apps apps ram ring 0 2 os hypervisor os hypervisor remote
play

! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor - PowerPoint PPT Presentation

Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley


  1. Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

  2. Trusted Execution Environments (TEEs) Other Sensitive Other Other Ring 3 Integrity Confidentiality Apps App ! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected Trusted Memory Untrusted “Enclave” Trustworthy Hardware Keystone: an Open Framework for Architecting Trusted Execution Environments 2

  3. Trusted Execution Environments (TEEs) Other Sensitive Other Other Ring 3 Integrity Confidentiality Apps App ! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Reducing Trusted Computing Base (TCB) Remote Attestation Trusted Protected Memory Untrusted Trustworthy Hardware Keystone: an Open Framework for Architecting Trusted Execution Environments 3

  4. Challenges in Existing TEEs Security SGX TrustZone SEV Functionality Performance Keystone: an Open Framework for Architecting Trusted Execution Environments 4

  5. Challenges in Existing TEEs Security SGX TrustZone Fixed Design Decisions SEV Functionality Performance Keystone: an Open Framework for Architecting Trusted Execution Environments 5

  6. Challenges in Existing TEEs Security Closed-Source Hardware SGX TrustZone Fixed Design Decisions SEV Functionality Performance Keystone: an Open Framework for Architecting Trusted Execution Environments 6

  7. Technical Contributions q Keystone: Customizable RISC-V TEEs Fine-Grained Modular Minimal No µarch Configuration Extensions TCB Modification q Framework q Open-Source Ø Extensive benchmarking Ø Full-stack available Ø Real-world applications Ø Community-driven efforts Ø Multi-platform deployment Ø TEE verification & research Keystone: an Open Framework for Architecting Trusted Execution Environments 7

  8. Keystone Architecture and Trust Model Trusted User Higher Privilege (U-mode) Supervisor C0 C1 C2 C3 (S-mode) Root of Trust ! Machine (M-mode) Optional HW Trusted Hardware Keystone: an Open Framework for Architecting Trusted Execution Environments 8

  9. Keystone Architecture and Trust Model Trusted Enclave Enclave User App App App App App App Higher Privilege (U-mode) Supervisor OS Runtime Runtime (S-mode) Machine Security Monitor (SM) (M-mode) Trusted C C C C 0 1 2 3 Hardware Root of Trust ! Optional HW Keystone: an Open Framework for Architecting Trusted Execution Environments 9

  10. Keystone Architecture and Trust Model Enclave Enclave User App App App App App App (U-mode) Supervisor OS Runtime Runtime (S-mode) Machine Security Monitor (SM) (M-mode) Hardware-Enforced and Software-Defined Isolation Keystone: an Open Framework for Architecting Trusted Execution Environments 10

  11. Enclave App App Memory Isolation via RISC-V PMP App App App OS Runtime Entries Accessibility defined by each entry Security Monitor (SM) PMP0 Accessibility Higher Priority PMP1 Can Can’t PMP2 Undefined … PMP7 SM Enclave 1 Enclave 2 Physical Memory Keystone: an Open Framework for Architecting Trusted Execution Environments 11

  12. Enclave App App Memory Isolation via RISC-V PMP App App App OS Runtime Entries Accessibility defined by each entry Security Monitor (SM) PMP0 Accessibility Higher Priority PMP1 Can Can’t PMP2 Undefined … PMP7 SM Enclave 1 Enclave 2 Physical Memory Keystone: an Open Framework for Architecting Trusted Execution Environments 12

  13. Keystone Architecture and Trust Model Enclave Enclave User App App App App App App (U-mode) Supervisor OS Runtime Runtime (S-mode) Machine Security Monitor (SM) (M-mode) What Does Keystone Runtime Do? Keystone: an Open Framework for Architecting Trusted Execution Environments 13

  14. What does Keystone Runtime Do? User App Enclave App App (U-mode) " $ Supervisor OS Runtime (S-mode) ⚙ % Machine ! Security Monitor (SM) (M-mode) Keystone: an Open Framework for Architecting Trusted Execution Environments 14

  15. What does Keystone Runtime Do? User App Enclave App seL4 App App (U-mode) Interface Interface Supervisor OS Runtime (S-mode) Machine Security Monitor (SM) (M-mode) Keystone: an Open Framework for Architecting Trusted Execution Environments 15

  16. What does Keystone Runtime Do? User App Enclave App seL4 App App (U-mode) paging freemem Supervisor OS (S-mode) I/O syscall libc Machine Security Monitor (SM) (M-mode) Keystone: an Open Framework for Architecting Trusted Execution Environments 16

  17. Memory Management in Keystone ! = untrusted " = page table ⚙ = management Enclave Enclave " App App Enclave App Eapp RT " ⚙ OS " ⚙ Monitor ⚙ OS OS Security Monitor Intel SGX ARM TrustZone Intel SGX Komodo Keystone q Enclave self resource management (e.g., dynamic memory resizing) q Various memory protection mechanisms Keystone: an Open Framework for Architecting Trusted Execution Environments 17

  18. Various Memory Protection Mechanisms Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 18

  19. Various Memory Protection Mechanisms Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Baseline Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 19

  20. Various Memory Protection Mechanisms " Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Cache Partitioning Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 20

  21. Various Memory Protection Mechanisms " " Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption On-Chip Enclave Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 21

  22. Various Memory Protection Mechanisms " " Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Software Encryption Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 22

  23. Various Memory Protection Mechanisms Hardware Cache On-Chip Software Baseline Encryption Partitioning Enclave Encryption Adversary ⚫ ⚫ ⚫ ⚫ ⚫ SW ⚫ ⚫ ⚫ ⚫ Cache SC ⚫ ⚫ ⚫ HW Keystone: an Open Framework for Architecting Trusted Execution Environments 23

  24. Evaluation q Security Analysis Ø Keystone enclave defends various adversary models q Modularity Analysis Ø Keystone supports fine-grained and modular configuration q Trusted Computing Base Analysis Ø Various of real-world applications with a few thousands of LoC q Performance Analysis Ø Security Monitor Overhead Ø Runtime Overhead Ø Cost of Memory Protection Mechanisms Keystone: an Open Framework for Architecting Trusted Execution Environments 24

  25. Evaluation q Security Analysis Ø Keystone enclave defends various adversary models q Modularity Analysis Please check our paper! Ø Keystone supports fine-grained and modular configuration q Trusted Computing Base Analysis Ø Various of real-world applications with less than thousands of LoC q Performance Analysis Ø Security Monitor Overhead Ø Runtime Overhead Ø Cost of Memory Protection Mechanisms Keystone: an Open Framework for Architecting Trusted Execution Environments 25

  26. Runtime Overhead: Memory Management 600 base (other) keyst (other) keyst-dyn (other) base (user) keyst (eapp) keyst-dyn (eapp) Latency (s) 400 200 0 wLderesnet resnext29 LnceptLonv3 resnet50 densenet vgg19 resnet110 squeezenet lenet q Execution overhead q Torch benchmark Ø Min -3.12% (LeNet) Ø Unmodified NN inference Ø Max 7.35% (DenseNet) q Initialization overhead q Dynamic memory resizing Ø Enclave measurement (SHA3) Ø No noticeable overhead Keystone: an Open Framework for Architecting Trusted Execution Environments 26

  27. Cost of Memory Protection Mechanisms O n-chip Execution C ache Partitioning Self P aging Software E ncryption Cache On-Chip Software Baseline Partitioning Enclave Encryption Keystone: an Open Framework for Architecting Trusted Execution Environments 27

  28. Cost of Memory Protection Mechanisms O n-chip Execution C ache Partitioning Self P aging Software E ncryption Keystone: an Open Framework for Architecting Trusted Execution Environments 28

  29. Conclusion q Introduced Keystone, a customizable framework for TEEs q Modular design with fine-grained customizability q Useful for building TEEs for different threat models, functionality, and performance requirements q Keystone is fully open-source under BSD 3-Clause Ø https://keystone-enclave.org Keystone: an Open Framework for Architecting Trusted Execution Environments 29

  30. Thank You! Keystone: an Open Framework for Architecting Trusted Execution Environments 30

Recommend


More recommend