Panoply: Low-TCB Linux Applications with SGX Enclaves
Autor: | Shruti Tople, Prateek Saxena, Dat Le Tien, Shweta Shinde |
---|---|
Rok vydání: | 2017 |
Předmět: |
021110 strategic
defence & security studies Property (programming) Computer science business.industry 0211 other engineering and technologies 020206 networking & telecommunications Hypervisor 02 engineering and technology computer.software_genre Software POSIX 0202 electrical engineering electronic engineering information engineering Code (cryptography) Operating system Abstraction Web service business computer Block (data storage) |
Zdroj: | NDSS |
DOI: | 10.14722/ndss.2017.23500 |
Popis: | Intel SGX, a new security capability in emerging CPUs, allows user-level application code to execute in hardware isolated enclaves. Enclave memory is isolated from all other software on the system, even from the privileged OS or hypervisor. While being a promising hardware-rooted building block, enclaves have severely limited capabilities, such as no native access to system calls and standard OS abstractions. These OS abstractions are used ubiquitously in real-world applications. In this paper, we present a new system called PANOPLY which bridges the gap between the SGX-native abstractions and the standard OS abstractions which feature-rich, commodity Linux applications require. PANOPLY provides a new abstraction called a micro-container (or a “micron”), which is a unit of code and data isolated in SGX enclaves. Microns expose the standard POSIX abstractions to application logic, including access to filesystems, network, multi-threading, multi-processing and thread synchronization primitives. Further, PANOPLY enforces a strong integrity property for the inter-enclave interactions, ensuring that the execution of the application follows the legitimate control and data-flow even if the OS misbehaves. Thus, commodity Linux applications can enhance security by splitting their application logic in one or more microns, or by importing micron-libraries, with little effort. In contrast to previous systems that enable comparable richness, PANOPLY offers two orders of magnitude lower TCB (about 20 KLOC in total), more than half of which is boiler-plate and can be automatically verified in the future. We demonstrate how PANOPLY enables much stronger security in 4 real-world applications — including Tor, OpenSSL, and web services — which can base security on hardware-root of trust. |
Databáze: | OpenAIRE |
Externí odkaz: |