system for intel sgx
play

System for Intel SGX Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq - PowerPoint PPT Presentation

Nov 27, 2023 •46 likes •1.06k views

Obliviate: A Data Oblivious File System for Intel SGX Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee 1 Clouds? The Ultimate Dream? User Clouds 2 Clouds? The Ultimate Dream? User Clouds 2 Clouds? The Ultimate

  1. Obliviate: memory charm against the OS ☺ Application Enclave Filesystem Enclave Obliviate T rusted Proxy ORAM Trees C A B D 2. Encrypted Disk Channel 12

  2. Obliviate: memory charm against the OS ☺ 3. Data Oblivious Application Enclave Filesystem Enclave Metadata Handling Obliviate T rusted Proxy ORAM Trees C A B D Disk 12

  3. Obliviate: memory charm against the OS ☺ Application Enclave Filesystem Enclave Obliviate 4. Asynchronous ORAM Operation T rusted Proxy ORAM Trees C A B D Disk 12

  4. Obliviate: memory charm against the OS ☺ Application Enclave Filesystem Enclave Obliviate T rusted Proxy ORAM Trees C A B D 5. Extended Disk Secure Region 12

  5. Decoupling file system support Application Enclaves Obliviate Disk 13

  6. Decoupling file system support Application Enclaves Obliviate Pass all FS syscalls using encrypted channel Disk 13

  7. Decoupling file system support Application Enclaves Obliviate Allow Obliviate to worry about securing file access Pass all FS syscalls using encrypted channel Disk 13

  8. Decoupling file system support Application Enclaves Obliviate Allow Obliviate to worry about securing file access Separation of functions facilitates development! Pass all FS syscalls using encrypted channel Disk 13

  9. Legacy application support Application 14

  10. Legacy application support Application Intercept FS syscalls and encrypt T rusted Proxy 14

  11. Legacy application support Application Intercept FS syscalls and encrypt T rusted Proxy Oblivate Exit-less message queue (SCONE [OSDI16], ELEOS [EuroSys17]) Disk 14

  12. Legacy application support Application Intercept FS syscalls and encrypt No changes from the app developer! T rusted Proxy Oblivate Exit-less message queue (SCONE [OSDI16], ELEOS [EuroSys17]) Disk 14

  13. Securing ORAM Obliviate Application Disk 15

  14. Securing ORAM Obliviate Need to store ORAM client Application metadata in enclave Position Map Stash Disk 15

  15. Securing ORAM Obliviate ORAM client Application Position Map Obliviate’s enclave is Stash not side-channel free Disk 15

  16. Securing ORAM Obliviate ORAM client Application Position Map Position Map Stash Disk 15

  17. Securing ORAM Obliviate ORAM client Application Position Map Position Map Load from index Stash Disk 15

  18. Securing ORAM Last-Level Cache Obliviate cache-set 0 cache-set 1 ORAM client Application cache-set 2 cache-set 3 Position Map Position Map Stash Page T able Access Frame # 0 0x1000 0 0x1001 0 0x1002 1 0 0x1003 0x1003 Disk 15

  19. Securing ORAM Last-Level Cache Obliviate Use Conditional Move cache-set 0 cache-set 1 (CMOV) ORAM client Application cache-set 2 cache-set 3 Position Map Position Map Stash Page T able Access Frame # 0 0x1000 0 0x1001 0 0x1002 1 0 0x1003 0x1003 Disk 15

  20. Securing ORAM Last-Level Cache Obliviate Use Conditional Move cache-set 0 cache-set 0 cache-set 1 cache-set 1 (CMOV) ORAM client Application cache-set 2 cache-set 2 cache-set 3 Position Map Position Map Stash Page T able Access Frame # 1 0 0x1000 0x1000 0 1 0x1001 0x1001 0 1 0x1002 0x1002 0 1 0x1003 0x1003 Disk 15

  21. Securing ORAM Last-Level Cache Obliviate Use Conditional Move cache-set 0 cache-set 0 cache-set 1 cache-set 1 (CMOV) ORAM client Application cache-set 2 cache-set 2 cache-set 3 Position Map Position Map Stash Page T able Access Frame # 0 1 0x1000 0x1000 0 1 0x1001 0x1001 1 0 0x1002 0x1002 1 0 0x1003 0x1003 The attacker cannot distinguish CMOV from MOV Disk 15

  22. Securing ORAM Last-Level Cache Obliviate Use Conditional Move cache-set 0 cache-set 0 cache-set 1 cache-set 1 (CMOV) ORAM client Application cache-set 2 cache-set 2 Side-channel resistant ORAM implementation! cache-set 3 Position Map Position Map Stash Page T able Access Frame # 0 1 0x1000 0x1000 1 0 0x1001 0x1001 1 0 0x1002 0x1002 0 1 0x1003 0x1003 The attacker cannot distinguish CMOV from MOV Disk 15

  23. Extending Enclave Memory Obliviate Disk 16

  24. Extending Enclave Memory Large enclaves degrade Obliviate performance Program EPC Physical Memory Disk 16

  25. Extending Enclave Memory Large enclaves degrade Obliviate performance ORAM Client Program Position Map Metadata ( small ) inside enclave EPC Stash Physical Memory ORAM Trees ( large ) outside enclave Encrypted ORAM Trees C A B D Disk 16

  26. Extending Enclave Memory Large enclaves degrade Obliviate performance ORAM Client Program Position Map Metadata ( small ) inside enclave EPC Encrypted ORAM trees outside enclave! Stash Physical Memory ORAM Trees ( large ) outside enclave Encrypted ORAM Trees C A B D Disk 16

  27. Leveraging asynchronicity Obliviate Application Communication Thread Operation Thread Encrypted ORAM Trees C A B D Disk 17

  28. Leveraging asynchronicity Obliviate Application Communication Thread (a) read(1, 0x18289, 4096) Operation Thread Encrypted ORAM Trees C A B D Disk 17

  29. Leveraging asynchronicity Obliviate Application Communication Thread (a) read(1, 0x18289, 4096) Operation Thread (b) Read(A) Encrypted ORAM Trees C A B D Disk 17

  30. Leveraging asynchronicity Obliviate Application Communication Thread (a) read(1, 0x18289, 4096) Operation Thread (c) Reply to the request (c) Write-back(A) (b) Read(A) Encrypted ORAM Trees C A B D Disk 17

  31. Leveraging asynchronicity Obliviate Application Communication Thread (a) read(1, 0x18289, 4096) Perform Asynchronous ORAM write-back! Operation Thread (c) Reply to the request (c) Write-back(A) (b) Read(A) Encrypted ORAM Trees C A B D Disk 17

  32. Implementation 1. Obliviate runs using Intel SGX SDK Library 2. Graphene-SGX integration to run “heavyweight” applications, e.g., SQLite and Lighttpd 18

  33. Performance Evaluation Evaluated filesystems: 1. Native Filesystem (Non-SGX) 2. In-memory Filesystem (SGX, based on Graphene-SGX) 3. Obliviate (SGX, based on Intel SGX SDK) 19

  34. Iozone Benchmarks 10000000 10000000 1000000 1000000 100000 100000 10000 10000 1000 1000 100 100 10 10 1 1 2M 128M 512M 1G 2M 128M 512M 1G Native FS In-memory FS Obliviate Native FS In-memory FS Obliviate a) Sequential Reads (Bytes/sec) b) Sequential Writes (Bytes/sec) 20

  35. Iozone Benchmarks 2-3x overhead over the in-memory FS 10000000 10000000 1000000 1000000 100000 100000 10000 10000 1000 1000 100 100 10 10 1 1 2M 128M 512M 1G 2M 128M 512M 1G Native FS In-memory FS Obliviate Native FS In-memory FS Obliviate a) Sequential Reads (Bytes/sec) b) Sequential Writes (Bytes/sec) 20

  36. Iozone Benchmarks In-memory FS exerts a 2-3x overhead over lot of pressure on EPC the in-memory FS 10000000 10000000 1000000 1000000 100000 100000 10000 10000 1000 1000 100 100 10 10 1 1 2M 128M 512M 1G 2M 128M 512M 1G Native FS In-memory FS Obliviate Native FS In-memory FS Obliviate a) Sequential Reads (Bytes/sec) b) Sequential Writes (Bytes/sec) 20

  37. Comparable performance Iozone Benchmarks for smaller file sizes In-memory FS exerts a 2-3x overhead over lot of pressure on EPC the in-memory FS 10000000 10000000 1000000 1000000 100000 100000 10000 10000 1000 1000 100 100 10 10 1 1 2M 128M 512M 1G 2M 128M 512M 1G Native FS In-memory FS Obliviate Native FS In-memory FS Obliviate a) Sequential Reads (Bytes/sec) b) Sequential Writes (Bytes/sec) 20

  38. Macro-Benchmarks 2500 10000 2000 1500 1000 1000 500 0 100 INSERT SELECT 1K 16K 128K 1M In-memory FS Obliviate In-memory FS Obliviate a) SQLite Response Times (milli-sec) b) Lighttpd Throughput (Req/s) 21

  39. Macro-Benchmarks ~2x overhead over in-memory FS 2500 10000 2000 1500 1000 1000 500 0 100 INSERT SELECT 1K 16K 128K 1M In-memory FS Obliviate In-memory FS Obliviate a) SQLite Response Times (milli-sec) b) Lighttpd Throughput (Req/s) 21

  40. Conclusion 22

  41. Conclusion 1. All existing SGX filesystems are vulnerable to side-channels 22

  42. Conclusion 1. All existing SGX filesystems are vulnerable to side-channels 2. File system operations can leak sensitive information about program execution. 22

  43. Conclusion 1. All existing SGX filesystems are vulnerable to side-channels 2. File system operations can leak sensitive information about program execution. 3. Obliviate provides theoretically-strong defense against side- channels. 22

  44. Conclusion 1. All existing SGX filesystems are vulnerable to side-channels 2. File system operations can leak sensitive information about program execution. 3. Obliviate provides theoretically-strong defense against side- channels. Opensource: https://github.com/adilahmad17/Obliviate Contact: ahmad37@purdue.edu 22

  45. Thanks! Merci! Shukriya! 23

  46. Extra Slides 24

  47. Securing file system 25

  48. Securing file system c a b d 25

  49. Securing file system Single ORAM Tree protects file offset c a b d 25

  50. Securing file system Single ORAM Tree protects file offset c a b d c c Hierarchical a b d a b d ORAM Trees can protect files c c c c a b d a b d a a b d b d 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Challenging the Intel Xeon: ARM and OpenPower Now you really have to optimize Mighty Intel

Challenging the Intel Xeon: ARM and OpenPower Now you really have to optimize Mighty Intel

Challenging the Intel Xeon: ARM and OpenPower Now you really have to optimize Mighty Intel Intel had a 99.2 percent market share in server chips (IDC, 2015 Quoted on InfoWorld) We started experimenting with SoCs two

838 views • 47 slides
5G Cloud Native from RAN to Core Christian Maciocco, Intel Shilpa Talwar, Intel Saikrishna

5G Cloud Native from RAN to Core Christian Maciocco, Intel Shilpa Talwar, Intel Saikrishna

5G Cloud Native from RAN to Core Christian Maciocco, Intel Shilpa Talwar, Intel Saikrishna Edupuganti, Intel Muhammad (Asim) Jamshed, Intel 2020 Agenda Cloud Native Disaggregated Network Infrastructure Transition to 5G Near

639 views • 38 slides
Isolating Operating System Components with Intel SGX Lars Richter, Johannes Gtzfried, Tilo

Isolating Operating System Components with Intel SGX Lars Richter, Johannes Gtzfried, Tilo

SysTEX16 Trento, Italy Isolating Operating System Components with Intel SGX Lars Richter, Johannes Gtzfried, Tilo Mller Department of Computer Science FAU Erlangen-Nuremberg, Germany December 12, 2016 Motivation or Why are we here?

393 views • 17 slides
Validation Labs with OpenStack Shuquan Huang, Intel IT Engineering Computing Weibo: @

Validation Labs with OpenStack Shuquan Huang, Intel IT Engineering Computing Weibo: @

Intel IT OpenStack Practice Validation Labs with OpenStack Shuquan Huang, Intel IT Engineering Computing Weibo: @ Intel Information Technology Intel Confidential Do Not Forward Agenda About Me Intel IT with OpenStack

405 views • 39 slides
Due to Code Placement in IA Zia Ansari zia.ansari@intel.com Intel Corporation 11/03/16 Agenda

Due to Code Placement in IA Zia Ansari zia.ansari@intel.com Intel Corporation 11/03/16 Agenda

Causes of Performance Swings Due to Code Placement in IA Zia Ansari zia.ansari@intel.com Intel Corporation 11/03/16 Agenda The purpose of this presentation Intel Architecture FE 101 Lets look at some example So can we do

289 views • 24 slides
Seeding Random Number Generators Jesse Walker Intel Corpora:on

Seeding Random Number Generators Jesse Walker Intel Corpora:on

Seeding Random Number Generators Jesse Walker Intel Corpora:on Intel Labs Circuits and System Research Security Research Lab 1 Agenda The problem

513 views • 13 slides
intel.com/cloudforall Legal Disclaimer OpenStack is a registered trademark of the OpenStack

intel.com/cloudforall Legal Disclaimer OpenStack is a registered trademark of the OpenStack

intel.com/cloudforall Legal Disclaimer OpenStack is a registered trademark of the OpenStack Foundation in the United States, other countries or both. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other

325 views • 29 slides
SC19 briefing notes J. Simone Intel Ponte Vecchio GPU and OneAPI SW Promotional keynote at Intel

SC19 briefing notes J. Simone Intel Ponte Vecchio GPU and OneAPI SW Promotional keynote at Intel

SC19 briefing notes J. Simone Intel Ponte Vecchio GPU and OneAPI SW Promotional keynote at Intel sponsored HPC Developer Conference by Raja Koduri: senior VP, chief architect, and GM of Architecture, Graphics, and Software at Intel Corporation.

191 views • 6 slides
Intel 8086 Intel 8086 was launched in 1978. It was the first 16-bit microprocessor.

Intel 8086 Intel 8086 was launched in 1978. It was the first 16-bit microprocessor.

10/13/2010 Intel 8086 Intel 8086 was launched in 1978. It was the first 16-bit microprocessor. This microprocessor had major improvement over the execution speed of 8085. Gursharan Singh Tatla professorgstatla@gmail.com It is

268 views • 6 slides
UNECE ac activi vities on s on Intel elligent t tran ansport s system ems Content

UNECE ac activi vities on s on Intel elligent t tran ansport s system ems Content

UNECE ac activi vities on s on Intel elligent t tran ansport s system ems Content Short presentation of the institution WP.29s work so far on automated and connected vehicles New structure of WP.29 Content Short

559 views • 18 slides
Quantitative Evaluation of Intel PEBS Overhead for Online System-Noise Analysis June 27, 2017,

Quantitative Evaluation of Intel PEBS Overhead for Online System-Noise Analysis June 27, 2017,

Quantitative Evaluation of Intel PEBS Overhead for Online System-Noise Analysis June 27, 2017, ROSS @ Washington, DC Soramichi Akiyama, Takahiro Hirofuchi National Institute of Advanced Industrial Science and Technology (AIST), Japan {s.akiyama,

713 views • 18 slides
SVM on Intel Graphics Jesse Barnes Intel Open Source Technology Center 1 What is SVM?

SVM on Intel Graphics Jesse Barnes Intel Open Source Technology Center 1 What is SVM?

SVM on Intel Graphics Jesse Barnes Intel Open Source Technology Center 1 What is SVM? Discussion of current practices SVM OS and driver modifications Device options and implications 2 SVM defined Pointer sharing between CPU

389 views • 18 slides
Optimizing Codes For Intel Xeon Phi Brian Friesen NERSC 2017 July 26 Cori What is different

Optimizing Codes For Intel Xeon Phi Brian Friesen NERSC 2017 July 26 Cori What is different

Optimizing Codes For Intel Xeon Phi Brian Friesen NERSC 2017 July 26 Cori What is different about Cori? Cori is transitioning the NERSC workload to more energy efficient architectures Cray XC40 system with 9688 Intel Xeon Phi

744 views • 39 slides
Intels Corporate Water Strategy Varinder Malik Intel Corporation 1 1 Intel Manufacturing

Intels Corporate Water Strategy Varinder Malik Intel Corporation 1 1 Intel Manufacturing

Intels Corporate Water Strategy Varinder Malik Intel Corporation 1 1 Intel Manufacturing Sites Ireland Oregon Dalian Arizona Israel Massachusetts New Mexico Chengdu Vietnam Costa Rica Penang & Kulim Wafer Fab Assembly/Test

382 views • 8 slides
Partial functional correspondence Michael Bronstein University of Lugano Intel Corporation

Partial functional correspondence Michael Bronstein University of Lugano Intel Corporation

Partial functional correspondence Michael Bronstein University of Lugano Intel Corporation Lyon, 7 July 2016 1/59 Microsoft Kinect 2010 (Acquired by Intel in 2012) 4/59 Different form factor computers featuring Intel RealSense 3D camera

1.1k views • 107 slides
Competing in todays fabless eco -system Keynote @Semi/Gartner Market Symposium, July 7, 2014,

Competing in todays fabless eco -system Keynote @Semi/Gartner Market Symposium, July 7, 2014,

Intel Custom Foundry Competing in todays fabless eco -system Keynote @Semi/Gartner Market Symposium, July 7, 2014, San Francisco Sunit Rikhi Vice President, Technology & Manufacturing Group General Manager, Intel Custom Foundry AGENDA

611 views • 42 slides
Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www:

Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www:

Flash-based SSDs [ Material based on slides from Tyler Caraza-Harter ] www: https://tyler.caraza-harter.com Cost: HDD vs. SSD Source: http://www.tomshardware.com/news/ssd-hdd-solid-state-drive-hard-disk-drive-prices,14336.html Cost: HDD vs.

1.23k views • 119 slides
Goals for Today Learning Objective: Understand and evaluate disk scheduling algorithms

Goals for Today Learning Objective: Understand and evaluate disk scheduling algorithms

Goals for Today Learning Objective: Understand and evaluate disk scheduling algorithms Announcements, etc: Midterm scores and debrief this week (sorry!) MP2 extension: now due on March 25th (UTC-11) MP3 released March 27th

522 views • 23 slides
Memory forensics (well, thats what the title says) Wietse Venema wietse@porcupine.org IBM

Memory forensics (well, thats what the title says) Wietse Venema wietse@porcupine.org IBM

Memory forensics (well, thats what the title says) Wietse Venema wietse@porcupine.org IBM T.J.Watson Research, USA Global hard disk market (Millions of units, source: Dataquest) 250 200 150 Retired 100 Shipped 50 0 1997 1998 1999

423 views • 11 slides
Filesystem Disclaimer: some slides are adopted from book authors slides with permission 1

Filesystem Disclaimer: some slides are adopted from book authors slides with permission 1

Filesystem Disclaimer: some slides are adopted from book authors slides with permission 1 Recap Directory A special file contains (inode, filename) mappings Caching Directory cache Accelerate to find inode of a given

498 views • 28 slides
Log-structured Merge Tree (LSM) 1 Big Data Indexing We covered the two-layered global/local

Log-structured Merge Tree (LSM) 1 Big Data Indexing We covered the two-layered global/local

Log-structured Merge Tree (LSM) 1 Big Data Indexing We covered the two-layered global/local indexing scheme Ideal for static data Question: How to update these indexes? HDFS limitation: Random updates are not allowed Nave approach:

208 views • 7 slides
Comp115: Databases The Storage Layer Instructor: Manos Athanassoulis Comp115

Comp115: Databases The Storage Layer Instructor: Manos Athanassoulis Comp115

Comp115 [Spring 2017] - http://www.cs.tufts.edu/comp/115/ - Manos Athanassoulis Comp115: Databases The Storage Layer Instructor: Manos Athanassoulis Comp115 [Spring 2017] -

895 views • 60 slides
Push-Button Verification of File Systems via Crash Refinement Helgi Sigurbjarnarson , James

Push-Button Verification of File Systems via Crash Refinement Helgi Sigurbjarnarson , James

Push-Button Verification of File Systems via Crash Refinement Helgi Sigurbjarnarson , James Bornholt, Emina Torlak, Xi Wang University of Washington 1 / 24 File systems are hard to get right Complex hierarchical on-disk data structures

799 views • 43 slides
File Systems: Disk Organization File Systems: Disk Organization CS 105 Tour of the Black

File Systems: Disk Organization File Systems: Disk Organization CS 105 Tour of the Black

File Systems: Disk Organization File Systems: Disk Organization CS 105 Tour of the Black Holes of Computing A disk is a sequence of 4096-byte sectors or blocks Can only read or write in

310 views • 6 slides

More recommend