preliminary study of trusted execution environments on
play

Preliminary Study of Trusted Execution Environments on Heterogeneous - PowerPoint PPT Presentation

Mar 28, 2024 •196 likes •607 views

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning, Jinghui Liao, Fengwei Zhang, Weisong Shi COMPASS Lab Wayne State University October 27, 2018 1 Outline Introduction Trusted Execution

  1. Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning, Jinghui Liao, Fengwei Zhang, Weisong Shi COMPASS Lab Wayne State University October 27, 2018 1

  2. Outline ◮ Introduction ◮ Trusted Execution Environment (TEE) ◮ Intel Software Guard eXtension (SGX) ◮ ARM TrustZone Technology ◮ AMD Secure Encrypted Virtualization Technology ◮ Edge Computing with TEE ◮ Conclusion and Future Work 2

  3. Outline ◮ Introduction ◮ Trusted Execution Environment (TEE) ◮ Intel Software Guard eXtension (SGX) ◮ ARM TrustZone Technology ◮ AMD Secure Encrypted Virtualization Technology ◮ Edge Computing with TEE ◮ Conclusion and Future Work 3

  4. Edge Computing Why moving to Edge from Cloud? 4

  5. Edge Computing Why moving to Edge from Cloud? ◮ Reduced network latency for time-sensitive tasks. E.g. Real-time monitoring for transportation [1] . 5

  6. Edge Computing Why moving to Edge from Cloud? ◮ Reduced network latency for time-sensitive tasks. E.g. Real-time monitoring for transportation [1] . ◮ Increased efficiency for performance-sensitive tasks. E.g. Video analytics for public safety [2] . 6

  7. Edge Computing Why moving to Edge from Cloud? ◮ Reduced network latency for time-sensitive tasks. E.g. Real-time monitoring for transportation [1] . ◮ Increased efficiency for performance-sensitive tasks. E.g. Video analytics for public safety [2] . ◮ Increased privacy for sensitive data. E.g. Data of home security cameras [3] . 7

  8. Edge Computing What about the security? 8

  9. Edge Computing What about the security? ◮ Close to end-user ⇒ Close to manipulation ◮ Distributed deployment ⇒ Lacking centralized protection 9

  10. Edge Computing Solution? 10

  11. Outline ◮ Introduction ◮ Trusted Execution Environment (TEE) ◮ Intel Software Guard eXtension (SGX) ◮ ARM TrustZone Technology ◮ AMD Secure Encrypted Virtualization Technology ◮ Edge Computing with TEE ◮ Conclusion and Future Work 11

  12. Edge Computing Trusted Execution Environment (TEE) ◮ An isolated execution environment that remains secure even when the system software is compromised. ◮ Using hardware-assisted protection to guarantee the security. ◮ Different hardware vendors use different protection mechanisms. 12

  13. Intel Software Guard eXtension (SGX) Intel Software Guard eXtension (SGX) is proposed via three research papers in 2013 [4, 5, 6]. ◮ The user-level application creates an enclave to act as a TEE. ◮ The memory inside an enclave is encrypted by a hardware memory encryption engine. ◮ Memory access from the outside to the enclave is prohibited. 13

  14. Intel Software Guard eXtension (SGX) Securing Application in Untrusted OS Untrusted Components 14

  15. Intel Software Guard eXtension (SGX) Securing Application in Untrusted OS Untrusted Components Create an Enclave Trusted Components (Enclave) 15

  16. Intel Software Guard eXtension (SGX) Securing Application in Untrusted OS Untrusted Components ECalls Trusted Components (Enclave) 16

  17. Intel Software Guard eXtension (SGX) Securing Application in Untrusted OS Untrusted Components ECalls OCalls Trusted Components (Enclave) 17

  18. ARM TrustZone Technology ARM proposed the TrustZone Technology [7] since ARMv6 around 2002. ◮ The CPU has secure and non-secure states. ◮ The RAM is partitioned to secure and non-secure regions. ◮ The interrupts are assigned into the secure or non-secure group. ◮ Hardware peripherals can be configured as secure access only. 18

  19. ARM TrustZone Technology Non-Secure Mode Secure Mode Non-Secure Secure EL0 EL0 Non-Secure Secure EL1 EL1 Exception Return Trigger EL3 Secure Exception EL3 19

  20. AMD Secure Encrypted Virtualization Technology AMD Secure Encrypted Virtualization (SEV) [8, 9] Technology is released with AMD Secure Memory Encryption (SME) in 2016. ◮ Protecting the VM memory space from the hypervisor. ◮ Based on AMD Memory Encryption Technology and AMD Secure Processor. ◮ Memory Encryption: An AES 128 encryption engine inside the SoC. ◮ Secure Processor: A 32-bit ARM Cortex-A5 with TrustZone technology. ◮ Modification to the application is NOT required. 20

  21. AMD Secure Encrypted Virtualization Technology Traditional Model AMD SEV Model Hypervisor Hypervisor Guest OS Guest OS 21

  22. Outline ◮ Introduction ◮ Trusted Execution Environment (TEE) ◮ Intel Software Guard eXtension (SGX) ◮ ARM TrustZone Technology ◮ AMD Secure Encrypted Virtualization Technology ◮ Edge Computing with TEE ◮ Conclusion and Future Work 22

  23. Securing the Edge Computing How to secure the Edge nodes? 23

  24. Securing the Edge Computing How to secure the Edge nodes? ◮ Secure the data and computation ⇒ Using existing TEEs ◮ Accommodate to heterogeneous Edge nodes ⇒ Adopting heterogeneous TEEs on different platforms 24

  25. Securing the Edge Computing Performance Concerns ◮ The switch between the trusted and untrusted components should be efficient. ◮ The computing power inside the trusted component should be high. ◮ Introducing the trusted component should not affect the performance of the untrusted components. 25

  26. Edge Computing with Intel SGX ◮ Testbed Specification ◮ Intel Fog Node, which is designed specifically for Fog Computing. ◮ Hardware: An octa-core Intel Xeon E3-1275 processor. ◮ Software: Tianocore BIOS and 64-bit Ubuntu 16.04. 26

  27. Edge Computing with Intel SGX Experiment Setup ◮ Context Switch: Use RDTSC instruction to record the time consumption of a pair of ECall and OCall with different parameter sizes. ◮ Secure Computation: Calculate MD5 of a pre-generated random string with 1024 characters inside the enclave, and record the time consumption. ◮ Overall Performance: Trigger a secure computation every one second, and use GeekBench [10] to measure the performance score. 27

  28. Edge Computing with Intel SGX Table: Context Switching Time of Intel SGX on the Fog Node ( µ s). Buffer Size Mean STD 95% CI 0 KB 2.039 0.066 [2.035, 2.044] 1 KB 2.109 0.032 [2.107, 2.111] 4 KB 2.251 0.059 [2.247, 2.254] 8 KB 2.362 0.055 [2.359, 2.366] 16 KB 2.714 0.036 [2.712, 2.716] 28

  29. Edge Computing with Intel SGX Table: Time Consumption of MD5 ( µ s). CPU Mode Mean STD 95% CI Normal 4.734 0.095 [4.728, 4.740] Enclave 6.737 0.081 [6.732, 6.742] Table: Performance Score by GeekBench. Sensitive Mean STD 95% CI Computation No 4327.33 17.124 [4323.974, 4330.686] Yes 4306.46 14.850 [4303.550, 4309.371] 29

  30. Edge Computing with ARM TrustZone ◮ Testbed Specification ◮ ARM Juno v1 development board, which represents ARM’s official design purpose. ◮ Hardware: A dual-core 800 MHZ Cortex-A57 cluster and a quad-core 700 MHZ Cortex-A53 cluster. ◮ Software: ARM Trusted Firmware (ATF) [11] v1.1 and Android 5.1.1. 30

  31. Edge Computing with ARM TrustZone Experiment Setup ◮ Context Switch: Use Performance Monitor Unit (PMU) to record the time consumption of the context switch caused by SMC instruction. ◮ Secure Computation: Calculate MD5 of a pre-generated random string with 1024 characters in secure mode, and record the time consumption. ◮ Overall Performance: Trigger a secure computation every one second, and use GeekBench to measure the performance score. 31

  32. Edge Computing with ARM TrustZone Table: Context Switching Time of ARM TrustZone ( µ s). Step Mean STD 95% CI Non-secure to Secure 0.135 0.001 [0.135, 0.135] Secure to Non-secure 0.082 0.003 [0.082, 0.083] Overall 0.218 0.005 [0.218, 0.219] Table: Time Consumption of MD5 ( µ s). CPU Mode Mean STD 95% CI Non-secure 8.229 0.231 [8.215, 8.244] Secure 9.670 0.171 [9.660, 9.681] Table: Performance Score by GeekBench. Sensitive Computation Mean STD 95% CI No 984.70 1.878 [984.332, 985.068] Yes 983.44 3.273 [982.799, 984.082] 32

  33. Edge Computing with AMD SEV ◮ Testbed Specification ◮ A customized machine with AMD EPYC-7251 CPU. ◮ Hardware: 8 physical cores and 16 logic threads. ◮ Software: Ubuntu 16.04.5 with SEV-enabled Linux kernel 4.15.10 and KVM 2.5.0. 33

  34. Edge Computing with AMD SEV Experiment Setup ◮ Context Switch: Use RDTSC instruction to record the time consumption of the context switch caused by VMMCALL instruction. ◮ Secure Computation: Calculate MD5 of a pre-generated random string with 1024 characters inside the guest, and record the time consumption. ◮ Overall Performance: Trigger a secure computation every one second, and use GeekBench to measure the performance score. 34

  35. Edge Computing with AMD SEV ◮ Context switch in AMD SEV takes about 3.09 µ s. Table: Time Consumption of MD5 ( µ s). CPU Mode Mean STD 95% CI Guest OS 3.66 0.126 [3.602, 3.720] Host OS 0.70 0.005 [0.697, 0.702] Table: Performance Score by GeekBench. Sensitive Mean STD 95% CI Computation No 3425.05 41.016 [3417.011, 3433.089] Yes 3283.15 32.772 [3276.727, 3289.573] 35

  36. Edge Computing with TEE ◮ The context switch in all tested TEEs is efficient. ◮ The computing power in the TEEs provided by ARM TrustZone is lower than that out of the TEEs. ◮ The overall performance overhead of involving Intel SGX, ARM TrustZone, and AMD SEV in Edge Computing is 0 . 48%, 0 . 13%, and 4 . 14%, respectively. 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc. rijswijk@cs.ru.nl

299 views • 14 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from

Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from

Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from Intel; CDACH; ARM 1 Previously in SSE We looked at techniques to run an untrusted code safely System Run Program Here If misbehaves Kill it

976 views • 50 slides
DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun OVERVIEW 1. Introduction 2. Motivations and Problem Statement 3. DelagaTEE 4. Security Analysis 5.

946 views • 46 slides
Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia

1.1k views • 51 slides
DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and Moritz Schneider, ETH Zurich ; Andrew Miller, UIUC ; Ari Juels, Cornell Tech ; Srdjan Capkun, ETH Zurich CSC 6991 Presented by: Shikha Sikligar

596 views • 18 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel McCallum Sr. Principal Engineer Trusted Execution Environments Trusted Execution Environments Host TEE TEE is a protected area within the host,

1.05k views • 22 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating scenarios 1. Outsourced ML Data

781 views • 21 slides
& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

& Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) & Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

Institute of Operating Systems and Computer Networks EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rsch, 1 Manuel Nieke, 1 Sbastien Vaucher, 2 Nico Weichbrodt, 1

630 views • 46 slides
Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Mller Friedrich-Alexander-University Erlangen-Nrnberg, Germany Motivation TEEs are the backbone

696 views • 35 slides
Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel Busch , Kalle Dirsch 2020-02-23 Friedrich-Alexander-University Erlangen-Nrnberg, Germany BAR20 BAR20 Motivation How secure are

352 views • 16 slides
! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

599 views • 30 slides
System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G

599 views • 49 slides
Linear-Complexity Data-Parallel Earth Movers Distance Approximations Kubilay Atasu, Thomas

Linear-Complexity Data-Parallel Earth Movers Distance Approximations Kubilay Atasu, Thomas

Linear-Complexity Data-Parallel Earth Movers Distance Approximations Kubilay Atasu, Thomas Mittelholzer Earth/Word Movers Distance: Discrete Wasserstein Distance The Queen to tour Canada Royal visit to Halifax Canada Halifax

96 views • 5 slides
CSCI-UA.0380-001 Programming Challenges Sean McIntyre Class 10: Graphs II Maximum Flow

CSCI-UA.0380-001 Programming Challenges Sean McIntyre Class 10: Graphs II Maximum Flow

CSCI-UA.0380-001 Programming Challenges Sean McIntyre Class 10: Graphs II Maximum Flow Given a network graph Connected, weighted, directed Edges act as pipes Weight is the capacity of the pipe Vertices act as splitting

580 views • 38 slides
Online optimization of max stretch on clusters Erik Saule , Doruk Bozdag, Umit Catalyurek

Online optimization of max stretch on clusters Erik Saule , Doruk Bozdag, Umit Catalyurek

Online optimization of max stretch on clusters Erik Saule , Doruk Bozdag, Umit Catalyurek Department of Biomedical Informatics, The Ohio State University { esaule,bozdagd,umit } @bmi.osu.edu Scheduling in Aussois 2010 Supported by the U.S. DOE,

811 views • 42 slides
Quantifying shape using the medial axis Erin Wolf Chambers Saint Louis University Based on

Quantifying shape using the medial axis Erin Wolf Chambers Saint Louis University Based on

Quantifying shape using the medial axis Erin Wolf Chambers Saint Louis University Based on collaborations with Tao Ju, David Letscher, and Chris Topp Work supported by NSF grants IIS-1319573 and DBI-1759807 The medial axis The medial

967 views • 67 slides
From Reflexes to In-Network Processing Enabling Ultra-low Latency and High Reliability for

From Reflexes to In-Network Processing Enabling Ultra-low Latency and High Reliability for

From Reflexes to In-Network Processing Enabling Ultra-low Latency and High Reliability for Cyber-physical Networking Klaus Wehrle, joint work by the COMSYS team http://comsys.rwth-aachen.de NIPAA@ICNP, 13.10.2020 Motivation Cyber-physical

597 views • 21 slides
CSE 373: Analysis of Algorithms Topic: Randomized Min-Cut Nov 03, 2003 Lecturer: Piyush Kumar

CSE 373: Analysis of Algorithms Topic: Randomized Min-Cut Nov 03, 2003 Lecturer: Piyush Kumar

CSE 373: Analysis of Algorithms Topic: Randomized Min-Cut Nov 03, 2003 Lecturer: Piyush Kumar Scribed by: Piyush Kumar Please Help us improve this draft. If you read these notes and find any errors or have an idea to improve it, please send

172 views • 5 slides
Speech Act Modeling of Wri3en Asynchronous Conversa:ons with

Speech Act Modeling of Wri3en Asynchronous Conversa:ons with

Speech Act Modeling of Wri3en Asynchronous Conversa:ons with Task- Specific Embeddings and Condi:onal Structured Models Shafiq Joty and Enamul Hoque Arabic

418 views • 28 slides
QUICK LESSONS A study was made of >50 Measured Moves comparing them to when the 5d EMA

QUICK LESSONS A study was made of >50 Measured Moves comparing them to when the 5d EMA

QUICK LESSONS A study was made of >50 Measured Moves comparing them to when the 5d EMA crosses the 8d EMA. The results are eye opening! 50% of the time the 5d EMA crosses the 8d EMA about the same time as a Measured Move the other 50%

272 views • 5 slides

More recommend