practical implications of intel sgx with graphene
play

Practical implications of Intel SGX with Graphene July 4th, 2019 - PowerPoint PPT Presentation

Dec 11, 2023 •46 likes •266 views

Practical implications of Intel SGX with Graphene July 4th, 2019 Derk Barten Robin Klusman Software Guard Untrusted system Trusted enclave Extensions Attestation (SGX) Encrypted & isolated memory Integrity,

  1. Practical implications of Intel SGX with Graphene July 4th, 2019 Derk Barten Robin Klusman

  2. Software Guard ● Untrusted system Trusted enclave ● Extensions Attestation ● (SGX) ● Encrypted & isolated memory ● Integrity, confidentiality, isolation 2

  3. Graphene-SGX ● Library OS Standard C library ● Unmodified applications ● ● Multi-process support ● Dynamic shared libraries Manifest ● 3

  4. Related work ● SGX DRM, Anti-cheat ○ Use-cases Compilers ○ ○ TLS termination ○ Databases System logs ○ Middleboxes ○ ● Graphene ○ No modifications required Reduced development effort ○ Facilitate SGX research ○ 4

  5. Related work ● Cache side channel attacks Foreshadow ○ Existing attacks SgxPectre ○ on SGX ○ BranchScope ○ CacheZoom Asyncshock ● Controlled channel ● 5

  6. What are the practical implications of running arbitrary applications in Intel SGX using Graphene-SGX? Research Question 6

  7. Security implications

  8. Misaligned ● Intel SGX Operating system = untrusted ○ threat model ● Most applications ○ Operating system = trusted 8

  9. Arbitrary applications are often not designed to guard against a malicious operating system. 9

  10. Iago attacks ● Attacks by malicious kernel System calls ● ● Mitigation ○ Verification 10

  11. Date / time ● gettimeofday() Reliant on OS supplied vDSO ● manipulation Not verified by Graphene ● ● Implications Transaction order ○ Kerberos ○ ○ 2FA token validity ○ Rate limiting 11

  12. Date / time manipulation demo 12

  13. Environment ● Arbitrary environment vars Not present in manifest ● variable Not checked by Graphene ● manipulation ● Easily overlooked Implications ● Influence execution ○ ○ GCC Epoch 13

  14. Framework maturity

  15. Running ● OS version support Framework bugs ● applications Disk writes ● in Graphene ● Non trivial to port complex applications 15

  16. Discussion & conclusions

  17. Discussion ● Security may be compromised Can be mitigated ● Graphene as research project ● ● Not ready for production 17

  18. Developers should take care when running arbitrary applications in SGX using Graphene, as there may be non-trivial security implications and framework bugs. Conclusion 18

  19. Future work ● Explore additional system calls Environment variable dependent ● applications ● Investigate SCONE/Panoply 19

  20. Sources Victor Costan and Srinivas Devadas. “Intel SGX Explained.” Nico Weichbrodt et al. “AsyncShock: Exploiting ● ● In: IACR Cryptology ePrint Archive 2016.086 (2016), pp. synchronisation bugs in Intel SGX enclaves”. In: European 1–118. Symposium on Research in Computer Security. Springer. Chia-Che Tsai, Donald E Porter, and Mona Vij. 2016, pp. 440–457. ● “Graphene-SGX: A Practical Library {OS} for Unmodified Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. ● Applications on {SGX}”. In: 2017 {USENIX} Annual “Cachezoom: How SGX amplifies the power of cache Technical Conference ({USENIX} {ATC} 17). 2017, pp. attacks”. In: International Conference on Cryptographic 645–658. Hardware and Embedded Systems. Springer. 2017, pp. Stephen Checkoway and Hovav Shacham. “Iago attacks: 69–90. ● Why the system call api is a bad untrusted rpc interface”. Yuanzhong Xu, Weidong Cui, and Marcus Peinado. ● In: ASPLOS. Vol. 13. 2013, pp. 253–264. “Controlled-channel attacks: Deterministic side channels Ofir Weisse et al. Foreshadow-NG: Breaking the virtual for untrusted operating systems”. In: 2015 IEEE ● memory abstraction with transient out-of-order execution. Symposium on Security and Privacy. IEEE. 2015, pp. Tech. rep. Technical report, 2018. 640–656. Guoxing Chen et al. “Sgxpectre attacks: Stealing intel Dmitry Evtyushkin et al. “BranchScope: A new side-channel ● ● secrets from sgx enclaves via speculative execution”. In: attack on directional branch predictor”. In: ACM SIGPLAN arXiv preprint arXiv:1802.09085 (2018). Notices. Vol. 53. 2. ACM. 2018, pp. 693–707. 20

  21. Software ● Attestation data Attestation key ● Attestation Attestation signature ● 21

  22. Software ● MRENCLAVE - Enclave Identity MRSIGNER - Sealing Authority ● Attestation Public key hash SGX ● Attestation Key in μcode Source: Intel documentation 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum transport in graphene L1 Disordered graphene (G) graphene 101 QHE in G and quantum

Quantum transport in graphene L1 Disordered graphene (G) graphene 101 QHE in G and quantum

Quantum transport in graphene L1 Disordered graphene (G) graphene 101 QHE in G and quantum resistance standard weak localisation regimes in graphene L2 Ballistic electrons in graphene L3 Moir superlattice effects in G/hBN

661 views • 50 slides
Quantum transport in graphene L1 Disordered graphene (G) L2 Ballistic electrons in graphene

Quantum transport in graphene L1 Disordered graphene (G) L2 Ballistic electrons in graphene

Quantum transport in graphene L1 Disordered graphene (G) L2 Ballistic electrons in graphene (G/hBN) making graphene ballistic PN junctions and Veselago lens in graphene Andreev reflection in ballistic SGS devices Lifshitz transition and QHE

4.14k views • 49 slides
03. Graphene 05. About AGP 13. About HSMG 20. Collaboration and contact 02 What is graphene

03. Graphene 05. About AGP 13. About HSMG 20. Collaboration and contact 02 What is graphene

HSMG TM There is only one true graphene www.advancedgrapheneproducts.com 03. Graphene 05. About AGP 13. About HSMG 20. Collaboration and contact 02 What is graphene Graphene is a flat structure built with atoms of carbon connected

562 views • 20 slides
Quantum transport in graphene L1 Disordered graphene (G) L2 Ballistic electrons in graphene

Quantum transport in graphene L1 Disordered graphene (G) L2 Ballistic electrons in graphene

Quantum transport in graphene L1 Disordered graphene (G) L2 Ballistic electrons in graphene (G/hBN) L3 Moir superlattice effects in G/hBN heterostructures tunnelling between almost aligned graphene flakes moir superlattice in van der

786 views • 39 slides
Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is graphene? Graphene is a truly 2D system made of Carbon atoms arranged in an honeycomb hexagonal lattice Zero-gap semiconductor with a low-energy linear

268 views • 6 slides
Nano Graphene Platelets (NGPs), Graphene Nanocomposites, and Graphene-Enabled Energy Devices Bor

Nano Graphene Platelets (NGPs), Graphene Nanocomposites, and Graphene-Enabled Energy Devices Bor

Nano Graphene Platelets (NGPs), Graphene Nanocomposites, and Graphene-Enabled Energy Devices Bor Z. Jang Wright State University, College of Engineering Dayton, Ohio 45435 Bor.Jang@Wright.edu Aruna Zhamu, President and CTO Angstron Materials,

610 views • 58 slides
SVM on Intel Graphics Jesse Barnes Intel Open Source Technology Center 1 What is SVM?

SVM on Intel Graphics Jesse Barnes Intel Open Source Technology Center 1 What is SVM?

SVM on Intel Graphics Jesse Barnes Intel Open Source Technology Center 1 What is SVM? Discussion of current practices SVM OS and driver modifications Device options and implications 2 SVM defined Pointer sharing between CPU

389 views • 18 slides
New Applications for Graphene Electronics New Applications for Graphene Electronics Han Wang,

New Applications for Graphene Electronics New Applications for Graphene Electronics Han Wang,

New Applications for Graphene Electronics New Applications for Graphene Electronics Han Wang, Daniel Nezich, Jing Kong and Tomas Palacios Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology

421 views • 10 slides
Luttinger Liquid at the Edge of Liquid at the Edge of Luttinger a Graphene Graphene Vacuum

Luttinger Liquid at the Edge of Liquid at the Edge of Luttinger a Graphene Graphene Vacuum

Luttinger Liquid at the Edge of Liquid at the Edge of Luttinger a Graphene Graphene Vacuum Vacuum a H.A. Fertig, Indiana University Luis Brey, CSIC, Madrid I. Introduction: Graphene Edge States (Non-Interacting) II. Quantum Hall

738 views • 27 slides
A LOOK AT THE PRACTICAL IMPLICATIONS OF THE NEW JOBS ACT RULES ON PRIVATE OFFERINGS OF

A LOOK AT THE PRACTICAL IMPLICATIONS OF THE NEW JOBS ACT RULES ON PRIVATE OFFERINGS OF

A LOOK AT THE PRACTICAL IMPLICATIONS OF THE NEW JOBS ACT RULES ON PRIVATE OFFERINGS OF SECURITIES December 4, 2013 Materials Written By: Nicholas J. Bakatsias, JD, LL.M. Carruthers & Roth, P.A. P.O. Box 540 Greensboro, NC 27402

719 views • 60 slides
ELASTIC PROPERTIES OF GRAPHENE-GRAPHANE NANORIBBONS Olga E. Glukhova (graphene@yandex.ru), I.N.

ELASTIC PROPERTIES OF GRAPHENE-GRAPHANE NANORIBBONS Olga E. Glukhova (graphene@yandex.ru), I.N.

ELASTIC PROPERTIES OF GRAPHENE-GRAPHANE NANORIBBONS Olga E. Glukhova (graphene@yandex.ru), I.N. Saliy, A.S. Kolesnikova and M.M. Slepchenkov Saratov State University, Department of Physics 410012, Saratov, Russia 2 Graphene-nanoribbons We

574 views • 28 slides
Ania Servant Knowledge Exchange Fellow, National Graphene Institute GRAPHENE COMMERCIALISATION

Ania Servant Knowledge Exchange Fellow, National Graphene Institute GRAPHENE COMMERCIALISATION

Ania Servant Knowledge Exchange Fellow, National Graphene Institute GRAPHENE COMMERCIALISATION Beyond the sticky tape.. Graphene Superlatives thinnest imaginable material strongest material ever measured (theoretical limit)

572 views • 30 slides
Synthesized Graphene and it its use as Hydrogen Sensor and Photodetector Charmine Tay Graphene

Synthesized Graphene and it its use as Hydrogen Sensor and Photodetector Charmine Tay Graphene

Pla lasma Assisted Low Temperature Synthesized Graphene and it its use as Hydrogen Sensor and Photodetector Charmine Tay Graphene An allotrope of carbon Consist of a single layer of carbon atoms arranged in a hexagonal lattice

295 views • 26 slides
Ground state construction of Bilayer Graphene Ian Jauslin joint with Alessandro Giuliani arXiv:

Ground state construction of Bilayer Graphene Ian Jauslin joint with Alessandro Giuliani arXiv:

Ground state construction of Bilayer Graphene Ian Jauslin joint with Alessandro Giuliani arXiv: 1507.06024 http://ian.jauslin.org Monolayer graphene 2D crystal of carbon atoms on a honeycomb lattice. 1/ 13 Bilayer graphene 2 graphene

432 views • 14 slides
Delivering the Graphene Revolution to Industry November 2018 Timeline of Achievements April

Delivering the Graphene Revolution to Industry November 2018 Timeline of Achievements April

Delivering the Graphene Revolution to Industry November 2018 Timeline of Achievements April 2015 First graphene produced in test work at University of Adelaide Sept 2016 Graphene Cell pilot plant (5 tpa) commissioned, verifying the

420 views • 24 slides
Graphene, Index Theorem and Graphene, Index Theorem and Topological Degeneracy Topological

Graphene, Index Theorem and Graphene, Index Theorem and Topological Degeneracy Topological

Graphene, Index Theorem and Graphene, Index Theorem and Topological Degeneracy Topological Degeneracy JKP Michael Stone cond-mat/0607394 Dresden, 24 September 2006 Quantum Information, Physics and Topology Encoding and manipulating QI

324 views • 17 slides
Automatic Colorization Gustav Larsson TTI Chicago / University of Chicago Joint work with

Automatic Colorization Gustav Larsson TTI Chicago / University of Chicago Joint work with

Automatic Colorization Gustav Larsson TTI Chicago / University of Chicago Joint work with Michael Maire and Greg Shakhnarovich NVIDIA @ SIGGRAPH 2016 Colorization Let us first define colorization Colorization Definition 1: The inverse

693 views • 50 slides
Health Coverage Expansion Perspectives and Experiences from the Health Connector AUDREY MORSE

Health Coverage Expansion Perspectives and Experiences from the Health Connector AUDREY MORSE

Massachusettss State -Based Marketplace and Approach to Health Coverage Expansion Perspectives and Experiences from the Health Connector AUDREY MORSE GASTEIER Chief of Policy and Strategy Student Health Policy Forum Tuesday, January 7,

580 views • 29 slides
Presentation Schedule of Oct 2015 Internship - Financial Economics Dept of Student's 9.00-

Presentation Schedule of Oct 2015 Internship - Financial Economics Dept of Student's 9.00-

Presentation Schedule of Oct 2015 Internship - Financial Economics Dept of Student's 9.00- 9.20- 9.40- 10.00- 10.20- 10.40- 11.00- 11.20- 11.40- 12.00- 12.20- 12.40- 1.00- 1.20- 1.40- 2.00- 2.20- 2.40- 3.00- 3.20- 3.40- 4.00-

374 views • 9 slides
Funding for Crime Victim Services July 31, 2019 1 Welcome Goal: to provide an overview of

Funding for Crime Victim Services July 31, 2019 1 Welcome Goal: to provide an overview of

Funding for Crime Victim Services July 31, 2019 1 Welcome Goal: to provide an overview of a funding opportunity for tribal victim services programs and answer questions from potential applicants Presenters: Virginia Davis,

542 views • 43 slides
2014 ANNUAL GENERAL MEETING AGENDA Formal Business Introductions Call to Order

2014 ANNUAL GENERAL MEETING AGENDA Formal Business Introductions Call to Order

2014 ANNUAL GENERAL MEETING AGENDA Formal Business Introductions Call to Order Presentation of Financial Statements Fixing the Size of the Board Election of Directors Appointment of Auditors Management

990 views • 59 slides
Enhancing Business Integrity within the Private Sector Chiawen Kiew Office of the Chief

Enhancing Business Integrity within the Private Sector Chiawen Kiew Office of the Chief

Enhancing Business Integrity within the Private Sector Chiawen Kiew Office of the Chief Compliance Officer 24 May 2017 Looking Beyond Debarment Deterrence vs. Prevention Overall business climate Relative size and risk profile of

498 views • 8 slides
Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo,

Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo,

The 18 th International Conference on Electronic Business December 2-6, 2018, Guilin, China CERTIFICATE Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo, Anhui University, China Hong Guo, Anhui

1.04k views • 102 slides
of our vineyards Dolc: Chardonnay vineyard of Vignaunica Negrar: Valpolicella Classico

of our vineyards Dolc: Chardonnay vineyard of Vignaunica Negrar: Valpolicella Classico

Location of our vineyards Dolc: Chardonnay vineyard of Vignaunica Negrar: Valpolicella Classico Vineyards The Territory Bardolino: Bardolino Classico Vineyards Soave: Soave Classico Vineyards Guerrieri Rizzardi (Azienda

610 views • 25 slides

More recommend