Open AccessProceedings Article
Graphene-SGX: a practical library OS for unmodified applications on SGX
Chia-Che Tsai,Donald E. Porter,Mona Vij +2 more
- pp 645-658
TLDR
This paper presents a port of Graphene to SGX, as well as a number of improvements to make the security benefits of SGX more usable, such as integrity support for dynamically-loaded libraries, and secure multiprocess support.Abstract:
Intel SGX hardware enables applications to protect themselves from potentially-malicious OSes or hypervisors. In cloud computing and other systems, many users and applications could benefit from SGX. Unfortunately, current applications will not work out-of-the-box on SGX. Although previous work has shown that a library OS can execute unmodified applications on SGX, a belief has developed that a library OS will be ruinous for performance and TCB size, making application code modification an implicit prerequisite to adopting SGX.
This paper demonstrates that these concerns are exaggerated, and that a fully-featured library OS can rapidly deploy unmodified applications on SGX with overheads comparable to applications modified to use "shim" layers. We present a port of Graphene to SGX, as well as a number of improvements to make the security benefits of SGX more usable, such as integrity support for dynamically-loaded libraries, and secure multiprocess support. Graphene-SGX supports a wide range of unmodified applications, including Apache, GCC, and the R interpreter. The performance overheads of Graphene-SGX range from matching a Linux process to less than 2× in most single-process cases; these overheads are largely attributable to current SGX hardware or missed opportunities to optimize Graphene internals, and are not necessarily fundamental to leaving the application unmodified. Graphene-SGX is open-source and has been used concurrently by other groups for SGX research.read more
Citations
More filters
Proceedings Article
Inferring fine-grained control flow inside SGX enclaves with branch shadowing
TL;DR: A new, yet critical, side-channel attack, branch shadowing, that reveals fine-grained control flows (branch granularity) in an enclave and develops two novel exploitation techniques, a last branch record (LBR)-based history-inferring technique and an advanced programmable interrupt controller (APIC)-based technique to control the execution of an enclave in a finegrained manner.
Proceedings ArticleDOI
Keystone: an open framework for architecting trusted execution environments
TL;DR: Keystone is presented---the first open-source framework for building customized TEEs, which builds reusable TEE core primitives from these abstractions while allowing platform-specific modifications and flexible feature choices.
Proceedings ArticleDOI
EnclaveDB: A Secure Database Using SGX
TL;DR: EnclaveDB is a database engine that guarantees confidentiality, integrity, and freshness for data and queries even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, and when thedatabase runs in an untrusted host in the cloud.
Proceedings ArticleDOI
Ryoan: a distributed sandbox for untrusted computation on secret data
TL;DR: Ryoan as mentioned in this paper provides a distributed sandbox, leveraging hardware enclaves (e.g., Intel's software guard extensions (SGX)) to protect sandbox instances from potentially malicious computing platforms.
Proceedings Article
Telling your secrets without page faults: stealthy page table-based attacks on enclaved execution
TL;DR: It is demonstrated that an untrusted operating system can observe enclave page accesses without resorting to page faults, by exploiting other side-effects of the address translation process.
References
More filters
Proceedings Article
lmbench: portable tools for performance analysis
Larry McVoy,Carl Staelin +1 more
TL;DR: lmbench is a micro-benchmark suite designed to focus attention on the basic building blocks of many common system applications, such as databases, simulations, software development, and networking.
Proceedings ArticleDOI
Flicker: an execution infrastructure for tcb minimization
TL;DR: Flicker is presented, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code, and can provide meaningful, fine-grained attestation of the code executed (as well as its inputs and outputs) to a remote party.
Proceedings ArticleDOI
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
TL;DR: In this article, the authors introduce controlled channel attacks, a new type of sidechannel attack that allows an untrusted operating system to extract large amounts of sensitive information from protected applications on systems like Overshadow, Ink Tag or Haven.
Journal ArticleDOI
Shielding Applications from an Untrusted Cloud with Haven
TL;DR: The notion of shielded execution is introduced, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (i.e., the cloud operator’s OS, VM, and firmware).
Proceedings ArticleDOI
SCONE: secure Linux containers with Intel SGX
Sergei Arnautov,Bohdan Trach,Franz Gregor,Thomas Knauth,Andre Martin,Christian Priebe,Joshua Lind,Divya Muthukumaran,Dan O'Keeffe,Mark Stillwell,David Goltzsche,David Eyers,Rüdiger Kapitza,Peter Pietzuch,Christof Fetzer +14 more
TL;DR: SCONE is a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks and offers a secure C standard library interface that transparently encrypts/decrypts I/O data.