Securing Interruptible Enclaved Execution on Small Microprocessors

IF 1.5 2区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING ACM Transactions on Programming Languages and Systems Pub Date : 2021-09-30 DOI:10.1145/3470534

Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, P. Degano, J. Mühlberg, F. Piessens

{"title":"Securing Interruptible Enclaved Execution on Small Microprocessors","authors":"Matteo Busi, Job Noorman, Jo Van Bulck, Letterio Galletta, P. Degano, J. Mühlberg, F. Piessens","doi":"10.1145/3470534","DOIUrl":null,"url":null,"abstract":"Computer systems often provide hardware support for isolation mechanisms such as privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken, the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features brings a risk of introducing new software-based side-channel attacks.\n \n This article studies the problem of extending a processor with new features\n without\n weakening the security of the isolation mechanisms that the processor offers. Our solution is heavily based on techniques from research on programming languages. More specifically, we propose to use the programming language concept of full abstraction as a general formal criterion for the security of a processor extension. We instantiate the proposed criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility. This is a very relevant instantiation, as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor and evaluate the cost of our design in terms of performance and hardware size.\n","PeriodicalId":50939,"journal":{"name":"ACM Transactions on Programming Languages and Systems","volume":"20 1","pages":"12:1-12:77"},"PeriodicalIF":1.5000,"publicationDate":"2021-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Programming Languages and Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3470534","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 3

Abstract

Computer systems often provide hardware support for isolation mechanisms such as privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken, the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features brings a risk of introducing new software-based side-channel attacks. This article studies the problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers. Our solution is heavily based on techniques from research on programming languages. More specifically, we propose to use the programming language concept of full abstraction as a general formal criterion for the security of a processor extension. We instantiate the proposed criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility. This is a very relevant instantiation, as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor and evaluate the cost of our design in terms of performance and hardware size.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

在小型微处理器上保护可中断的封闭执行

计算机系统通常为隔离机制(如特权级别、虚拟内存或封闭执行)提供硬件支持。在过去的几年中，已经开发出了几种成功的基于软件的侧信道攻击，它们破坏或至少显著削弱了这些机制提供的隔离。用新的体系结构或微体系结构特性扩展处理器会带来引入新的基于软件的侧信道攻击的风险。本文研究了在不削弱处理器提供的隔离机制的安全性的情况下，用新特性扩展处理器的问题。我们的解决方案很大程度上基于编程语言研究的技术。更具体地说，我们建议使用完全抽象的编程语言概念作为处理器扩展安全性的一般形式标准。我们将提出的准则实例化到一个扩展微处理器的具体案例中，该微处理器支持具有安全可中断性的封装执行。这是一个非常相关的实例，因为最近的几篇论文表明，enclave的可中断性会导致各种基于软件的侧信道攻击。我们提出了一种可中断飞地的设计方案，并证明了它满足我们的安全标准。我们还在支持开源enclave的微处理器上实现了该设计，并根据性能和硬件尺寸评估了我们设计的成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ACM Transactions on Programming Languages and Systems 工程技术-计算机：软件工程

CiteScore

3.10

自引率

7.70%

发文量

审稿时长

>12 weeks

期刊介绍： ACM Transactions on Programming Languages and Systems (TOPLAS) is the premier journal for reporting recent research advances in the areas of programming languages, and systems to assist the task of programming. Papers can be either theoretical or experimental in style, but in either case, they must contain innovative and novel content that advances the state of the art of programming languages and systems. We also invite strictly experimental papers that compare existing approaches, as well as tutorial and survey papers. The scope of TOPLAS includes, but is not limited to, the following subjects: language design for sequential and parallel programming programming language implementation programming language semantics compilers and interpreters runtime systems for program execution storage allocation and garbage collection languages and methods for writing program specifications languages and methods for secure and reliable programs testing and verification of programs