213 research outputs found
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
SGXIO: Generic Trusted I/O Path for Intel SGX
Application security traditionally strongly relies upon security of the
underlying operating system. However, operating systems often fall victim to
software attacks, compromising security of applications as well. To overcome
this dependency, Intel introduced SGX, which allows to protect application code
against a subverted or malicious OS by running it in a hardware-protected
enclave. However, SGX lacks support for generic trusted I/O paths to protect
user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX,
allowing user applications to run securely on top of an untrusted OS, while at
the same time supporting trusted paths to generic I/O devices. To achieve this,
SGXIO combines the benefits of SGX's easy programming model with traditional
hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure
debug enclaves to behave like secure production enclaves. SGXIO surpasses
traditional use cases in cloud computing and makes SGX technology usable for
protecting user-centric, local applications against kernel-level keyloggers and
likewise. It is compatible to unmodified operating systems and works on a
modern commodity notebook out of the box. Hence, SGXIO is particularly
promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1
Blindfold: Keeping Private Keys in PKIs and CDNs out of Sight
Public key infrastructure (PKI) is a certificate-based technology that helps
in authenticating systems identities. HTTPS/TLS relies mainly on PKI to
minimize fraud over the Internet. Nowadays, websites utilize CDNs to improve
user experience, performance, and resilience against cyber attacks. However,
combining HTTPS/TLS with CDNs has raised new security challenges. In any PKI
system, keeping private keys private is of utmost importance. However, it has
become the norm for CDN-powered websites to violate that fundamental
assumption. Several solutions have been proposed to make HTTPS CDN-friendly.
However, protection of private keys from the very instance of generation; and
how they can be made secure against exposure by malicious (CDN) administrators
and malware remain unexplored. We utilize trusted execution environments to
protect private keys by never exposing them to human operators or untrusted
software. We design Blindfold to protect private keys in HTTPS/TLS
infrastructures, including CAs, website on-premise servers, and CDNs. We
implemented a prototype to assess Blindfold's performance and performed several
experiments on both the micro and macro levels. We found that Blindfold
slightly outperforms SoftHSM in key generation by 1% while lagging by 0.01% for
certificate issuance operations
A Trusted and Privacy-Enhanced In-Memory Data Store
The recent advent of hardware-based trusted execution environments provides isolated
execution, protected from untrusted operating systems, allowing for the establishment
of hardware-shielded trust computing base components. As the processor provides such
a “shielded” trusted execution environment (TEE), their use will allow users to run appli cations securely, for example on the remote cloud servers, whose operating systems and
hardware are exposed to potentially malicious remote attackers, non-controlled system
administrators and staff from the cloud providers. On the other hand, Linux containers
managed by Docker or Kubernetes are interesting solutions to provide lower resource
footprints, faster and flexible startup times, and higher I/O performance, compared with
virtual machines (VM) enabled by hypervisors. However, these solutions suffer from soft ware kernel mechanisms, easier to be compromised in confidentiality and integrity as sumptions of supported application data. In this dissertation we designed, implemented
and evaluated a Trusted and Privacy-Enhanced In-Memory Data Store, making use of a
hardware-shielded containerised OS-library to support its trust-ability assumptions. To
support large datasets, requiring data to be mapped outside those hardware-enabled con tainers, our solution uses partial homomorphic encryption, allowing trusted operations
executed in the protected execution environment to manage in-memory always-encrypted
data, that can be or not mapped inside the TEE.Os recentes avanços de ambientes de execução confiáveis baseados em hardware fornecem execução isolada, protegida contra sistemas operativos não confiáveis, permitindo o
estabelecimento de componentes base de computação de confiança protegidos por hardware. Como o processador fornece esses ambientes de execução confiável e "protegida"
(TEE), o seu uso permitirá que os utilizadores executem aplicações com segurança, por
exemplo em servidores cloud remotos, cujos sistemas operativos e hardware estão expostos a atacantes potencialmente maliciosos assim como administradores de sistema não
controlados e membros empregados dos sistemas de cloud. Por outro lado, os containers
Linux geridos por sistemas Docker ou Kubernetes são soluções interessantes para poupar
recursos físicos, obter tempos de inicialização mais rápidos e flexíveis e maior desempenho de I/O (interfaces de entrada e saída), em comparação com as tradicionais máquinas
virtuais (VM) activadas pelos hipervisores. No entanto, essas soluções sofrem com software e mecanismos de kernel mais fáceis de comprometerem os dados das aplicações na
sua integridade e privacidade.
Nesta dissertação projectamos, implementamos e avaliamos um Sistema de Armazenamento de Dados em Memória Confiável e Focado na Privacidade, utilizando uma
biblioteca conteinerizada e protegida por hardware para suportar as suas suposições de
capacidade de confiança. Para oferecer suporte para grandes conjuntos de dados, exigindo assim que os dados sejam mapeados fora dos containers seguros pelo hardware,
a solução utiliza encriptação homomórfica parcial, permitindo que operações executadas no ambiente de execução protegido façam gestão de dados na memória que estão
permanentemente cifrados, estando eles mapeados dentro ou fora dos containers seguros
Verbesserung von Cloud Sicherheit mithilfe von vertrauenswürdiger Ausführung
The increasing popularity of cloud computing also leads to a growing demand for security guarantees in cloud settings. Cloud customers want to be able to execute sensitive data processing in clouds only if a certain level of security can be guaranteed to them despite the unlimited power of the cloud provider over her infrastructure. However, security models for cloud computing mostly require the customers to trust the provider, its infrastructure and software stack completely. While this may be viable to some, it is by far not to all customers, and in turn reduces the speed of cloud adoption. In this thesis, the applicability of trusted execution technology to increase security in a cloud scenario is elaborated, as these technologies are recently becoming widespread available even in commodity hardware. However, applications should not naively be ported completely for usage of trusted execution technology as this would affect the resulting performance and security negatively. Instead they should be carefully crafted with specific characteristics of the used trusted execution technology in mind. Therefore, this thesis first comprises the discussion of various security goals of cloud-based applications and an overview of cloud security. Furthermore, it is investigated how the ARM TrustZone technology can be used to increase security of a cloud platform for generic applications. Next, securing standalone applications using trusted execution is described at the example of Intel SGX, focussing on relevant metrics that influence security as well as performance of such an application. Also based on Intel SGX, in this thesis a design of a trusted serverless cloud platform is proposed, reflecting the latest evolution of cloud-based applications.Die steigende Popularität von Cloud Computing führt zu immer mehr Nachfrage und auch strengeren Anforderungen an die Sicherheit in der Cloud. Nur wenn trotz der technischen Möglichkeiten eines Cloud Anbieters über seine eigene Infrastruktur ein entsprechendes Maß an Sicherheit garantiert werden kann, können Cloud Kunden sensible Daten einer Cloud Umgebung anvertrauen und diese dort verarbeiten. Das vorherrschende Paradigma bezüglich Sicherheit erfordert aktuell jedoch zumeist, dass der Kunde dem Cloud Provider, dessen Infrastruktur sowie den damit verbundenen Softwarekomponenten komplett vertraut. Während diese Vorgehensweise für manche Anwendungsfälle einen gangbaren Weg darstellen mag, ist dies bei Weitem nicht für alle Cloud Kunden eine Option, was nicht zuletzt auch die Annahme von Cloud Angeboten durch potentielle Kunden verlangsamt. In dieser Dissertation wird nun die Anwendbarkeit verschiedener Technologien für vertrauenswürdige Ausführung zur Verbesserung der Sicherheit in der Cloud untersucht, da solche Technologien in letzter Zeit auch in preiswerteren Hardwarekomponenten immer verbreiteter und verfügbarer werden. Es ist jedoch keine triviale Aufgabe existierende Anwendungen zur portieren, sodass diese von solch gearteten Technologien profitieren können, insbesondere wenn neben Sicherheit auch Effizienz und Performanz der Anwendung berücksichtigt werden soll. Stattdessen müssen Anwendungen sorgfältig unter verschiedenen spezifischen Gesichtspunkten der jeweiligen Technologie umgestaltet werden. Aus diesem Grund umfasst diese Dissertation zunächst eine Diskussion verschiedener Sicherheitsziele für Cloud-basierte Anwendungen und eine Übersicht über die Thematik "Cloud Sicherheit". Zunächst wird dann das Potential der ARM TrustZone Technologie zur Absicherung einer Cloud Plattform für generische Anwendungen untersucht. Anschließend wird beschrieben wie eigenständige und bestehende Anwendungen mittels vertrauenswürdiger Ausführung am Beispiel Intel SGX abgesichert werden können. Dabei wurde der Fokus auf relevante Metriken gesetzt, die die Sicherheit und Performanz einer solchen Anwendung beeinflussen. Zuletzt wird, ebenfalls basierend auf Intel SGX, eine vertrauenswürdige "Serverless" Cloud Plattform vorgestellt und damit auf aktuelle Trends für Cloud Plattformen eingegangen
- …