Abstract
Today’s cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider’s staff and its globally distributed software/hardware platform not to expose any of their private data.
We introduce the notion of shielded execution, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator’s OS, VM, and firmware). Our prototype, Haven, is the first system to achieve shielded execution of unmodified legacy applications, including SQL Server and Apache, on a commodity OS (Windows) and commodity hardware. Haven leverages the hardware protection of Intel SGX to defend against privileged code and physical attacks such as memory probes, and also addresses the dual challenges of executing unmodified legacy binaries and protecting them from a malicious host. This work motivated recent changes in the SGX specification.
- Amazon Web Services. 2013. AWS CloudHSM Getting Started Guide. Retrieved July 23, 2015, from http://aws.amazon.com/cloudhsm/.Google Scholar
- Ittai Anati, Shay Gueron, Simon P. Johnson, and Vincent R. Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Google Scholar
- Thomas E. Anderson, Brian N. Bershad, Edward D. Lazowska, and Henry M. Levy. 1992. Scheduler activations: Effective kernel support for the user-level management of threads. ACM Transactions on Computer Systems 10, 53--79. Google ScholarDigital Library
- Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramaratnam Venkatesan. 2013. Orthogonal security with Cipherbase. In Proceedings of the 6th Conference on Innovative Data Systems Research.Google Scholar
- ARM Limited. 2009. Building a Secure System Using TrustZone Technology. Ref. PRD29-GENC-009492C. ARM Limited.Google Scholar
- Andrew Baumann, Dongyoon Lee, Pedro Fonseca, Lisa Glendenning, Jacob R. Lorch, Barry Bond, Reuben Olinsky, and Galen C. Hunt. 2013. Composing OS extensions safely and efficiently with Bascule. In Proceedings of the 8th ACM European Conference on Computer Systems (EuroSys’13). 239--252. DOI:http://dx.doi.org/10.1145/2465351.2465375 Google ScholarDigital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation. 267--283. Google ScholarDigital Library
- Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. 2003. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium. 105--120. Google ScholarDigital Library
- Ernie Brickell, Gary Graunke, Michael Neve, and Jean-Pierre Seifert. 2006. Software Mitigations to Hedge AES against Cache-Based Software Side Channel Vulnerabilities. Report 2006/052. Cryptology ePrint Archive.Google Scholar
- David Champagne and Ruby B. Lee. 2010. Scalable architectural support for trusted software. In Proceedings of the 16th IEEE International Symposium on High-Performance Computer Architecture. 1--12.Google Scholar
- Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: Why the system call API is a bad untrusted RPC interface. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems. 12. DOI:http://dx.doi.org/10.1145/2451116.2451145 Google ScholarDigital Library
- Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R. K. Ports. 2008. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems. 2--13. DOI:http://dx.doi.org/10.1145/1346281.1346284 Google ScholarDigital Library
- Siddhartha Chhabra, Brian Rogers, Yan Solihin, and Milos Prvulovic. 2011. SecureME: A hardware-software approach to full system security. In Proceedings of the International Conference on Supercomputing. 108--119. DOI:http://dx.doi.org/10.1145/1995896.1995914 Google ScholarDigital Library
- Cloud Security Alliance. 2013. Government Access to Information Survey. Retrieved July 23, 2015, from https://cloudsecurityalliance.org/research/surveys/#_nsa_prism.Google Scholar
- John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. Virtual ghost: Protecting applications from hostile operating systems. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’14). 81--96. DOI:http://dx.doi.org/10.1145/2541940.2541986 Google ScholarDigital Library
- John R. Douceur, Jeremy Elson, Jon Howell, and Jacob R. Lorch. 2008. Leveraging legacy code to deploy desktop applications on the Web. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation. 339--354. Google ScholarDigital Library
- Kevin Fu, Frans Kaashoek, and David Mazières. 2000. Fast and secure distributed read-only file system. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation. 181--196. Google ScholarDigital Library
- Blaise Gassend, Edward Suh, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas. 2003. Caches and hash trees for efficient memory integrity verification. In Proceedings of the 9th IEEE International Symposium on High-Performance Computer Architecture. 295--306. Google ScholarDigital Library
- Barton Gellman and Laura Poitras. 2013. U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Washington Post, June 6, 2013.Google Scholar
- Barton Gellman and Ashkan Soltani. 2013. NSA infiltrates links to yahoo, google data centers worldwide, snowden documents say. Washington Post, October 30, 2013.Google Scholar
- Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University, Stanford, CA. Google ScholarDigital Library
- Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Homomorphic evaluation of the AES circuit. In Advances in Cryptology—CRYPTO 2012. Lecture Notes in Computer Science, Vol. 7417. Springer, 850--867,Google Scholar
- Steven M. Hand. 1999. Self-paging in the nemesis operating system. In Proceedings of the 3rd USENIX Symposium on Operating Systems Design and Implementation. 73--86. http://dl.acm.org/citation.cfm?id=296806.296812 Google ScholarDigital Library
- Chris Hawblitzel, Jon Howell, Jacob R. Lorch, Arjun Narayan, Bryan Parno, Danfeng Zhang, and Brian Zill. 2014. Ironclad apps: End-to-end security via automated full-system verification. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation. Google ScholarDigital Library
- Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. Article No. 11. DOI:http://dx.doi.org/10.1145/2487726.2488370 Google ScholarDigital Library
- Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. 2013. InkTag: Secure applications on an untrusted operating system. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems. 265--278. DOI:http://dx.doi.org/10.1145/2451116.2451146 Google ScholarDigital Library
- Fangyong Hou, Nong Xiao, Fang Liu, Hongjun He, and Dawu Gu. 2009. Performance and consistency improvements of hash tree based disk storage protection. In Proceedings of the 2009 IEEE International Conference on Networking, Architecture, and Storage. 51--56. Google ScholarDigital Library
- Jon Howell, Bryan Parno, and John R. Douceur. 2013. How to run POSIX apps in a minimal picoprocess. In Proceedings of the 2013 USENIX Annual Technical Conference. 321--332. Google ScholarDigital Library
- Intel Corp. 2013. Software Guard Extensions Programming Reference. Ref. #329298-001. Intel Corp. https://software.intel.com/sites/default/files/329298-001.pdf.Google Scholar
- Intel Corp. 2014a. Intel 64 and IA-32 Architectures Software Developer’s Manual. Ref. #253665-050US. Intel Corp.Google Scholar
- Intel Corp. 2014b. Software Guard Extensions Programming Reference, Rev. 2. Ref. #329298-002. Intel Corp. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf.Google Scholar
- Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles. 207--220. DOI:http://dx.doi.org/10.1145/1629575.1629596 Google ScholarDigital Library
- Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, and Zhenghong Wang. 2005. Architecture for protecting critical secrets in microprocessors. In Proceedings of the 32nd International Symposium on Computer Architecture. 2--13. DOI:http://dx.doi.org/10.1109/ISCA.2005.14 Google ScholarDigital Library
- Roy Levin, Ellis S. Cohen, William M. Corwin, Fred J. Pollack, and William A. Wulf. 1975. Policy/mechanism separation in HYDRA. In Proceedings of the 5th ACM Symposium on Operating Systems Principles. 132--140. Google ScholarDigital Library
- Yanlin Li, Jonathan M. McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. 2014. MiniBox: A two-way sandbox for x86 native code. In Proceedings of the 2014 USENIX Annual Technical Conference. Google ScholarDigital Library
- David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems. 168--177. Google ScholarDigital Library
- David Lie, Chandramohan A. Thekkath, and Mark Horowitz. 2003. Implementing an untrusted operating system on trusted hardware. In Proceedings of the 19th ACM Symposium on Operating Systems Principles. 178--192. DOI:http://dx.doi.org/10.1145/945445.945463 Google ScholarDigital Library
- Jacob R. Lorch, Andrew Baumann, Lisa Glendenning, Dutch Meyer, and Andrew Warfield. 2015. Tardigrade: Leveraging lightweight virtual machines to easily and efficiently construct fault-tolerant services. In Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation. https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/lorch. Google ScholarDigital Library
- Umesh Maheshwari, Radek Vingralek, and William Shapiro. 2000. How to build a trusted database system on untrusted storage. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation. 135--150. Google ScholarDigital Library
- Brian D. Marsh, Michael L. Scott, Thomas J. LeBlanc, and Evangelos P. Markatos. 1991. First-class user-level threads. In Proceedings of the 13th ACM Symposium on Operating Systems Principles. 110--121. Google ScholarDigital Library
- Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Symposium on Security and Privacy. 143--158. DOI:http://dx.doi.org/10.1109/SP.2010.17 Google ScholarDigital Library
- Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In 3rd ACM SOGOPS/EuroSys European Conference on Computer Systems (EuroSys’08). 315--328. DOI:http://dx.doi.org/10.1145/1352592.1352625 Google ScholarDigital Library
- David McGrew and John Viega. 2004. The Galois/Counter Mode of Operation (GCM). Retrieved July 24, 2015, from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf.Google Scholar
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. Article No. 10. DOI:http://dx.doi.org/10.1145/2487726.2488368 Google ScholarDigital Library
- Ralph Merkle. 1987. A digital signature based on a conventional encryption function. In Advances in Cryptology—CRYPTO ’87. Lecture Notes in Computer Science, Vol. 293. Springer, 369--378. Google ScholarDigital Library
- Claire Cain Miller. 2014. Revelations of N.S.A. spying cost U.S. tech companies. New York Times, March 21, 2014.Google Scholar
- Emmanuel Owusu, Jorge Guajardo, Jonathan McCune, Jim Newsome, Adrian Perrig, and Amit Vasudevan. 2013. OASIS: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In Proceedings of the 20th ACM Conference on Computer and Communications Security. 13--24. DOI:http://dx.doi.org/10.1145/2508859.2516678 Google ScholarDigital Library
- Bryan Parno, Jacob R. Lorch, John R. Douceur, James Mickens, and Jonathan M. McCune. 2011. Memoir: Practical state continuity for protected modules. In Proceedings of the IEEE Symposium on Security and Privacy. 379--394. DOI:http://dx.doi.org/10.1109/SP.2011.38 Google ScholarDigital Library
- Dan Plastina. 2015. Azure Key Vault—Making the Cloud Safer. Retrieved July 24, 2015, from http://blogs.technet.com/b/kv/archive/2015/01/08/azure-key-vault-making-the-cloud-safer.aspx.Google Scholar
- Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 85--100. DOI:http://dx.doi.org/10.1145/2043556.2043566 Google ScholarDigital Library
- Gerald J. Popek and Robert P. Goldberg. 1974. Formal requirements for virtualizable third generation architectures. Communications of the ACM 17, 7, 412--421. DOI:http://dx.doi.org/10.1145/361011.361073 Google ScholarDigital Library
- Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinksy, and Galen C. Hunt. 2011. Rethinking the library OS from the top down. In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems. 291--304. Google ScholarDigital Library
- PrivateCore. 2014. Trustworthy Computing for OpenStack with vCage. Retrieved July 24, 2015, from http://privatecore.com/vcage/.Google Scholar
- Himanshu Raj, David Robinson, Talha Bin Tariq, Paul England, Stefan Saroiu, and Alec Wolman. 2011. Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor. Technical Report MSR-TR-2011-130. Microsoft Research.Google Scholar
- Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. 2004. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIX Security Symposium. Google ScholarDigital Library
- Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM trustzone to build a trusted language runtime for mobile applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems. 67--80. DOI:http://dx.doi.org/10.1145/2541940.2541949 Google ScholarDigital Library
- Emin Gün Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, and Fred B. Schneider. 2011. Logical attestation: An authorization architecture for trustworthy computing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 249--264. DOI:http://dx.doi.org/10.1145/2043556.2043580 Google ScholarDigital Library
- Sean W. Smith and Steve Weingart. 1999. Building a high-performance, programmable secure coprocessor. Computer Networks 31, 9, 831--860. http://dl.acm.org/citation.cfm?id=324119.324128 Google ScholarDigital Library
- Richard Ta-Min, Lionel Litty, and David Lie. 2006. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation. 279--292. http://dl.acm.org/citation.cfm?id=1267308.1267328 Google ScholarDigital Library
- Sai Deep Tetali, Mohsen Lesani, Rupak Majumdar, and Todd Millstein. 2013. MrCrypt: Static analysis for secure cloud computations. In Proceedings of the 2013 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications. 271--286. DOI:http://dx.doi.org/10.1145/2509136.2509554 Google ScholarDigital Library
- Transaction Processing Performance Council. 2010. TPC Benchmark E Standard Specification. Rev. 1.12.0. Transaction Processing Performance Council.Google Scholar
- Trusted Computing Group. 2011. TPM Main Specification Level 2. Version 1.2, Revision 116. Trusted Computing Group.Google Scholar
- Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. 2014. Cooperation and security isolation of library OSes for multi-process applications. In Proceedings of the 9th European Conference on Computer Systems (EuroSys’14). Article No. 9. Google ScholarDigital Library
- Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune. 2012. Trustworthy execution on mobile devices: What security properties can my mobile platform give me? In Proceedings of the 5th International Conference on Trust and Trustworthy Computing. 159--178. DOI:http://dx.doi.org/10.1007/978-3-642-30921-2_10 Google ScholarDigital Library
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.Google ScholarDigital Library
- Jisoo Yang and Kang G. Shin. 2008. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proceedings of the 4th International Conference on Virtual Execution Environments. 71--80. DOI:http://dx.doi.org/10.1145/1346256.1346267 Google ScholarDigital Library
- Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy. 79--93. Google ScholarDigital Library
- Aaram Yun, Chunhui Shi, and Yongdae Kim. 2009. On protecting integrity and confidentiality of cryptographic file system for outsourced storage. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security. 67--76. Google ScholarDigital Library
- Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 203--216. DOI:http://dx.doi.org/10.1145/2043556.2043576 Google ScholarDigital Library
- Xiao Zhang, Sandhya Dwarkadas, and Kai Shen. 2009. Towards practical page coloring-based multicore cache management. In 4th ACM European Conference on Computer Systems (EuroSys’09). 89--102. DOI:http://dx.doi.org/10.1145/1519065.1519076 Google ScholarDigital Library
Index Terms
- Shielding Applications from an Untrusted Cloud with Haven
Recommendations
Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating SystemsIntel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library ...
Shielding applications from an untrusted cloud with Haven
OSDI'14: Proceedings of the 11th USENIX conference on Operating Systems Design and ImplementationToday's cloud computing infrastructure requires substantial trust. Cloud users rely on both the provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.
We introduce the notion of shielded ...
COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating SystemsIntel SGX is a hardware-based trusted execution environment (TEE), which enables an application to compute on confidential data in a secure enclave. SGX assumes a powerful threat model, in which only the CPU itself is trusted; anything else is untrusted,...
Comments