Ardhi Putra Pratama Hartono, Andrey Brito, Christof Fetzer
{"title":"CRISP:为机密云原生计算提供机密性、回滚和完整性存储保护","authors":"Ardhi Putra Pratama Hartono, Andrey Brito, Christof Fetzer","doi":"arxiv-2408.06822","DOIUrl":null,"url":null,"abstract":"Trusted execution environments (TEEs) protect the integrity and\nconfidentiality of running code and its associated data. Nevertheless, TEEs'\nintegrity protection does not extend to the state saved on disk. Furthermore,\nmodern cloud-native applications heavily rely on orchestration (e.g., through\nsystems such as Kubernetes) and, thus, have their services frequently\nrestarted. During restarts, attackers can revert the state of confidential\nservices to a previous version that may aid their malicious intent. This paper\npresents CRISP, a rollback protection mechanism that uses an existing runtime\nfor Intel SGX and transparently prevents rollback. Our approach can constrain\nthe attack window to a fixed and short period or give developers the tools to\navoid the vulnerability window altogether. Finally, experiments show that\napplying CRISP in a critical stateful cloud-native application may incur a\nresource increase but only a minor performance penalty.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"170 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing\",\"authors\":\"Ardhi Putra Pratama Hartono, Andrey Brito, Christof Fetzer\",\"doi\":\"arxiv-2408.06822\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Trusted execution environments (TEEs) protect the integrity and\\nconfidentiality of running code and its associated data. Nevertheless, TEEs'\\nintegrity protection does not extend to the state saved on disk. Furthermore,\\nmodern cloud-native applications heavily rely on orchestration (e.g., through\\nsystems such as Kubernetes) and, thus, have their services frequently\\nrestarted. During restarts, attackers can revert the state of confidential\\nservices to a previous version that may aid their malicious intent. This paper\\npresents CRISP, a rollback protection mechanism that uses an existing runtime\\nfor Intel SGX and transparently prevents rollback. Our approach can constrain\\nthe attack window to a fixed and short period or give developers the tools to\\navoid the vulnerability window altogether. Finally, experiments show that\\napplying CRISP in a critical stateful cloud-native application may incur a\\nresource increase but only a minor performance penalty.\",\"PeriodicalId\":501333,\"journal\":{\"name\":\"arXiv - CS - Operating Systems\",\"volume\":\"170 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-08-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Operating Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2408.06822\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2408.06822","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing
Trusted execution environments (TEEs) protect the integrity and
confidentiality of running code and its associated data. Nevertheless, TEEs'
integrity protection does not extend to the state saved on disk. Furthermore,
modern cloud-native applications heavily rely on orchestration (e.g., through
systems such as Kubernetes) and, thus, have their services frequently
restarted. During restarts, attackers can revert the state of confidential
services to a previous version that may aid their malicious intent. This paper
presents CRISP, a rollback protection mechanism that uses an existing runtime
for Intel SGX and transparently prevents rollback. Our approach can constrain
the attack window to a fixed and short period or give developers the tools to
avoid the vulnerability window altogether. Finally, experiments show that
applying CRISP in a critical stateful cloud-native application may incur a
resource increase but only a minor performance penalty.