SGX-LKL: Securing the Host OS Interface for Trusted Execution

Priebe, Christian; Muthukumaran, Divya; Lind, Joshua; Zhu, Huanzhou; Cui, Shujie; Sartakov, Vasily A.; Pietzuch, Peter

doi:10.48550/arxiv.1908.11143

Cited by 15 publications

(27 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Enclaves are part of processes and cannot be accessed by privileged software or other enclaves. Frameworks such as Graphene-SGX [19], SGX-LKL [46], Panoply [56], and the Spons and Shield Framework [53] deploy programs inside enclaves together with a library OS. This design decreases the possible impact of the untrusted kernel on enclaved software.…”

Section: Related Workmentioning

confidence: 99%

CAP-VMs: Capability-Based Isolation and Sharing for Microservices

Sartakov¹,

Vilanova²,

Eyers³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Cloud stacks must isolate microservices, while permitting efficient data sharing between isolated services deployed on the same physical host. Traditionally, the MMU enforces isolation and permits sharing at a page granularity. MMU approaches, however, lead to cloud stacks with large TCBs in kernel space, and the page granularity requires inefficient OS interfaces for data sharing. Forthcoming CPUs with hardware support for memory capabilities offer new opportunities to implement isolation and sharing at a finer granularity.We describe cVMs, a new VM-like abstraction that uses memory capabilities to isolate application components while supporting efficient data sharing, all without mandating application code to be capability-aware. cVMs share a single virtual address space safely, each having only capabilities to access its own memory. A cVM may include a library OS, minimizing its dependency on the cloud environment. cVMs efficiently exchange data through two capability-based primitives assisted by a small trusted monitor: (i) an asynchronous read/write interface to buffers shared between cVMs; and (ii) a call interface to transfer control between cVMs. Using these two primitives, we build more expressive mechanisms for efficient cross-cVM communication. Our prototype implementation using CHERI RISC-V capabilities shows that cVMs isolate microservices (Redis and Python) with low overhead while improving data sharing.

show abstract

Section: Related Workmentioning

confidence: 99%

CAP-VMs: Capability-Based Isolation and Sharing for Microservices

Sartakov¹,

Vilanova²,

Eyers³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are two different approaches to provide system call services to enclave execution: system call emulation and system call delegation. First, the system call emulation approach imports the entire library OS [73,75,90] and C standard libraries [9] inside an enclave [30,32,68,74,82,91]. With the intra-enclave libOS, porting efforts for existing applications to SGX is minimized.…”

Section: Os Interactions With Bi-enclavementioning

confidence: 99%

Stockade: Hardware Hardening for Distributed Trusted Sandboxes

Park¹,

Kang²,

Lee³

et al. 2021

Preprint

View full text Add to dashboard Cite

Recent studies showed that a cloud application consists of multiple distributed modules provided by mutually distrustful parties. For trusted services, such applications can use trusted execution environments (TEEs) communicating through software-encrypted memory channels. Such an emerging TEE execution model requires a new type of bi-directional protection: protecting the rest of the system from the enclave module with sandboxing and protecting the enclave module from third-party modules and the operating system. However, the current TEE model cannot efficiently represent such distributed sandbox applications. To overcome the lack of hardware supports, this paper proposes an extended TEE model called STOCKADE, which supports distributed sandboxes hardened by hardware. STOCKADE proposes new three key techniques. First, it extends the hardware-based memory isolation in SGX to confine a user software module only within its TEE (enclave). Second, it proposes a trusted monitor enclave that filters and validates systems calls from enclaves. Finally, it allows hardware-protected memory sharing between a pair of enclaves for efficient protected communication without software-based encryption. Using an emulated SGX platform with the proposed extensions, this paper shows that distributed sandbox applications can be effectively supported with small changes of SGX hardware.

show abstract

“…TEEMon is framework-agnostic and can be used with many SGX frameworks such as SCONE [25], Graphene-SGX [70], or SGX-LKL [59].…”

Section: Generalitymentioning

confidence: 99%

“…To run legacy applications with Intel SGX without any source code modification, SGX frameworks such as SCONE [25], SGX-LKL [59], and Graphene-SGX [70] can be utilized. SCONE and SGX-LKL.…”

Section: Sgx Frameworkmentioning

confidence: 99%

See 1 more Smart Citation

TEEMon: A continuous performance monitoring framework for TEEs

Krahn¹,

Dragoti²,

Gregor³

et al. 2020

Preprint

View full text Add to dashboard Cite

Trusted Execution Environments (TEEs), such as Intel Software Guard eXtensions (SGX), are considered as a promising approach to resolve security challenges in clouds. TEEs protect the confidentiality and integrity of application code and data even against privileged attackers with root and physical access by providing an isolated secure memory area, i.e., enclaves. The security guarantees are provided by the CPU, thus even if system software is compromised, the attacker can never access the enclave's content. While this approach ensures strong security guarantees for applications, it also introduces a considerable runtime overhead in part by the limited availability of protected memory (enclave page cache). Currently, only a limited number of performance measurement tools for TEE-based applications exist and none offer performance monitoring and analysis during runtime.This paper presents TEEMon, the first continuous performance monitoring and analysis tool for TEE-based applications. TEEMon provides not only fine-grained performance metrics during runtime, but also assists the analysis of identifying causes of performance bottlenecks, e.g., excessive system calls. Our approach smoothly integrates with existing open-source tools (e.g., Prometheus or Grafana) towards a holistic monitoring solution, particularly optimized for systems deployed through Docker containers or Kubernetes and offers several dedicated metrics and visualizations. Our evaluation shows that TEEMon's overhead ranges from 5% to 17%.

show abstract

SGX-LKL: Securing the Host OS Interface for Trusted Execution

Cited by 15 publications

References 30 publications

CAP-VMs: Capability-Based Isolation and Sharing for Microservices

CAP-VMs: Capability-Based Isolation and Sharing for Microservices

Stockade: Hardware Hardening for Distributed Trusted Sandboxes

TEEMon: A continuous performance monitoring framework for TEEs

Contact Info

Product

Resources

About