formal verification of an open source secure enclave
play

Formal Verification of an Open-Source Secure Enclave Pranav - PowerPoint PPT Presentation

Oct 24, 2023 •331 likes •446 views

Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu Problem Definition Verifying hyperproperties about the Keystone Security monitor Secure Remote Execution (SRE) : a 2-safety hyperproperty

  1. Formal Verification of an Open-Source Secure Enclave Pranav Gaddamadugu pranavsaig@berkeley.edu

  2. Problem Definition ● Verifying hyperproperties about the Keystone Security monitor ● Secure Remote Execution (SRE) : a 2-safety hyperproperty that can be decomposed into guarantees on: ○ Integrity ○ Confidentiality ○ Measurement Previous models assume a fixed implementation of a TEE, our work ● allows for easy compositional verification of various hardware components and Keystone plugins

  3. Prior Work ● ‘A Formal Foundation for Secure Remote Execution of Enclaves’ ○ Subramanyan, Sinha, et al. at CCS ‘17 ● Introduces a model of a Trusted Abstract Platform (TAP) ● Defines three separate adversary models: M, MC, MCP ○ ● Proves SRE for Intel SGX and MIT Sanctum

  4. Proof Methodology ● Show that TAP guarantees SRE under the three adversary models ● Show that models of SGX and Sanctum are refinements of the TAP model under specific adversarial parameters

  5. Redesigning the Model for Modular Verification ● Translated TAP model from Boogie to UCLID5 ○ Toolkit for formal specification and verification of compositional systems ○ Suited for reasoning about the composition of Keystone and additional plugins ○ Future work on automatic invariant generation ● Extensions to UCLID5 ○ Support for modular procedure-level verification, additional features for easier programmability, modifications to proof techniques

  6. Extending the Model ● Extension of the adversary model to physical attackers ○ Enclave platforms also provide guarantees ‘physical attackers’ ○ We define a physical attackers as ‘an adversary with the capability to observe or tamper with any signal leaving the chip package’ ○ Involves the addition of an abstract memory encryption engine, as well as a semantic embedding of ciphertext and plaintext

  7. TAP Model Design

  8. Keystone Model and Augmentation

  9. Future Work ● Write the Abstract MEE model and augment proofs to show that TAP+MEE provides SRE under a physical adversary ○ Refinement proof (once Memory Encryption is added to Keystone) ● Exploring automatic invariant generation Implementing a native SyGuS solver in UCLID5 ○ ○ Generating invariants based off of TAP and Keystone model sketches

  10. Thank you! Any questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop

Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop

Bringing Memory-Safety to Keystone Enclave Mingshen Sun Baidu X-Lab Open-Source Enclaves Workshop (OSEW 2019) Berkeley, July 2019 https://mesatee.org Rust and Keystone Enclave Open-Source Enclave (RISC-V Hardware/Keystone Enclave) :

662 views • 32 slides
Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris

Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris

Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon University* 1 Secure Remote

356 views • 21 slides
Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov

Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov

Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,. . . SEC2, Lille, June 30 th , 2015 N. Kosmatov (CEA LIST) Formal Verification for secure Cloud

597 views • 37 slides
Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

29th March 2019 Open Source Hardware Verification A survey and suggestions for future work Ben Marshall University of Bristol Computer Science Department Open Source Hardware Verification Outline Open Source Hardware Verification 2019-03-07

189 views • 6 slides
Verifying enclave systems with Serval Luke Nelson w/ James Bornholt, Ronghui Gu, Andrew Baumann,

Verifying enclave systems with Serval Luke Nelson w/ James Bornholt, Ronghui Gu, Andrew Baumann,

Open Source Enclave Workshop July 2019 Berkeley, CA Verifying enclave systems with Serval Luke Nelson w/ James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, Xi Wang University of Washington, Columbia University, Microsoft Research 1

435 views • 14 slides
Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open Synthesis Suite) is an open source project aiming at creating a fully-featured HDL synthesis tool, and more. Lately a lot of features related to

302 views • 28 slides
Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

29th March 2019 Open Source Hardware Verification A survey and suggestions for future work Ben Marshall University of Bristol Computer Science Department Open Source Hardware Verification 29th March 2019 Outline Introduction & Motivation

958 views • 17 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Leading ticketing to open source A challenge for Calypso Calypso, an Open and Secure Contactless

Leading ticketing to open source A challenge for Calypso Calypso, an Open and Secure Contactless

Leading ticketing to open source A challenge for Calypso Calypso, an Open and Secure Contactless Ticketing Standard Calypso deployement 125 cities & regions 25 countries 150 million transportation smart cards 490 000 readers Challenges

287 views • 16 slides
End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About

End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About

End-to-end formal ISA verification of RISC-V processors with riscv-formal Clifford Wolf About RISC-V RISC-V is an Open Instruction Set Architecture (ISA) Can be freely used for any purpose Many implementations are available from

677 views • 22 slides
On the Formal Verification of Open Multi-agent Systems F. Belardinelli 1 1 Laboratoire IBISC

On the Formal Verification of Open Multi-agent Systems F. Belardinelli 1 1 Laboratoire IBISC

On the Formal Verification of Open Multi-agent Systems F. Belardinelli 1 1 Laboratoire IBISC Universit e dEvry joint work with D. Grossi and A. Lomuscio LAMAS SING 23 September 2015 1 Overview Background: 1 plenty of work on

627 views • 23 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across

About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across

About imec-DistriNet enclave research https://distrinet.cs.kuleuven.be/ Trusted computing across the system stack: hardware, compiler, OS, application Integrated attack-defense perspective and open-source prototypes SGX-Step framework Sancus

925 views • 75 slides
Secure Drupal Development Steven Van den Hout Steven Van den Hout

Secure Drupal Development Steven Van den Hout Steven Van den Hout

Secure Drupal Development Steven Van den Hout Steven Van den Hout @stevenvdhout http://dgo.to/@svdhout SECURE? 1 IS D DRUPAL AL S IS OPEN SOURCE SECURE? MANY EYES MAKE FOR SECURE CODE - Security by obscurity - Open

641 views • 51 slides
The Hidden Cost of Free Higher Ed Tuition Policy & Affordability Or Malatras is

The Hidden Cost of Free Higher Ed Tuition Policy & Affordability Or Malatras is

The Hidden Cost of Free Higher Ed Tuition Policy & Affordability Or Malatras is in for a long day. NY TAP Program Grants for income up to $100,000 $100,001-$125,000 $100,001-$125,000 $0-$50,000 $0-$50,000 $50,001-$100,000

548 views • 21 slides
Filtering Cubemaps Filtering Cubemaps Angular Extent Filtering and Edge Seam Fixup Methods

Filtering Cubemaps Filtering Cubemaps Angular Extent Filtering and Edge Seam Fixup Methods

Filtering Cubemaps Filtering Cubemaps Angular Extent Filtering and Edge Seam Fixup Methods Angular Extent Filtering and Edge Seam Fixup Methods John R. Isidoro 3D Application Research Group ATI Research Introduction Introduction Hardware

463 views • 25 slides
Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless

Lecture 1 Wireless Channel I-Hsiang Wang ihwang@ntu.edu.tw 2/20, 2014 Wireless channels vary at two scales Channel quality Time Large-scale fading: path loss, shadowing, etc. Small-scale fading:

629 views • 46 slides
A Hybrid Model of Adaptive Video Streaming Control Systems G. Cofano, Luca De Cicco , S. Mascolo

A Hybrid Model of Adaptive Video Streaming Control Systems G. Cofano, Luca De Cicco , S. Mascolo

A Hybrid Model of Adaptive Video Streaming Control Systems G. Cofano, Luca De Cicco , S. Mascolo Politecnico di Bari, Italy 55th IEEE Conference on Decision and Control - Las Vegas, USA 12-14 December 2016 Introduction Video will represent

569 views • 19 slides
Medium-Fi Prototyping CS 147 Fall 2019 James R, Victor C, Leenah F, Tingyu Z Our Team Leenah Al

Medium-Fi Prototyping CS 147 Fall 2019 James R, Victor C, Leenah F, Tingyu Z Our Team Leenah Al

Medium-Fi Prototyping CS 147 Fall 2019 James R, Victor C, Leenah F, Tingyu Z Our Team Leenah Al Falih Tingyu Zheng Jimmy Rabe Victor Chen Problem It is difficult to find nearby mental health resources

401 views • 19 slides
Tap n Ghost A Compilation of Novel Attack Techniques against Smartphone Touchscreens Seita

Tap n Ghost A Compilation of Novel Attack Techniques against Smartphone Touchscreens Seita

Tap n Ghost A Compilation of Novel Attack Techniques against Smartphone Touchscreens Seita Maruyama 1 , Satohiro Wakabayashi 1 , Tatsuya Mori 1, 2 1 Waseda University, Japan 2 RIKEN AIP, Japan Tap n Ghost An attack against smartphones

508 views • 30 slides
Data publication at PADC using TAP ObsTap for CTA, Gaia and EPN-TAP for Europlanet Pierre Le

Data publication at PADC using TAP ObsTap for CTA, Gaia and EPN-TAP for Europlanet Pierre Le

Data publication at PADC using TAP ObsTap for CTA, Gaia and EPN-TAP for Europlanet Pierre Le Sidaner on behalf of PADC 1 Why and How TAP ? - TAP was designed to publish data tables - TAP is for accessing tables inside relational

356 views • 16 slides
At the least, compute one Tap in a 2. Separate AGU from DALU for rich addressing modes Single

At the least, compute one Tap in a 2. Separate AGU from DALU for rich addressing modes Single

SCOPES 2003 Outline Tailoring Software Pipelining For 1. Low-power DSP 16000 and ZOLB Effective Exploitation Of Zero 2. Compiler Mission Overhead Loop Buffer 3. Conventional Approach 4. Alternatative approach 5. Intermediate

319 views • 6 slides

More recommend