Automatic enforcement of expressive security policies using enclaves
Autor: | Stephen Chong, Anitha Gollamudi |
---|---|
Rok vydání: | 2016 |
Předmět: |
Language-based security
Computer science business.industry Internet privacy 020206 networking & telecommunications 020207 software engineering 02 engineering and technology Security policy Computer security computer.software_genre 0202 electrical engineering electronic engineering information engineering Code (cryptography) Information security policy Declassification Enforcement business computer |
Zdroj: | OOPSLA |
Popis: | Hardware-based enclave protection mechanisms, such as Intel's SGX, ARM's TrustZone, and Apple's Secure Enclave, can protect code and data from powerful low-level attackers. In this work, we use enclaves to enforce strong application-specific information security policies. We present IMPE, a novel calculus that captures the essence of SGX-like enclave mechanisms, and show that a security-type system for IMPE can enforce expressive confidentiality policies (including erasure policies and delimited release policies) against powerful low-level attackers, including attackers that can arbitrarily corrupt non-enclave code, and, under some circumstances, corrupt enclave code. We present a translation from an expressive security-typed calculus (that is not aware of enclaves) to IMPE. The translation automatically places code and data into enclaves to enforce the security policies of the source program. |
Databáze: | OpenAIRE |
Externí odkaz: |