Maru: Hardware-Assisted Secure Cloud Computing

Size: px

Start display at page:

Download "Maru: Hardware-Assisted Secure Cloud Computing"

Cornelius Horn
5 years ago
Views:

Maru: Hardware-Assisted Secure Coud Computing Peter Pietzuch prp@imperia.ac.

1 Maru: Hardware-Assisted Secure Coud Computing Peter Pietzuch Large-Scae Distributed Systems Group Department of Computing, Imperia Coege London Peter R. Pietzuch ATI February 2017

2 Trust Issues: Provider Perspective Coud provider does not trust users Redis Use virtua machines to isoate users from each other and the host VMs ony provide one way protection OS VMM Firmware Coud patform Staff trusted 2

3 Trust Issues: User Perspective Users trust their appications Redis Users must impicity trust coud provider Existing appications impicity assume trusted operating system OS VMM Firmware Coud patform Staff untrusted 3

4 Trusted Execution with Inte SGX Encave Users create HW-enforced trusted environment OS Supports unprivieged user code Firmware Coud patform untrusted VMM Protects against strong attacker mode Staff Remote attestation Avaiabe on commodity CPUs 4

5 Inte SGX: Hardware-Assisted Security New encave processor mode 18 new instructions to manage encave ife cyce Encave memory ony accessibe from encave Certain instructions disaowed, e.g., sysca No system cas Performance overhead untrusted EENTER trusted Execute Return privieged access from OS, VMM forbidden 5

6 SGX: System Ca Overhead (pwrite) gibc (32 B) System cas (1000s/s) SGX SDK (32 B) gibc (64 KB) SGX SDK (64 KB) Threads System cas outside of encave are expensive

7 SGX: Memory Access Overhead Normaized run time Reads (random) Reads (sequentia) Writes (random) Writes (sequentia) L3 size Writes (sequentia) avaiabe EPC size Writes (random) 1 Reads (sequentia) Reads (random) Aocated memory size (MiB) Large amount of encave memory eads to poor performance

8 SGX Research Chaenges Untrusted component Attack surface Performance overhead Secure encave Sensitive code and data TCB size 8

9 Systems Support for SGX? Appication Appication Libraries Libraries C Library (ibc) C Library (ibc) Operating System Operating System Hardware Hardware I. Compete unmodified appications in encaves (Systems support?) 1. II. Priviege Separation (Minima TCB?) 9

10 1. SCONE: Secure CONtainer Environment Host operating system (Linux) Container trusted Encave Appication Code Appication-specific ibraries Network shied Fie system shied M:N Threading SGX-aware C ibrary Asynchronous system ca interface 1. Good performance/security trade-off Sma TCB ( of native size) Low overhead ( of native throughput) 2. Efficient system ca support M:N user-eve threading Asynchronous sysca execution System ca requests sca6 sca5 sca4 ock-free queues SCONE kerne modue resp1 resp2 resp3 System ca responses Inte SGX driver 3. Transparent interface shieding Encryption of fie descriptors TLS support for network sockets Encrypted data stored outside encave

Automated source-tosource code transform Coect information to

Impement partitioning using Inte SGX SDK Origina source code

binary Graph Partitioning /path/to/fie1 function1

function4 /path/to/fie5 function5 /path/to/fie5 function5

11 2. Gamdring: Appication Partitioning 1. Static / Dynamic Anaysis 2. Graph partitioning 3. Automated source-tosource code transform Coect information to obtain vaid partitioning Find partitioning of appication Impement partitioning using Inte SGX SDK Origina source code Modified binary (initia tainting) Trace Coection Instrumented binary Graph Partitioning /path/to/fie1 function1 /path/to/fie2 function2 /path/to/fie3 function3 /path/to/fie4 function4 /path/to/fie5 function5 /path/to/fie5 function5 /path/to/fie6 function6 /path/to/fie7 function7 /path/to/fie8 function8 Code Generation Untrusted app code Sensitive app code 11

12 3. LibSEAL: Secure Auditing Library LibSEAL: Secure TLS Auditing Library Provide accountabiity to TLS-enabed appication Hep ink integrity vioations to origin Workfow: 1.

12 12 3. LibSEAL: Secure Auditing Library LibSEAL: Secure TLS Auditing Library Provide accountabiity to TLS-enabed appication Hep ink integrity vioations to origin Workfow: 1. Securey og communication between cient and service 2. Audit against appication-specific invariants SSLenabed Appication ibsea (terminates SSL) og Encave (trusted) Coud infrastructure (untrusted) Use cases: Cient Dropbox: Have fies been ost? Cient Cient Git: Is the the server hiding commits? Owncoud: Were there iegitimate modifications to content or ayout?

13 Maru: Security Threats in Data Science Externa attacker VM OS Other VM Maicious insider Data science job Maicious tenant Hypervisor Hardware 13

14 Maru Research Directions 1. Security mode for shieded data science jobs How to harden shieded jobs? How to dea with vunerabiities, bugs? What about externa dependencies/ibraries? 2. Integration of anguage runtimes with secure encaves How to integrate SGX support for the JVM? What is the right programming mode for SGX encaves? 3. Unikerne support for secure encaves How to support existing egacy binaries? How to buid type-safe minima secure encaves for data science jobs? 4. Prototype patform impementation and evauation Integration with Apache Fink or other datafow frameworks 5. Datafow attacks and mitigations strategies What attacks are possibe by observing encrypted datafows? Can we appy techniques for unobservabe communication? 14

SCONE: Secure Linux Container Environments with Intel SGX

SCONE: Secure Linux Container Environments with Intel SGX S. Arnautov, B. Trach, F. Gregor, Thomas Knauth, and A. Martin, Technische Universität Dresden; C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe,