devices • TrustZone secures mobile payment, identification authentication, key management, AI models, DRM,OS integrity, etc. � 28

  29. TrustZone Architecture An Exploration of ARM TrustZone Technology: https://genode.org/documentation/articles/trustzone � 29

  30. Project Structure • Rust OP-TEE TrustZone SDK : https://github.com/ mesalock-linux/rust-optee-trustzone-sdk • Rust : https://github.com/mesalock-linux/rust • Rust libc : https://github.com/mesalock-linux/libc.git • Rust compiler-builtins : https://github.com/ mesalock-linux/compiler-builtins.git • Wiki : https://github.com/mesalock-linux/rust-optee- trustzone-sdk/wiki � 30

  31. Other Examples • hello_world : minimal project structure • aes : crypto, shared memory APIs • hotp : crypto APIs • random : crypto APIs • secure_storage : secure object related APIs • serde : Rust third-party crates for de/serialization • message_passing_interface � 31

  32. Roadmap • April : open source • May : trusted storage API design, cryptographic operations API design, TEE arithmetical API design, and more third-party Rust crates • Jun : push modified Rust compiler/std to upstream and make OP-TEE TrustZone as an o ffi cial target. • 2019 Q3/4 : more trusted apps such as secure key service, remote attestation, fTPM, and machine learning algorithm. � 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu

Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu

Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu Problem Definition Verifying hyperproperties about the Keystone Security monitor Secure Remote Execution (SRE) : a 2-safety hyperproperty

446 views • 10 slides
To Towards End-to to-en end TEE Ve Verification with Keystone Shweta Shinde UC Berkeley

To Towards End-to to-en end TEE Ve Verification with Keystone Shweta Shinde UC Berkeley

To Towards End-to to-en end TEE Ve Verification with Keystone Shweta Shinde UC Berkeley TEEs reduce the Trusted Computing Base Web Other Server Apps Operating Enclave Systems RAM Ring 3 10 MLOC OS / Hypervisor CVEs in Linux

639 views • 19 slides
Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Process

Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Process

Hardware Enclave Attacks CS261 Threat Model of Hardware Enclaves Intel Attestation Process Service Untrusted (IAS) Enclave Enclave Code Trusted Process Process Enclave Other Data Enclave OS and/or Hypervisor Off-chip devices 2

531 views • 24 slides
74/40 Technology Safety Innovation by ABUS. Bringing SAFETY to the UK insulated steel shackle

74/40 Technology Safety Innovation by ABUS. Bringing SAFETY to the UK insulated steel shackle

74/40 Technology Safety Innovation by ABUS. Bringing SAFETY to the UK insulated steel shackle standard solid aluminium core RH6 profile FDA approved lubricant high precision 6 pin cylinder shackle and plastic housing

869 views • 4 slides
Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray

Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray

Memory Safety for Low- Level Software/Hardware Interactions John Criswell Nicolas Geoffray Vikram Adve Montreal or Bust! Memory Safety Future is Bright User-space memory safety is improving Safe languages SAFECode, CCured, Baggy

556 views • 53 slides
Practical Memory Safety with REST KANAD SINHA & SIMHA SETHUMADHAVAN COLUMBIA UNIVERSITY Is

Practical Memory Safety with REST KANAD SINHA & SIMHA SETHUMADHAVAN COLUMBIA UNIVERSITY Is

Practical Memory Safety with REST KANAD SINHA & SIMHA SETHUMADHAVAN COLUMBIA UNIVERSITY Is memory safety relevant? In 2017, 55% of remote-code execution causing bugs in Microsoft due to memory errors Is memory safety relevant? Yes!

827 views • 47 slides
Memory Tagging: e m p o s r r F e p how it improves C/C++ memory safety. Compiler

Memory Tagging: e m p o s r r F e p how it improves C/C++ memory safety. Compiler

r e l i p e m v o i t c c Memory Tagging: e m p o s r r F e p how it improves C/C++ memory safety. Compiler perspective. Kostya Serebryany , Evgenii Stepanov, Vlad Tsyrklevich (Google) Oct 2018 1 Agenda ARM v8.5

504 views • 29 slides
to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

Building the Digital Keystone Cyber Threats to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn www.keystone.tn Building the Digital Keystone State Sponsored Attacks Political Warfare

519 views • 37 slides
Memory Safety with Rust Will Crichton Todays goals When is memory allocated and deallocated?

Memory Safety with Rust Will Crichton Todays goals When is memory allocated and deallocated?

Memory Safety with Rust Will Crichton Todays goals When is memory allocated and deallocated? Where does memory live? What kinds of pointers does Rust have? Memory management goal: Allocate memory when you need it, and free it when

614 views • 24 slides
About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production Environments Student: Benjamin Taubmann PhD stage: Third year, finisher Advisor: Prof. Dr. Hans P. Reiser Affiliation: Assistant Professorship of

313 views • 8 slides
Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch

Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch

Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch Hardware Enclaves A trusted component in an untrusted system Protected memory isolates enclave from compromised OS Untrusted System Enclave

505 views • 34 slides
Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are

Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are

Bridging Clouds with Keystone to Keystone Federation Vishakha Agarwal Colleen Murphy Who are we? Vishakha Agarwal (vishakha) Senior Member Technical Staff at NEC Keystone contributor Colleen Murphy (cmurphy)

568 views • 30 slides
Verifying enclave systems with Serval Luke Nelson w/ James Bornholt, Ronghui Gu, Andrew Baumann,

Verifying enclave systems with Serval Luke Nelson w/ James Bornholt, Ronghui Gu, Andrew Baumann,

Open Source Enclave Workshop July 2019 Berkeley, CA Verifying enclave systems with Serval Luke Nelson w/ James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, Xi Wang University of Washington, Columbia University, Microsoft Research 1

435 views • 14 slides
Bringing More Safety & Less Stress to New Orleans Streets with improved biking, walking, and

Bringing More Safety & Less Stress to New Orleans Streets with improved biking, walking, and

Bringing More Safety & Less Stress to New Orleans Streets with improved biking, walking, and transit Mobility is a Challenge in New Orleans Year after year, New Orleans ranks poorly in the SAFETY of people on our roadways Dangerous

628 views • 37 slides
KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh

KEYSTONE: the last missing framework for Reverse Engineering www.keystone-engine.org NGUYEN Anh Quynh <aquynh -at- gmail.com> RECON - June 19th, 2016 1 / 48 NGUYEN Anh Quynh KEYSTONE: the last missing framework for Reverse Engineering

731 views • 48 slides
Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series

Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series

Keystone Policy Series CENSUS 2020 Update for PA Funders Welcome! Keystone Policy Series This webinar is being recorded and will available for distribution following todays program. All lines will be muted during this call, please

341 views • 30 slides
Whittier Street Apartments Choice Neighborhoods Initiative Rodger Brown, Managing Director of

Whittier Street Apartments Choice Neighborhoods Initiative Rodger Brown, Managing Director of

Whittier Street Apartments Choice Neighborhoods Initiative Rodger Brown, Managing Director of Real Estate Development, Preservation of Affordable Housing (POAH) NH&RA Annual Meeting Whittier Street Apartments The Redevelopment 200 unit

222 views • 10 slides
GEOM SCHED: A Framework for Disk Scheduling within GEOM Luigi Rizzo and Fabio Checconi May 8,

GEOM SCHED: A Framework for Disk Scheduling within GEOM Luigi Rizzo and Fabio Checconi May 8,

GEOM SCHED: A Framework for Disk Scheduling within GEOM Luigi Rizzo and Fabio Checconi May 8, 2009 GEOM SCHED A framework for disk scheduling within GEOM Luigi Rizzo Dipartimento di Ingegneria dellInformazione via Diotisalvi 2, Pisa,

521 views • 40 slides
Diffeomorphisms of discs Oscar Randal-Williams Smoothing theory M a topological d -manifold,

Diffeomorphisms of discs Oscar Randal-Williams Smoothing theory M a topological d -manifold,

Diffeomorphisms of discs Oscar Randal-Williams Smoothing theory M a topological d -manifold, maybe with smooth boundary M S m ( M ) = { space of smooth structures on M , fixed near M } (space interpreted liberally). 1 Smoothing

855 views • 73 slides
arm64e An ABI for Pointer Authentication LLVM Developers' Meeting John McCall October 22 nd , 2019

arm64e An ABI for Pointer Authentication LLVM Developers' Meeting John McCall October 22 nd , 2019

arm64e An ABI for Pointer Authentication LLVM Developers' Meeting John McCall October 22 nd , 2019 Ahmed Bougacha What is arm64e? arm64e is an ABI for pointer authentication on ARMv8.3 ARMv8.3 is an AArch64 extension provided by the Apple

1.26k views • 72 slides
t r s t

t r s t

t r s t rt r ss s ss ts r rst st

415 views • 18 slides
Density Estimation Optimizations for Global Illumination Rub en Garc a, Carlos Ure na,

Density Estimation Optimizations for Global Illumination Rub en Garc a, Carlos Ure na,

Introduction New optimizations Theoretical study Future Work Conclusion Density Estimation Optimizations for Global Illumination Rub en Garc a, Carlos Ure na, Jorge Revelles, Miguel Lastra, Rosana Montes Thursday, February 2,

383 views • 14 slides
Swiss-Cheese operad and Drinfeld center Najib Idrissi June 3rd, 2016 @ ETH Zrich Little disks

Swiss-Cheese operad and Drinfeld center Najib Idrissi June 3rd, 2016 @ ETH Zrich Little disks

Little disks and braids The Swiss-Cheese operad Chord diagrams Swiss-Cheese operad and Drinfeld center Najib Idrissi June 3rd, 2016 @ ETH Zrich Little disks and braids The Swiss-Cheese operad Chord diagrams Outline 1 Background: Little

620 views • 51 slides
Noncommutative Discriminants of Quantum Cluster Algebras Kurt Trampel Joint work with Bach

Noncommutative Discriminants of Quantum Cluster Algebras Kurt Trampel Joint work with Bach

Noncommutative Discriminants of Quantum Cluster Algebras Kurt Trampel Joint work with Bach Nguyen and Milen Yakimov Louisiana State University Maurice Auslander Distinguished Lectures and International Conference 2018 Kurt Trampel (LSU)

430 views • 32 slides

More recommend