Upload
nguyentuyen
View
221
Download
0
Embed Size (px)
Citation preview
Peter R. Pietzuch [email protected]
Maru:Hardware-Assisted Secure Cloud Computing
Peter Pietzuch
Large-Scale Distributed Systems GroupDepartment of Computing, Imperial College London
http://lsds.doc.ic.ac.uk
ATI – February 2017
Trust Issues: Provider Perspective
• Cloud provider does not trust users
• Use virtual machines to isolateusers from each other and the host
• VMs only provide one way protection
2
Redis
OS
VMM
Firmware
Cloud platform
Staff
…
trust
ed
Trust Issues: User Perspective
• Users trust their applications
• Users must implicitly trust cloud provider
• Existing applications implicitlyassume trusted operating system
3
Redis
OS
VMM
Firmware
Cloud platform
Staff
…
untru
sted
Trusted Execution with Intel SGX
• Users create HW-enforced trusted environment
• Supports unprivilegeduser code
• Protects against strong attacker model
• Remote attestation
• Available oncommodity CPUs
4
OS
VMM
Firmware
Cloud platform
Staff
…
untru
sted
Enclave
• New enclave processor mode
• 18 new instructions to manage enclave life cycle
• Enclave memory only accessible from enclave
• Certain instructions disallowed, e.g., syscall
5
…EENTER…
Execute…Return
privileged access from OS, VMM forbidden
untrusted trusted
Intel SGX: Hardware-Assisted Security
• No system calls
• Performanceoverhead
SGX: System Call Overhead (pwrite)
l
l
l
l
l
l
l
l
10
100
1000
10000
1 2 3 4 5 6 7 8Threads
Syst
em c
alls
(100
0s/s
)
glibc (32 B)
glibc (64 KB)
SGX SDK (32 B)
SGX SDK (64 KB)
System calls outside of enclave are expensive
SGX: Memory Access Overhead
l l l ll
l
l l l l l l l l
l l l l l l l
l
l
ll
l
l l l l l l l
l
l
ll
l l l l l l l l ll
l
l
ll l
ava
ila
ble
E
PC
size
L3
size
1
10
100
1000
2 4 8 16 32 64 128 25692
Allocated memory size (MiB)
No
rm
alize
d ru
n tim
e
l
l
Reads (random)
Reads (sequential)
Writes (random)
Writes (sequential)
Reads (random)
Reads (sequential)
Writes
(random)
Writes (sequential)
Large amount of enclave memory leads to poor performance
SGX Research Challenges
8
Untrustedcomponent
Secure enclave
Sensitive code
and data
TCB size
Attacksurface
Performanceoverhead
1. II. Privilege Separation
(Minimal TCB?)
I. Complete unmodified applications in enclaves
(Systems support?)
Systems Support for SGX?
9
Operating System
Hardware
Application
Libraries
C Library (libc)
Operating System
Hardware
Application
Libraries
C Library (libc)
1. SCONE: Secure CONtainer Environment
• 1. Good performance/security trade-off– Small TCB (0.8×–2.1× of native size)– Low overhead (0.3×–1.1× of native
throughput)
• 2. Efficient system call support– M:N user-level threading– Asynchronous syscall execution
• 3. Transparent interface shielding– Encryption of file descriptors– TLS support for network sockets– Encrypted data stored outside enclave
Host operating system (Linux)Container
SCONE kernelmodule
Enclave
Syst
em c
all
requ
ests
SGX-aware C libraryAsynchronous system call interface
Application-specific librariesFile system shieldNetwork shield
trusted
Syst
em c
all
resp
onse
s
lock-freequeuesscall4
scall5scall6
SCONEcomponent
Intel SGXdriver
resp2resp3
M:N Threading
Application Code
Exte
rnal
con
tain
er in
terf
ace
trus
ted
untr
uste
dresp1
2. Glamdring: Application Partitioning
11
Code GenerationGraph Partitioning
Modifiedbinary(initial
tainting)
Originalsource code
Untrustedapp code
Sensitiveapp code
Trace Collection
Instru-mentedbinary
/path/to/file1 function1
/path/to/file2 function2
/path/to/file3 function3
/path/to/file4 function4
/path/to/file5 function5
/path/to/file5 function5
/path/to/file6 function6
/path/to/file7 function7
/path/to/file8 function8
1. Static / Dynamic Analysis
2. Graphpartitioning
3. Automated source-to-source code transform
Collect information to obtain valid partitioning
Find partitioning of application
Implement partitioning using Intel SGX SDK
3. LibSEAL: Secure Auditing Library
• LibSEAL: Secure TLS Auditing Library – Provide accountability to TLS-enabled application– Help link integrity violations to origin
• Workflow:1. Securely log communication
between client and service2. Audit against application-specific
invariants
• Use cases:– Dropbox: Have files been lost?– Git: Is the the server hiding commits?– Owncloud: Were there illegitimate modifications to content or layout?
12
T3.2 Set of reusable secure micro-services
libseal – secure auditing library (I)
Provide accountability to legacy SSL-enabled application → Link (malicious) behaviour to its origin
Targets data integrity
Privacy-preserving
No (trusted) third party
Workflow:
1. Securely log conversation
between client and server
2. Audit against application-specific
properties
Cloud infrastructure (untrusted)
Enclave (trusted)
libseal(terminates SSL)
SSL-enabled
Appli-cation
ClientClientClientClient
log
T3.2 Set of reusable secure micro-services
libseal – secure auditing library (II)
Use cases
Git
Have any files been modified?
Is the the server hiding any commits, branches or tags?
Owncloud collaborative text editor
Did the server or any illegitimate users access thedocument or modify its content or layout?
Dropbox
Have any files been modified or accessed by anyillegitimate users or the server?
T3.2 Set of reusable secure micro-services
libseal – secure auditing library (II)
Use cases
Git
Have any files been modified?
Is the the server hiding any commits, branches or tags?
Owncloud collaborative text editor
Did the server or any illegitimate users access thedocument or modify its content or layout?
Dropbox
Have any files been modified or accessed by anyillegitimate users or the server?
T3.2 Set of reusable secure micro-services
libseal – secure auditing library (II)
Use cases
Git
Have any files been modified?
Is the the server hiding any commits, branches or tags?
Owncloud collaborative text editor
Did the server or any illegitimate users access thedocument or modify its content or layout?
Dropbox
Have any files been modified or accessed by anyillegitimate users or the server?
Maru: Security Threats in Data Science
13
Hardware
Hypervisor
Data science job
Other VMVM
OS
External attacker
Malicioustenant
Maliciousinsider
Maru Research Directions
• 1. Security model for shielded data science jobs– How to harden shielded jobs? How to deal with vulnerabilities, bugs?– What about external dependencies/libraries?
• 2. Integration of language runtimes with secure enclaves– How to integrate SGX support for the JVM?– What is the right programming model for SGX enclaves?
• 3. Unikernel support for secure enclaves– How to support existing legacy binaries?– How to build type-safe minimal secure enclaves for data science jobs?
• 4. Prototype platform implementation and evaluation– Integration with Apache Flink or other dataflow frameworks
• 5. Dataflow attacks and mitigations strategies– What attacks are possible by observing encrypted dataflows?– Can we apply techniques for unobservable communication?
14