230 research outputs found
Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms
The deployment of large-scale distributed systems, e.g., publish-subscribe
platforms, that operate over sensitive data using the infrastructure of public
cloud providers, is nowadays heavily hindered by the surging lack of trust
toward the cloud operators. Although purely software-based solutions exist to
protect the confidentiality of data and the processing itself, such as
homomorphic encryption schemes, their performance is far from being practical
under real-world workloads.
The performance trade-offs of two novel hardware-assisted memory protection
mechanisms, namely AMD SEV and Intel SGX - currently available on the market to
tackle this problem, are described in this practical experience.
Specifically, we implement and evaluate a publish/subscribe use-case and
evaluate the impact of the memory protection mechanisms and the resulting
performance. This paper reports on the experience gained while building this
system, in particular when having to cope with the technical limitations
imposed by SEV and SGX.
Several trade-offs that provide valuable insights in terms of latency,
throughput, processing time and energy requirements are exhibited by means of
micro- and macro-benchmarks.Comment: European Commission Project: LEGaTO - Low Energy Toolset for
Heterogeneous Computing (EC-H2020-780681
SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing
Confidential computing allows processing sensitive workloads in securely isolated spaces. Following earlier adop- tion of process-based approaches to isolation, vendors are now enabling hardware and firmware support for virtualization-based confidential computing on several server platforms. Due to variations in the technology stack, threat model, implemen-tation and functionality, the available solutions offer somewhat different capabilities, trade-offs and security guarantees. In this paper we review, compare and contextualize four virtualization-based confidential computing technologies for enterprise server platforms - AMD SEV, ARM CCA, IBM PEF and Intel TDX
Intel TDX Demystified: A Top-Down Approach
Intel Trust Domain Extensions (TDX) is a new architectural extension in the
4th Generation Intel Xeon Scalable Processor that supports confidential
computing. TDX allows the deployment of virtual machines in the
Secure-Arbitration Mode (SEAM) with encrypted CPU state and memory, integrity
protection, and remote attestation. TDX aims to enforce hardware-assisted
isolation for virtual machines and minimize the attack surface exposed to host
platforms, which are considered to be untrustworthy or adversarial in the
confidential computing's new threat model. TDX can be leveraged by regulated
industries or sensitive data holders to outsource their computations and data
with end-to-end protection in public cloud infrastructure.
This paper aims to provide a comprehensive understanding of TDX to potential
adopters, domain experts, and security researchers looking to leverage the
technology for their own purposes. We adopt a top-down approach, starting with
high-level security principles and moving to low-level technical details of
TDX. Our analysis is based on publicly available documentation and source code,
offering insights from security researchers outside of Intel
TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors (Technical Report)
Platforms are nowadays typically equipped with tristed execution environments
(TEES), such as Intel SGX and ARM TrustZone. However, recent microarchitectural
attacks on TEEs repeatedly broke their confidentiality guarantees, including
the leakage of long-term cryptographic secrets. These systems are typically
also equipped with a cryptographic coprocessor, such as a TPM or Google Titan.
These coprocessors offer a unique set of security features focused on
safeguarding cryptographic secrets. Still, despite their simultaneous
availability, the integration between these technologies is practically
nonexistent, which prevents them from benefitting from each other's strengths.
In this paper, we propose TALUS, a general design and a set of three main
requirements for a secure symbiosis between TEEs and cryptographic
coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a
hardware TPM. We show that with TALUS, the long-term secrets used in the SGX
life cycle can be moved to the TPM. We demonstrate that our design is robust
even in the presence of transient execution attacks, preventing an entire class
of attacks due to the reduced attack surface on the shared hardware.Comment: In proceedings of Financial Cryptography 2023. This is the technical
report of the published pape
SoK: A Systematic Review of TEE Usage for Developing Trusted Applications
Trusted Execution Environments (TEEs) are a feature of modern central
processing units (CPUs) that aim to provide a high assurance, isolated
environment in which to run workloads that demand both confidentiality and
integrity. Hardware and software components in the CPU isolate workloads,
commonly referred to as Trusted Applications (TAs), from the main operating
system (OS). This article aims to analyse the TEE ecosystem, determine its
usability, and suggest improvements where necessary to make adoption easier. To
better understand TEE usage, we gathered academic and practical examples from a
total of 223 references. We summarise the literature and provide a publication
timeline, along with insights into the evolution of TEE research and
deployment. We categorise TAs into major groups and analyse the tools available
to developers. Lastly, we evaluate trusted container projects, test
performance, and identify the requirements for migrating applications inside
them.Comment: In The 18th International Conference on Availability, Reliability and
Security (ARES 2023), August 29 -- September 01, 2023, Benevento, Italy. 15
page
Systemunterstützung für moderne Speichertechnologien
Trust and scalability are the two significant factors which impede the dissemination of clouds.
The possibility of privileged access to customer data by a cloud provider limits the usage of clouds for processing security-sensitive data.
Low latency cloud services rely on in-memory computations, and thus, are limited by several characteristics of Dynamic RAM (DRAM) such as capacity, density, energy consumption, for example.
Two technological areas address these factors.
Mainstream server platforms, such as Intel Software Guard eXtensions (SGX) und AMD Secure Encrypted Virtualisation (SEV) offer extensions for trusted execution in untrusted environments.
Various technologies of Non-Volatile RAM (NV-RAM) have better capacity and density compared to DRAM and thus can be considered as DRAM alternatives in the future.
However, these technologies and extensions require new programming approaches and system support since they add features to the system architecture: new system components (Intel SGX) and data persistence (NV-RAM).
This thesis is devoted to the programming and architectural aspects of persistent and trusted systems.
For trusted systems, an in-depth analysis of new architectural extensions was performed.
A novel framework named EActors and a database engine named STANlite were developed to effectively use the capabilities of trusted~execution.
For persistent systems, an in-depth analysis of prospective memory technologies, their features and the possible impact on system architecture was performed.
A new persistence model, called the hypervisor-based model of persistence, was developed and evaluated by the NV-Hypervisor.
This offers transparent persistence for legacy and proprietary software, and supports virtualisation of persistent memory.Vertrauenswürdigkeit und Skalierbarkeit sind die beiden maßgeblichen Faktoren, die die Verbreitung von Clouds behindern.
Die Möglichkeit privilegierter Zugriffe auf Kundendaten durch einen Cloudanbieter schränkt die Nutzung von Clouds bei der Verarbeitung von sicherheitskritischen und vertraulichen Informationen ein.
Clouddienste mit niedriger Latenz erfordern die Durchführungen von Berechnungen im Hauptspeicher und sind daher an Charakteristika von Dynamic RAM (DRAM) wie Kapazität, Dichte, Energieverbrauch und andere Aspekte gebunden.
Zwei technologische Bereiche befassen sich mit diesen Faktoren: Etablierte Server Plattformen wie Intel Software Guard eXtensions (SGX) und AMD Secure Encrypted Virtualisation (SEV) stellen Erweiterungen für vertrauenswürdige Ausführung in nicht vertrauenswürdigen Umgebungen bereit.
Verschiedene Technologien von nicht flüchtigem Speicher bieten bessere Kapazität und Speicherdichte verglichen mit DRAM, und können daher in Zukunft als Alternative zu DRAM herangezogen werden.
Jedoch benötigen diese Technologien und Erweiterungen neuartige Ansätze und Systemunterstützung bei der Programmierung, da diese der Systemarchitektur neue Funktionalität hinzufügen: Systemkomponenten (Intel SGX) und Persistenz (nicht-flüchtiger Speicher).
Diese Dissertation widmet sich der Programmierung und den Architekturaspekten von persistenten und vertrauenswürdigen Systemen.
Für vertrauenswürdige Systeme wurde eine detaillierte Analyse der neuen Architekturerweiterungen durchgeführt.
Außerdem wurden das neuartige EActors Framework und die STANlite Datenbank entwickelt, um die neuen Möglichkeiten von vertrauenswürdiger Ausführung effektiv zu nutzen.
Darüber hinaus wurde für persistente Systeme eine detaillierte Analyse zukünftiger Speichertechnologien, deren Merkmale und mögliche Auswirkungen auf die Systemarchitektur durchgeführt.
Ferner wurde das neue Hypervisor-basierte Persistenzmodell entwickelt und mittels NV-Hypervisor ausgewertet, welches transparente Persistenz für alte und proprietäre Software, sowie Virtualisierung von persistentem Speicher ermöglicht
- …