Cooperation and security isolation of library OSes for multi-process applications

Tsai, Chia-Che; Arora, Kumar Saurabh; Bandi, Nehal; Jain, Bhushan; Jannen, William; John, Jitin; Kalodner, Harry A.; Kulkarni, Vrushali; Oliveira, Daniela; Porter, Donald E.

doi:10.1145/2592798.2592812

Cited by 88 publications

(55 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SGX-based Systems. Haven [56], Graphene [57,58] and Panoply [59] provide LibOS for SGX, which enable easier application porting and prevent Iago attacks [60]. OpenSGX [61] provides an open research framework for running SGX applications.…”

Section: Related Workmentioning

confidence: 99%

OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX

Ahmad¹,

Joe²,

Xiao³

et al. 2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Program obfuscation is a popular cryptographic construct with a wide range of uses such as IP theft prevention. Although cryptographic solutions for program obfuscation impose impractically high overheads, a recent breakthrough leveraging trusted hardware has shown promise. However, the existing solution is based on special-purpose trusted hardware, restricting its use-cases to a limited few. In this paper, we first study if such obfuscation is feasible based on commodity trusted hardware, Intel SGX, and we observe that certain important security considerations are not afforded by commodity hardware. In particular, we found that existing obfuscation/obliviousness schemes are insecure if directly applied to Intel SGX primarily due to side-channel limitations. To this end, we present OBFUSCURO, the first system providing program obfuscation using commodity trusted hardware, Intel SGX. The key idea is to leverage ORAM operations to perform secure code execution and data access. Initially, OBFUSCURO transforms the regular program layout into a side-channelsecure and ORAM-compatible layout. Then, OBFUSCURO ensures that its ORAM controller performs data oblivious accesses in order to protect itself from all memory-based side-channels. Furthermore, OBFUSCURO ensures that the program is secure from timing attacks by ensuring that the program always runs for a pre-configured time interval. Along the way, OBFUSCURO also introduces a systematic optimization such as register-based ORAM stash. We provide a thorough security analysis of OBFUSCURO along with empirical attack evaluations showing that OBFUSCURO can protect the SGX program execution from being leaked by access pattern-based and timing-based channels. We also provide a detailed performance benchmark results in order to show the practical aspects of OBFUSCURO.

show abstract

Section: Related Workmentioning

confidence: 99%

OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX

Ahmad¹,

Joe²,

Xiao³

et al. 2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Typically, library OSes implement their own APIs [7,64]. Some approaches [34,85] support POSIX but still run on top of a monolithic OS with a large TCB. LibrettOS provides full POSIX and BSD compatibility (except fork(2) and pipe(2) as discussed in Section 4.2), while avoiding a large TCB in the underlying kernel.…”

Section: Posix and Compatibilitymentioning

confidence: 99%

“…Nemesis [72] implemented a library OS with an extremely lightweight kernel. Drawbridge [66], Graphene [85], and Graphene-SGX [86] are more recent works that leverage the security bene ts of library OSes due to the increased isolation resulting from the lesser degree of interaction between applications and the privileged layer. Bascule [6] demonstrated OS-independent extensions for library OSes.…”

Section: Related Workmentioning

confidence: 99%

LibrettOS

Nikolaev

Sung

Ravindran

2020

Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

View full text Add to dashboard Cite

network components fail or need to be upgraded. Finally, to e ciently use hardware resources, applications can dynamically switch between the indirect and direct modes based on their I/O load at run-time. We evaluate LibrettOS with 10GbE and NVMe using Nginx, NFS, memcached, Redis, and other applications. LibrettOS's performance typically exceeds that of NetBSD, especially when using direct access.

show abstract

“…A number of works study how to load unmodified applications into enclaves [3,6,33,53]. These approaches work well for applications that process small data sizes, but do not scale well to larger workloads due to SGX limitations.…”

Section: Related Workmentioning

confidence: 99%

StealthDB: a Scalable Encrypted Database with Full SQL Query Support

Vinayagamurthy

Gribov²,

Gorbunov

2019

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either specialpurpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms (e.g., public-key encryptions, garbled circuits) usually result in high performance overheads, while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around the architectural limitations of the specific devices used. In this work we build StealthDB -an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large transactional workloads, requires minor DBMS changes, and provides a relatively strong security guarantees at steady state and during query execution. Our prototype on top of Postgres supports the full TPC-C benchmark with a 30% decrease in the average throughput over an unmodified version of Postgres operating on a 2GB unencrypted dataset.

show abstract

Cooperation and security isolation of library OSes for multi-process applications

Cited by 88 publications

References 37 publications

OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX

OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX

LibrettOS

StealthDB: a Scalable Encrypted Database with Full SQL Query Support

Contact Info

Product

Resources

About