957 research outputs found
HasTEE: Programming Trusted Execution Environments with Haskell
Trusted Execution Environments (TEEs) are hardware-enforced memory isolation
units, emerging as a pivotal security solution for security-critical
applications. TEEs, like Intel SGX and ARM TrustZone, allow the isolation of
confidential code and data within an untrusted host environment, such as the
cloud and IoT. Despite strong security guarantees, TEE adoption has been
hindered by an awkward programming model. This model requires manual
application partitioning and the use of error-prone, memory-unsafe, and
potentially information-leaking low-level C/C++ libraries.
We address the above with \textit{HasTEE}, a domain-specific language (DSL)
embedded in Haskell for programming TEE applications. HasTEE includes a port of
the GHC runtime for the Intel-SGX TEE. HasTEE uses Haskell's type system to
automatically partition an application and to enforce \textit{Information Flow
Control} on confidential data. The DSL, being embedded in Haskell, allows for
the usage of higher-order functions, monads, and a restricted set of I/O
operations to write any standard Haskell application. Contrary to previous
work, HasTEE is lightweight, simple, and is provided as a \emph{simple security
library}; thus avoiding any GHC modifications. We show the applicability of
HasTEE by implementing case studies on federated learning, an encrypted
password wallet, and a differentially-private data clean room.Comment: To appear in Haskell Symposium 202
A brief tour of formally secure compilation
Modern programming languages provide helpful high-level abstractions and mechanisms (e.g. types, module, automatic memory management) that enforce good programming practices and are crucial when writing correct and secure code. However, the security guarantees provided by such abstractions are not preserved when a compiler translates a source program into object code. Formally secure compilation is an emerging research field concerned with the design and the implementation of compilers that preserve source-level security properties at the object level. This paper presents a short guided tour of the relevant literature on secure compilation. Our goal is to help newcomers to grasp the basic concepts of this field and, for this reason, we rephrase and present the most relevant results in the literature in a common setting
Generic Tagging for RISC-V Binaries
With the widespread popularity of RISC-V -- an open-source ISA -- custom
hardware security solutions targeting specific defense needs are gaining
popularity. These solutions often require specialized compilers that can insert
metadata (called tags) into the generated binaries, and/or extend the RISC-V
ISA with new instructions. Developing such compilers can be a tedious and
time-consuming process. In this paper, we present COGENT, a generic instruction
tag generator for RISC-V architecture. COGENT is capable of associating a tag
of configurable and varying widths (1 to 20 bits) to each instruction. It is
also capable of emitting labels that are central to the implementation of
control-flow integrity (CFI) solutions. COGENT encodes all tags and labels as
nop instructions thereby providing full backward compatibility.
We evaluate COGENT on a subset of programs from the SPEC CPU2017 benchmark
suite and report the binary size increase to be 29.3% and 18.27% for the lowest
and highest tag coverage levels respectively. Additionally, we executed tagged
programs on COTS RISC-V unmodified hardware and found the execution time
overhead (with respect to backward compatibility) to be 13.4% and 5.72% for the
lowest and highest coverage levels respectively. Finally, using a case study,
we present possible use case scenarios where COGENT can be applied
Flexible Hardware-based Security-aware Mechanisms and Architectures
For decades, software security has been the primary focus in securing our computing platforms. Hardware was always assumed trusted, and inherently served as the foundation, and thus the root of trust, of our systems. This has been further leveraged in developing hardware-based dedicated security extensions and architectures to protect software from attacks exploiting software vulnerabilities such as memory corruption. However, the recent outbreak of microarchitectural attacks has shaken these long-established trust assumptions in hardware entirely, thereby threatening the security of all of our computing platforms and bringing hardware and microarchitectural security under scrutiny. These attacks have undeniably revealed the grave consequences of hardware/microarchitecture security flaws to the entire platform security, and how they can even subvert the security guarantees promised by dedicated security architectures. Furthermore, they shed light on the sophisticated challenges particular to hardware/microarchitectural security; it is more critical (and more challenging) to extensively analyze the hardware for security flaws prior to production, since hardware, unlike software, cannot be patched/updated once fabricated.
Hardware cannot reliably serve as the root of trust anymore, unless we develop and adopt new design paradigms where security is proactively addressed and scrutinized across the full stack of our computing platforms, at all hardware design and implementation layers. Furthermore, novel flexible security-aware design mechanisms are required to be incorporated in processor microarchitecture and hardware-assisted security architectures, that can practically address the inherent conflict between performance and security by allowing that the trade-off is configured to adapt to the desired requirements.
In this thesis, we investigate the prospects and implications at the intersection of hardware and security that emerge across the full stack of our computing platforms and System-on-Chips (SoCs). On one front, we investigate how we can leverage hardware and its advantages, in contrast to software, to build more efficient and effective security extensions that serve security architectures, e.g., by providing execution attestation and enforcement, to protect the software from attacks exploiting software vulnerabilities. We further propose that they are microarchitecturally configured at runtime to provide different types of security services, thus adapting flexibly to different deployment requirements. On another front, we investigate how we can protect these hardware-assisted security architectures and extensions themselves from microarchitectural and software attacks that exploit design flaws that originate in the hardware, e.g., insecure resource sharing in SoCs. More particularly, we focus in this thesis on cache-based side-channel attacks, where we propose sophisticated cache designs, that fundamentally mitigate these attacks, while still preserving performance by enabling that the performance security trade-off is configured by design. We also investigate how these can be incorporated into flexible and customizable security architectures, thus complementing them to further support a wide spectrum of emerging applications with different performance/security requirements. Lastly, we inspect our computing platforms further beneath the design layer, by scrutinizing how the actual implementation of these mechanisms is yet another potential attack surface. We explore how the security of hardware designs and implementations is currently analyzed prior to fabrication, while shedding light on how state-of-the-art hardware security analysis techniques are fundamentally limited, and the potential for improved and scalable approaches
Survey of Approaches and Techniques for Security Verification of Computer Systems
This paper surveys the landscape of security verification approaches and techniques for computer systems at various levels: from a software-application level all the way to the physical hardware level. Different existing projects are compared, based on the tools used and security aspects being examined. Since many systems require both hardware and software components to work together to provide the system\u27s promised security protections, it is not sufficient to verify just the software levels or just the hardware levels in a mutually exclusive fashion. This survey especially highlights system levels that are verified by the different existing projects and presents to the readers the state of the art in hardware and software system security verification. Few approaches come close to providing full-system verification, and there is still much room for improvement
Prov-Trust : towards a trustworthy SGX-based data provenance system
Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins. Secure data provenance is vital to ensure
accountability, forensics investigation of security attacks and privacy preservation. In this paper, we propose
Prov-Trust, a decentralized and auditable SGX-based data provenance system relying on highly distributed
ledgers. This consensually shared and synchronized database allows anchored data to have public witness,
providing tamper-proof provenance data, enabling the transparency of data accountability, and enhancing the
secrecy and availability of the provenance data. Prov-Trust relies on Intel SGX enclave to ensure a trusted
execution of the provenance kernel to collect, store and query provenance records. The use of SGX enclave
protects data provenance and users’ credentials against malicious hosting and processing parties. Prov-Trust
does not rely on a trusted third party to store provenance data while performing their verification using smart
contracts and voting process. The storage of the provenance data in Prov-Trust is done using either the log
events of Smart Contracts or blockchain’s transactions depending on the provenance change event, which enables low storage costs. Finally, Prov-Trust ensures an accurate privacy-preserving auditing process based on
blockchain traces and achieved thanks to events’ logs that are signed by SGX enclaves, transactions being
registered after each vote session, and sealing the linking information using encryption schemes
- …