trusted execution environments
play

Trusted Execution Environments Chester Rebeiro IIT Madras Some of - PowerPoint PPT Presentation

Jun 26, 2023 •454 likes •976 views

Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from Intel; CDACH; ARM 1 Previously in SSE We looked at techniques to run an untrusted code safely System Run Program Here If misbehaves Kill it

  1. Trusted Execution Environments Chester Rebeiro IIT Madras Some of the slides borrowed from Intel; CDACH; ARM 1

  2. Previously in SSE … • We looked at techniques to run an untrusted code safely System Run Program Here If misbehaves Kill it Confinement 2

  3. Today in SSE … We now look at how to run sensitive code in an untrusted environment • Besides other applications, the OS can also be untrusted. – Attackers can probe hardware – What to worry about: • Code / Data of the sensitive app gets read / modified by the system – Untrusted System Run Sensitive Program Here Trusted Execution Environment 3

  4. Basic Problem (Ring Architecture) 4

  5. Basic Problem (Ring Architecture) 5

  6. Invasive Attacks 6

  7. Trusted Execution Environments Achieve confidentiality and integrity even when the OS is compromised! ARM : Trustzone (trusted execution environments) • Intel : SGX (enclaves) • 7

  8. ARM Trustzone Trustzone Security Whitepaper, ARM http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/ PRD29GENC-009492C_trustzone_security_whitepaper.pdf 8

  9. ARM System on Chips GSM Modem 3G Modem Media System Main Processor ARM1156 Cortex-R4 AudioDE Cortex-A8 DSP DSP Mali200 L2 Cache DMA DMA Interrupt Controller AXI Bus Debug Bus AXI to APB Boot Level 3 Cache SRAM Bridge ROM Clock Ctrl. RTC AXI Bus Watchdog Timers Memory Memory Trace Debug Display Controller Controller Port Access Port Controller ADC / DAC KMI JTAG + DRAM Flash Trace Boundary Display Aerial Keypad Scan 9

  10. ARM Trustzone (Main Idea) Hardware and Software partitioned into two: Normal and Secure worlds Normal world Secure world A single hardware processor timesliced Normal world Secure world user mode user mode between secure and normal worlds Secure world provides an environment that Normal world Secure world supports confidentiality and integrity. privileged modes privileged modes - Can prevent software attacks - Cannot prevent invasive attacks Monitor mode 10

  11. A Typical Trustzone Application 11

  12. Switching Worlds • Execution in time sliced manner (Secure <-> Normal) New mode (monitor mode) that is invoked during switching modes • Mode switching • – triggered by secure monitoring call (SMC) instruction – certain hardware exceptions (interrupts, aborts) Monitor Mode: saves state of the current world and restores the state of the • world being switched to. Restoration by return-from-exception. NS Bit: in configuration register indicates secure / normal operating mode. • NS = 1 -> indicates non-secure (normal) mode 12

  13. NS Bit extends beyond the chip GSM Modem 3G Modem Media System Main Processor ARM1156 Cortex-R4 AudioDE Cortex-A8 DSP DSP Mali200 L2 Cache DMA DMA Interrupt Controller AXI Bus Debug Bus AXI to APB Boot Level 3 Cache SRAM Bridge ROM Clock Ctrl. RTC AXI Bus Watchdog Timers Memory Memory Trace Debug Display Controller Controller Port Access Port Controller ADC / DAC KMI JTAG + DRAM Flash Trace Boundary Display Aerial Keypad Scan 13

  14. NS Bit extends beyond the chip GSM Modem 3G Modem Media System Main Processor ARM1156 Cortex-R4 AudioDE Cortex-A8 DSP DSP Mali200 L2 Cache DMA DMA Interrupt Controller AXI Bus Debug Bus AXI to APB Boot Level 3 Cache SRAM Bridge ROM Clock Ctrl. RTC AXI Bus Watchdog Timers Memory Memory Trace Debug Display Controller Controller Port Access Port Controller ADC / DAC KMI JTAG + DRAM Flash Trace Boundary Display Aerial Keypad Scan 14

  15. Memory Management • Non Secure Table Identifier Memory (RAM) CPU Core current state of the processor (0 if secure world / 1 if normal Virtual address (VA) have an world extra bit (33-rd bit) to • If NSTID = 1 then force NS bit to 1 VA NSTID page tables Physical address MMU page tables Physical address 15

  16. Memory Management Memory (RAM) CPU Core TLB stores NSTID and NS bit per entry VA NSTID page tables VA NSTID PA NS Physical address VA NSTID PA NS MMU VA NSTID PA NS page tables VA NSTID PA NS TLB Page walk only Physical address on TLB miss 16

  17. Memory Management Memory (RAM) CPU Core Secure world page tables can map to normal world memory VA NSTID page tables VA NSTID PA NS Physical address VA NSTID PA NS MMU VA NSTID PA NS page tables VA NSTID PA NS TLB Page walk only Physical address on TLB miss 17

  18. Memory Management Memory (RAM) CPU Core Cache Memory Tag NS cache line Tag NS cache line Tag NS cache line Access RAM only Tag NS cache line VA NSTID PA on cache miss page tables VA NSTID PA NS VA NSTID PA NS MMU VA NSTID PA NS page tables VA NSTID PA NS TLB Page walk only on TLB miss 18

  19. Memory Management Units Two virtual MMUs (one for each mode) • – Two page-tables active simultaneously A single TLB present • – A tag in each TLB entry determines the mode (Normal and Secure TLB entries may co-exist; this allows for quicker switching of modes) – alternatively the monitor may flush the TLB whenever switching mode A single cache is present • – Tags (again) in each line used to store state – Any non-locked down cache line can be evicted to make space for new data – A secure line load can evict a non-secure line load (and vice-versa) 19

  20. Secure and Normal Devices GSM Modem 3G Modem Media System Main Processor ARM1156 Cortex-R4 AudioDE Cortex-A8 DSP DSP Mali200 L2 Cache DMA DMA Interrupt Controller AXI Bus Debug Bus AXI to APB Boot Level 3 Cache SRAM Bridge ROM Clock Ctrl. RTC AXI Bus Watchdog Timers Memory Memory Trace Debug Display Controller Controller Port Access Port Controller ADC / DAC KMI JTAG + DRAM Flash Trace Boundary Display Aerial Keypad Scan 20

  21. Interrupts Normal world Secure world User Code User Code Privileged Code Privileged Code IRQ Monitor IRQ IRQ All interrupts routed to monitor first. Interrupts can be configured to go either to the normal world or secure world. 21

  22. Interrupts Normal world Secure world Secure World Interrupt Vector Table User Code User Code Normal World Interrupt Vector Table Privileged Code Privileged Code IRQ Monitor Monitor Interrupt IRQ Vector Table All interrupts routed to monitor first. Interrupts can be configured to go either to the normal world or secure world. 22

  23. Software Architecture The minimal secure world can just have implementations of synchronous code • libraries Typically has an entire operating system • – Qualcomm’s QSEE; Trustonics Kinibi; Samsung Knox; Genode – The secure OS could be tightly couples to the rich OS so that a priority of a task in the rich OS gets mapped accordingly in the secure OS – Advantage of having a full OS is that we will have complete MMU support Intermediate Options • 23

  24. Secure Boot Why? Attackers may replace the flash software with a malicious version, compromising the entire system. How? Secure chain of trust. Starting from a root device (root of trust) that cannot be easily tampered 24

  25. Secure Boot Sequence On chip ROM based Bootloader May be internal to the CPU; Ini,alizes cri,cal peripherals, memory controllers Device bootloader Stored on Flash device (typically) Ini,alize cri,cal peripherals Secure opera,ng system Rich opera,ng system 25

  26. Chain of Trust check signature check signature Trustlet Trustlet Trustlet Rich OS check signature Secure OS check signature Boot loader check signature Inherently secure Component check (PUF/ TPM/ onchipROM) signature Root of trust 26

  27. Intel’s SGX Innovative Instructions and Software Model for Isolated Execution, HASP 2013 (F. McKeen et. al.) 27

  28. Reduced Attack Surface with SGX With SGX enabled Normally App App App App App App OS OS VMM VMM Hardware Hardware Attack Surface Small attack surface (App + Hardware) Malware that can subvert any one of Malware cannot steel secrets inspite app, OS, VMM, or hardware of subverting OS, BIOS, VMM, most can steal secrets parts of the App, etc. 28

  29. Enclaves (reverse sandbox) • Enclave has its own code and data areas Provides confidentiality and integrity Entry Table With controlled entry points Enclave Heap • However, enclave code and data cannot Enclave Stack be accessed from outside the enclave not Enclave even by the operating system. Code TCS • TCS: Thread control Structure (SGX supports multi-threading; one TCS for each thread supported) 29

  30. Enclave Properties Achieves confidentiality and integrity • – Tampering of code / data is detected and access to tampered code / data is prevented. Code outside enclave cannot access code/data inside the enclave • Even though OS is untrusted, it should still be able to manage page • translation and page tables of the enclave Enclave code and data • – Enclave code and data is in the clear when in the CPU package (eg. Registers / caches), but unauthorized access is prevented – Enclave code and data is automatically encrypted it leaves the CPU package 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning,

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning,

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms Zhenyu Ning, Jinghui Liao, Fengwei Zhang, Weisong Shi COMPASS Lab Wayne State University October 27, 2018 1 Outline Introduction Trusted Execution

607 views • 40 slides
Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc.

Introduction Trusted Execution and Two-Factor Authentication User Interaction Discussion Conclusions and Future Work Using Trusted Execution Environments in Two-Factor Authentication Roland van Rijswijk-Deij M.Sc. rijswijk@cs.ru.nl

299 views • 14 slides
TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution

TRUSTED MEMORY Software-Based O-Chip Memory Protection for RISC-V Trusted Execution Environments Gui Andrade Krste Asanovi Dayeol Lee David Kohlbrenner Dawn Song University of California, Berkeley TRUSTED MEMORY? Securing data/code

703 views • 48 slides
DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun OVERVIEW 1. Introduction 2. Motivations and Problem Statement 3. DelagaTEE 4. Security Analysis 5.

946 views • 46 slides
Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia

1.1k views • 51 slides
DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and Moritz Schneider, ETH Zurich ; Andrew Miller, UIUC ; Ari Juels, Cornell Tech ; Srdjan Capkun, ETH Zurich CSC 6991 Presented by: Shikha Sikligar

596 views • 18 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel McCallum Sr. Principal Engineer Trusted Execution Environments Trusted Execution Environments Host TEE TEE is a protected area within the host,

1.05k views • 22 slides
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating scenarios 1. Outsourced ML Data

781 views • 21 slides
&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) &amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides
Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Mller Friedrich-Alexander-University Erlangen-Nrnberg, Germany Motivation TEEs are the backbone

696 views • 35 slides
EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

Institute of Operating Systems and Computer Networks EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rsch, 1 Manuel Nieke, 1 Sbastien Vaucher, 2 Nico Weichbrodt, 1

630 views • 46 slides
Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel Busch , Kalle Dirsch 2020-02-23 Friedrich-Alexander-University Erlangen-Nrnberg, Germany BAR20 BAR20 Motivation How secure are

352 views • 16 slides
! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

599 views • 30 slides
System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G

599 views • 49 slides
Trusted Hardware Sai Krishna Deepak Maram, CS 6410 Move to a Cloud-based model User apps User

Trusted Hardware Sai Krishna Deepak Maram, CS 6410 Move to a Cloud-based model User apps User

Trusted Hardware Sai Krishna Deepak Maram, CS 6410 Move to a Cloud-based model User apps User apps PaaS Software Software Cloud Provider manages the Hypervisor Hypervisor stack OS OS Move to a Cloud-based model Privileged User apps

591 views • 28 slides
VC3: Trustworthy Data Analytics in the Cloud using SGX Felix Schuster , Manuel Costa, Cedric

VC3: Trustworthy Data Analytics in the Cloud using SGX Felix Schuster , Manuel Costa, Cedric

VC3: Trustworthy Data Analytics in the Cloud using SGX Felix Schuster , Manuel Costa, Cedric Fournet, Christos Gkantsidis Marcus Peinado, Gloria Mainar-Ruiz, Mark Russinovich Microsoft Research Outline Introduction Background

567 views • 18 slides
A Broadside Register Clock Broadside D Q register N N Clock Q0 D D0 Q1 D1 D Q2 D2

A Broadside Register Clock Broadside D Q register N N Clock Q0 D D0 Q1 D1 D Q2 D2

A Broadside Register Clock Broadside D Q register N N Clock Q0 D D0 Q1 D1 D Q2 D2 D Q(N-1) D(N-1) D 1 A broadside two-to-one multiplexor Select N N DT Y DF N MUX2 Select DT0 Y0 DF0 DT1 Y1 DF1 DT(N-1) Y(N-1)

633 views • 62 slides
Activities related to monolithic and vertically Activities related to monolithic and vertically

Activities related to monolithic and vertically Activities related to monolithic and vertically

Activities related to monolithic and vertically Activities related to monolithic and vertically integrated pixel detector at CERN Michael Campbell Michael Campbell PH-ESE CERN Outline Outline Low cost bump bonding CERN MPW service

349 views • 24 slides
Game Over: Quantifying and Simulating Unsustainable Fiscal Policy Richard W. Evans Laurence J.

Game Over: Quantifying and Simulating Unsustainable Fiscal Policy Richard W. Evans Laurence J.

Intro Model with shut down Tax regime switch: 80% Tax regime switch: 30% Conclusion Game Over: Quantifying and Simulating Unsustainable Fiscal Policy Richard W. Evans Laurence J. Kotlikoff Kerk L. Phillips December 2011 Evans, Kotlikoff,

545 views • 30 slides
Implementing the three-particle quantization condition: a progress report Steve Sharpe

Implementing the three-particle quantization condition: a progress report Steve Sharpe

Implementing the three-particle quantization condition: a progress report Steve Sharpe University of Washington S. Sharpe, ``Progress on implementing the three-particle quantization condition, FLQCD19, YITP , 4/25/2019 / 61 1 3-

1.11k views • 82 slides
The meeting begins at 19:00 PM Wednesday July 8 th 2015 A Review of Various Risk Measures

The meeting begins at 19:00 PM Wednesday July 8 th 2015 A Review of Various Risk Measures

1 The meeting begins at 19:00 PM Wednesday July 8 th 2015 A Review of Various Risk Measures Norman Booth Dont Put Coal in Your Rocket Engine Scott Juds 2 Wednesday July 8 th 2015 But First A Short Review of

439 views • 43 slides
H6751 Summary Zhao Rui Agenda 1. Modern AI 2. Course Summary Modern AI Modern AI

H6751 Summary Zhao Rui Agenda 1. Modern AI 2. Course Summary Modern AI Modern AI

H6751 Summary Zhao Rui Agenda 1. Modern AI 2. Course Summary Modern AI Modern AI (90s-present) Stat Model :Pearl (1988) promote Bayesian networks in AI to model uncertainty (based on Bayes rule from 1700) Stat Model: infer the

441 views • 11 slides

More recommend