Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI 2014. Fall 2014 Presenter: Kun Sun, Ph.D. Most slides.

Published byMargaretMargaret Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI 2014. Fall 2014 Presenter: Kun Sun, Ph.D. Most slides."— Presentation transcript:

1 Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI 2014. Fall 2014 Presenter: Kun Sun, Ph.D. Most slides are borrowed from https://www.usenix.org/sites/default/files/conference/protected- files/osdi14_slides_baumann.pdf https://www.usenix.org/sites/default/files/conference/protected- files/osdi14_slides_baumann.pdf

2 Outline  Problem: can we trust the Cloud?  Existing solutions  New hardware solution  Intel SGX  Future work

3 In the old days…

4

5

6 The Goal of Haven  Secure, private execution of unmodified applications (bugs and all) in an untrusted cloud on commodity hardware (Intel SGX)

7 Can we trust the Cloud?  Huge trusted computing base  Privileged software  Hypervisor, firmware,...  Management stack  Staff (physical access)  Sysadmins, cleaners, security  Law enforcement (e.g., Snowdon)  Security soncerns limits cloud adoption  Hierarchical security model  Observe or modify any data  Even if encrypted on disk / net

8 Current Approaches  Hardware Security Modules  Trusted Hypervisor  Remote Attestation

9 Hardware Security Modules  Dedicated crypto hardware  Tamper-proof  Expensive  Limited set of APIs  Key storage  Crypto operations  Unprotected transient data  Protects the “crown jewels”, not general-purpose

10 Trusted Hypervisor  Use a small, secure, hypervisor  Ensures basic security, such as strong isolation  Problem #1: system administrators  Problem #2: physical attacks (e.g. memory snooping)  Problem #3: tampering with hypervisor

11 Remote Attestation  Trusted hardware: TPM chip  Specific software has been loaded  Basic idea:  Signed measurement (hash) of privileged software  Remote user checks measurement  Incorrect attestation → compromised software  Problem: what is the expected measurement?  Cloud provider applies patches and updates  Must trust provider for current hash value

12 What do we really want?

13 Shielded Execution  Protection of specific program from rest of system  cf. protection, process isolation, sandboxing, etc.  New term (older concept)  Program unmodified, naïve to threats  Confidentiality and integrity of:  The program  Its intermediate state, control flow, etc. → Input and output may be encrypted  Host may deny service, cannot alter behavior

14 Threat Model  We assume a malicious cloud provider  Convenient proxy for real threats  All the provider’s software is malicious  Hypervisor, firmware, management stack, etc.  All hardware except the CPU is untrusted  DMA attacks, DRAM snooping, cold boot  We do not prevent:  Denial-of-service (don’t pay to cloud!)  Side-channel attacks

15 Intel SGX  Software Guard Extension (SGX)  Hardware isolation for an enclave  New instructions to establish, protect  Call gate to enter  Remote attestation  Processor manufacturer is the root of the trust

16 SGX at Hardware Level

17

18 SGX vs. Haven  SGX was designed to enable new trustworthy applications to protect specific secrets by placing portions of their code and data inside enclaves  Self-contained code sequence  V2.0 supports dynamic memory allocation  Haven aims to shield entire unmodified legacy applications written without any knowledge of SGX  Challenge 1: execute legacy binary code  Challenge 2: interaction with untrusted OS and hardware  Iago attack

19 Unmodified Binary  SGX only supports a subset of application logic  Challenging properties in Enclave  load code and data at runtime  dynamically allocate and change protection on virtual memory  execute arbitrary user-mode instructions  raise and handle  Solution:  emulating unsupported instructions,  carefully validating and handling exception

20 Iago Attack

21 Iago Attacks  A malicious OS attempts to subvert an isolated application that assumes correct OS behavior  malloc() returns pointer to user’s stack  Scheduler allows two threads to race in a mutex  System has 379,283 cores and -42MB of RAM  read() fails with EROFS  …  Our approach:  Reduce the interface (attack surface) by including a simplified OS into trusted computing base  Carefully checking the remaining interface with the untrusted host, e.g., validation of untrusted input

22 Haven

23 Shield Module  Memory allocator, region manager  64GB virtual address space  Host commits/protects specific pages  No address allocation  Private file system  Encrypted, integrity-protected VHD  Scheduler  Don’t trust host to schedule threads  Exception handler  Emulation of some instructions  Sanity-check of untrusted inputs  Anything wrong → panic!  23 KLoC (half in file system)

24 Untrusted Interface  Host/guest mutual distrust  Policy/mechanism with a twist  Virtual resource policy in guest  Virtual address allocation, threads  Physical resource policy in host  Physical pages, VCPUs  ~20 calls, restricted semantics

25 Untrusted Runtime  Primarily bootstrap and glue code,  It is not trusted by either enclave or host kernel.  Main tasks are  creating the enclave,  loading the shield,  and forwarding calls between the enclave and host OS. Open question: Any potential attacks?

26 SGX Limitations 1. Dynamic memory allocation and protection  New instructions needed 2. Exception handling  SGX doesn’t report page faults or GPFs to the enclave 3. Permitted instructions  RDTSC/RDTSCP needed, for practicality and performance 4. Thread-local storage  Can’t reliably switch FS and GS

27 SGX Limitations 1. Dynamic memory allocation and protection  New instructions needed 2. Exception handling  SGX doesn’t report page faults or GPFs to the enclave 3. Permitted instructions  RDTSC/RDTSCP needed, for practicality and performance 4. Thread-local storage  Can’t reliably switch FS and GS

28 Performance Evaluation  Implemented and tested using SGX emulator  Thanks, Intel!  Problem: no SGX implementation yet  Solution: measure Haven’s sensitivity to key SGX performance parameters 1. TLB flush on Enclave crossings 2. Variable spin-delay for critical SGX instructions  Enclave crossings  Dynamic memory allocation, protection 3. Penalty for access to encrypted memory  Slow overall system DRAM clock

29 Performance Summary  Depends on model parameters, details in paper  35% (Apache) – 65% (SQL Server) slowdown vs. VM  Assumes 10k+ cycles SGX instructions, 30% slower RAM  … and you don’t have to trust the cloud!

30 TCB  TCB is large; however, all the code is under the client’s control, instead of cloud

31 What’s next?  Rollback of persistent storage  Requires more hardware or communication  Untrusted time  Network time sync, RDTSC  Cloud management  Suspend / resume / migrate applications  Encrypted VLANs

32 Conclusions  Closer to a true “utility computing” model  Utility provides raw resources  Doesn’t care what you do with them  Why trust the cloud when you don’t have to?

33  Questions?

Download ppt "Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI 2014. Fall 2014 Presenter: Kun Sun, Ph.D. Most slides."

Similar presentations

Ian Pratt SVP, Products Bromium Inc.

Ian Pratt SVP, Products Bromium Inc.
Virtualization Technology

Virtualization Technology
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Implementing an Untrusted Operating System on Trusted Hardware.

Implementing an Untrusted Operating System on Trusted Hardware.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
InkTag: Secure Applications on an Untrusted Operating system

InkTag: Secure Applications on an Untrusted Operating system
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Yuanzhong Xu, Weidong Cui, Marcus Peinado

Yuanzhong Xu, Weidong Cui, Marcus Peinado
Xen and the Art of Virtualization A paper from the University of Cambridge, presented by Charlie Schluting For CS533 at Portland State University.

Xen and the Art of Virtualization A paper from the University of Cambridge, presented by Charlie Schluting For CS533 at Portland State University.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.

1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
TrustVisor: Efficient TCB Reduction and Attestation Jonathan M

TrustVisor: Efficient TCB Reduction and Attestation Jonathan M
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?

Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.

Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

Similar presentations

Ads by Google