[PPT] - TrustJS: Trusted Client-side Execution of JavaScript David Goltzsche PowerPoint Presentation

SLIDE 1

Motivation Approach of TrustJS Evaluation Conclusion

TrustJS: Trusted Client-side Execution of JavaScript

David Goltzsche1, Colin Wulf1, Divya Muthukumaran2, Konrad Rieck1, Peter Pietzuch2 and R¨ udiger Kapitza1

1TU Braunschweig, Germany 2Imperial College London, UK

EuroSec’17, April 23, 2017, Belgrade, Serbia

0 / 15

SLIDE 2

Motivation Approach of TrustJS Evaluation Conclusion

place

1 / 15

SLIDE 3

Motivation Approach of TrustJS Evaluation Conclusion

hol

1 / 15

SLIDE 4

Motivation Approach of TrustJS Evaluation Conclusion

der

1 / 15

SLIDE 5

Motivation Approach of TrustJS Evaluation Conclusion

untrusted client-side computation

1 / 15

SLIDE 6

Motivation Approach of TrustJS Evaluation Conclusion

computation repeated

1 / 15

SLIDE 7

Motivation Approach of TrustJS Evaluation Conclusion

computation not offloaded

1 / 15

SLIDE 8

Motivation Approach of TrustJS Evaluation Conclusion

Agenda

Motivation Approach of TrustJS Evaluation Conclusion

2 / 15

SLIDE 9

Motivation Approach of TrustJS Evaluation Conclusion

Motivation

Web applications replace traditional desktop applications
Providers offload computations to clients
Popular programming language: JavaScript
Minimise round trips
Reduce server-side resource demand
Clients not assumed as trustworthy
Results can be faulty
No confidential code or data

→ Strong limitation for offloading approach

Results of untrusted clients typically verified at server-side
Requires recomputation, that can lead to vulnerabilites1

→ Waste of resources

1P. Bisht, et el. NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web
Applications. CCS, 2010.

3 / 15

SLIDE 10

Motivation Approach of TrustJS Evaluation Conclusion

TrustJS

Trusted client-side execution of JavaScript

General purpose JavaScript
Integration in commodity browsers
Protecting code and data
Integrity
Confidentiality (optional)
Remote verification of computation results

4 / 15

SLIDE 11

Motivation Approach of TrustJS Evaluation Conclusion

Architecture of TrustJS

Browser tab1

IE3

Browser Browser tab2

IE3

Browser tab3

IE3

SP3

T rusted channel SP2 SP1

Add-on

High-level architecture of TrustJS IE: interpreter enclave SP: service provider

5 / 15

SLIDE 12

Motivation Approach of TrustJS Evaluation Conclusion

Intel SGX (1/2)

Software Guard Extensions
Extension of x86 instruction set
Creation of isolated compartments → enclaves
Execution isolated from untrusted OS
Transparent memory encryption
Pages stored in EPC
Support for remote attestation
based on Intel-provided service IAS

6 / 15

SLIDE 13

Motivation Approach of TrustJS Evaluation Conclusion

Intel SGX (2/2)

Enclave

Application ecall return return

call

enclave creation trusted execution untrusted execution untrusted execution enclave destrucion

Basic interaction pattern between application and enclave

7 / 15

SLIDE 14

Motivation Approach of TrustJS Evaluation Conclusion

Approach of TrustJS

Use Intel SGX enclaves at client-side
Put JavaScript interpreter MuJS in it
”Interpreter enclave”
Integration as browser add-on
Generic enclave binary shipped
Additional trusted JavaScript interpreter in browser
Untrusted: GUI rendering, user interaction
Trusted: execution of integrity-protected/encrypted code
Remote attestation to generate verifiable responses

→ Verification at server

Developers annotate code parts for trusted execution
Automated transition into interpreter enclave

8 / 15

SLIDE 15

Motivation Approach of TrustJS Evaluation Conclusion

TrustJS Client HTML page Browser process

Interpreter enclave

JS Engine Add-on Bridge

untrusted JavaScript execution

JS Engine

trusted JS execution

Client-side components of TrustJS

9 / 15

SLIDE 16

Motivation Approach of TrustJS Evaluation Conclusion

TrustJS Client HTML page Browser process

Interpreter enclave

injected content script

ports ecalls

calls

JS Engine Add-on Bridge

untrusted JavaScript execution

js-ctypes JS Engine

trusted JS execution

Client-side components of TrustJS

9 / 15

SLIDE 17

Motivation Approach of TrustJS Evaluation Conclusion

TrustJS Server

10 / 15

SLIDE 18

Motivation Approach of TrustJS Evaluation Conclusion

TrustJS Server

⇓

10 / 15

SLIDE 19

Motivation Approach of TrustJS Evaluation Conclusion

Evaluation 1/4

Client

calc2

Server

HTTP GET calc1 calc1 HTML t1 t2 t0 HTTP POST Result HTTP POST Result calc2

Latency build-up of traditional web application with server-side recalculations

11 / 15

SLIDE 20

Motivation Approach of TrustJS Evaluation Conclusion

Evaluation 2/4

Client Server IAS

Quote + public key Quote OK t1 Enclave start HTTP GET HTML HTTP POST Hash check calc2 t2 Quote verification Secret key generation Preparation of HTML document HMAC verification calc1 HMAC generation Encrypted secret key Result + HMAC t0

Latency build-up of web application using TrustJS with single server-side verification

12 / 15

SLIDE 21

Motivation Approach of TrustJS Evaluation Conclusion

Evaluation 3/4

200 400 600 800 1000 1200 1 2 3 4 5 6 7 8 9 10 Application run time [ms] Number of calculations no TrustJS TrustJS

13 / 15

SLIDE 22

Motivation Approach of TrustJS Evaluation Conclusion

Evaluation 4/4

20 40 60 80 100 1 100 200 300 400 500 600 Server CPU usage [%] Number of clients

no TrustJS TrustJS

14 / 15

SLIDE 23

Motivation Approach of TrustJS Evaluation Conclusion

Conclusion and Future Work

TrustJS enables...
trusted execution of JavaScript in commodity browsers

seamlessly integrated as an add-on

service providers to save resources by removing

(re)computations on server-side

developers to remove unnecessary round trips
With future work TrustJS may...
support more sophisticated JavaScript engines
make parts of the Node.js API available in enclave

15 / 15