Partitioning System Software for Hardware Enclaves Chia-Che Tsai - - PowerPoint PPT Presentation

Partitioning System Software for Hardware Enclaves

Chia-Che Tsai Texas A&M University / Graphene Project / Anjuna

Why Partition System Software?

Application Language Runtime Libraries Operating System Target of enclave protection IO Devices (less trustworthy)

Data Flow

(in both data & control planes)

• 1. Where is the partition boundary?
• 2. How to declassify data?

Attack Surface vs TCB?

Shim Layer

(SCONE)

Library OS / Unikernel

(Graphene, SGX-LKL) System API Redirection Layer

Large attack surface Small TCB

Untrusted Host OS System API

Guest OS

Hypervisor interface

Small attack surface Large TCB

Untrusted Host OS

Danger in A Partition Interface

Enclave Legacy Application Untrusted OS

getpid() gettimeofday()

Iago attacks [ASPLOS 2013]

Pervasive threats in libraries, runtimes, even hypervisor. Untrusted OS exploits semantic vulnerabilities misplaced in legacy applications Ex: Assuming PID and time are reliable source of entropy Integral to design of systems

Partition for A Secure Interface

Secure Boot

Start proc Start thread

Secure Clock

Monotonic time Date / clock

Secure IO

Files Sockets

Secure RPC

FIFOs

Secure Scheduling

Yield Poll Signal/wait

Potential DoS Secure Host Interface Secure VM

Stack Heap

Legacy System API (e.g., Linux System Calls)

Partition for A Secure Interface

Secure Boot

Start proc Start thread

Secure Clock

Monotonic time Date / clock

Secure IO

Files Sockets

Secure RPC

FIFOs

Secure Scheduling

Yield Poll Signal/wait

Potential DoS Secure Host Interface Secure VM

Stack Heap

Legacy System API (e.g., Linux System Calls) fork

Partition for A Secure Interface

Secure Boot

Start proc Start thread

Secure Clock

Monotonic time Date / clock

Secure IO

Files Sockets

Secure RPC

FIFOs

Secure Scheduling

Yield Poll Signal/wait

Potential DoS Secure Host Interface Secure VM

Stack Heap

Legacy System API (e.g., Linux System Calls) IPC

(Message Queue, Semaphore, Signals, File locks)

fork

Partition for A Secure Interface

Secure Boot

Start proc Start thread

Secure Clock

Monotonic time Date / clock

Secure IO

Files Sockets

Secure RPC

FIFOs

Secure Scheduling

Yield Poll Signal/wait

Potential DoS Secure Host Interface Secure VM

Stack Heap

Legacy System API (e.g., Linux System Calls) IPC

(Message Queue, Semaphore, Signals, File locks)

fork Async IO

Graphene Open-Source Project

h t t p s : / / g r a p h e n e p r o j e c t . i o /

I N V I SI BLE T HI N G S LA B

The Graphene Architecture

Graphene LibOS

Virtual File System

Proc FS

Remote Procedure Call

ELF loader

Socket Chroot

(Passthru)

FS Pipe Signal SYS V IPC Threading fork Migration Namespace Virtual Memory exec

140 / 318

system calls

(core features)

63 KLOC

Source code

1.4 MB

Library size

Graphene Host ABI (40 Calls)

With portable & secure semantics

SGX Port + Shield Non-Linux Platform Ports Container Port Not just for enclaves

Partition for Manage Languages

Java App Language Runtime Libraries Operating System Target Sensitive Execution

Ideally you want to isolate out a minimum partition

6.3 MLoC 2.3 MLoC 0.9 MLoC

Partitioning across system stack and components is difficult Example: Hadoop

Civet: Partitioned Java Software Stack

Joint work with Raluca Ada Popa, Jeongseok Son (Berkeley), Don Porter, Bhushan Jan (UNC)

Mapper Reducer Hadoop library (6.3 MLoC)

Partition Tool Trusted JAR

(Contains only needed classes)

Untrusted JAR

(Synthesized RPC interfaces) Mapper Reducer Interface classes

Enclave

Mapper Reducer

RPC RPC

Job Job Load & Verify

Partitioned JVM

Defense

Conclusion

System partitioning is a critical challenge:

OS-level: Graphene library OS

Emulating legacy system API on minimal secure abstractions

Runtime-level: Civet framework for Java

Static cross-stack partitioning + language defense & optimization

h t t p s : / / g r a p h e n e p r o j e c t . i o s u p p o r t @ g r a p h e n e - p r o j e c t . i o