avoiding leakage and synchronization attacks through
play

Avoiding Leakage and Synchronization Attacks through Enclave-Side - PowerPoint PPT Presentation

Jun 22, 2023 •9 likes •289 views

Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp, Adam Lackorzynski * , Jrmie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Verssimo * Kernkonzept GmbH and University of

  1. Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Völp, Adam Lackorzynski * , Jérémie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Veríssimo * Kernkonzept GmbH and University of Luxembourg SnT CritiX Lab TU Dresden – Operating-systems group Luxembourg Dresden, Germany <name>.<surname>@uni.lu adam.lackorzynski@kernkonzept.com 1st Workshop on System Software for Trusted Execution (SysTEX 2016), Dec. 12, 2016, Trento, Italy

  2. The functionality/code size dilemma • application scenarios require the system to implement a certain set of functionalities • implementing these functionalities comes at the cost of a certain minimal amount of code – even if development time and costs don’t matter; and – even if you only use high-class developers • correlation of code size and complexity to vulnerabilities – Chou et al., “ An Empirical Study of Operating Systems Errors” , SOSP 2001 – Asadollah et al., “ A Study of Concurrency Bugs in an Open Source Software”, OSS 2016 Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 2

  3. The functionality/code size dilemma • application scenarios require the system to implement a certain set of functionalities • implementing these functionalities comes at the cost of a certain minimal amount of code – even if development time and costs don’t matter; and 5-13 PY • RTOS ca. 5 KLOC formal – even if you only use high-class developers • Microkernel 10 – 15 KLOC verification • correlation of code size and complexity to vulnerabilities • Legacy OS 15 – 50 MLOC – Chou et al., “ An Empirical Study of Operating Systems Errors” , SOSP 2001 – Asadollah et al., “ A Study of Concurrency Bugs in an Open Source Software”, OSS 2016 Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 3

  4. Intransitive trust secure secure App App legacy Player App App Legacy OS Stub FS Driver Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 4

  5. Intransitive trust legacy Player App App Legacy OS secure secure Codec App App Resource Mgmt tudos.org Stub VPFS FS En-/Decryption Driver Framebuffer Mgr. Weinhold et al., “ jVPFS: Adding Robustness to a Secure Stacked File • System with Untrusted Local Storage Components”, USENIX ATC, 2011 Singaravelu et al., “ Reducing TCB Complexity for Security-Sensitive • Applications: Three Case Studies” , Eurosys, 2006 … Asmussen, Völp, … • ASPLOS ‘16 Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 5

  6. Intransitive trust legacy Player App App Legacy OS secure secure Codec App App Resource Mgmt Stub VPFS FS En-/Decryption Driver Framebuffer Mgr. Inktag M3 Intel SGX Hoffmann et al. ‘13 Manycore + DTUs microhypervisor Asmussen, Völp, … ARM Trustzone / … ASPLOS ‘16 Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 6

  7. SGX Vulnerabilities Source: AsyncShock Fine grain preemption control to widen the window of vulnerability of synchronization bugs Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 7

  8. SGX Vulnerabilities Fine grain preemption control to widen the window of vulnerability for side-channel attacks Fine grain preemption control to widen the window of vulnerability of synchronization bugs Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 8

  9. SGX Vulnerabilities • Running Example: Osvik et al., “ Cache Attacks and Countermeasures: the Case of AES” , CT-RSA 2006 in-memory tables T i source: wikimedia Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 9

  10. SGX Vulnerabilities • Running Example: Osvik et al., “ Cache Attacks and Countermeasures: the Case of AES” , CT-RSA 2006 T i R 5 = read T i [x j ] R 0 = xor R 0 , R 5 … read T i [0] T i … read T i [n] Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 10

  11. SGX Vulnerabilities • Running Example: Osvik et al., “ Cache Attacks and Countermeasures: the Case of AES” , CT-RSA 2006 T i R 6 = read T i [0] cmp 0, x j R 5 = cmov R 6 T i R 0 = xor R 0 , R 5 … low indistinguishable data access pattern embedded into low indistinguishable control flow Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 11

  12. SGX Vulnerabilities • Running Example: Osvik et al., “ Cache Attacks and Countermeasures: the Case of AES” , CT-RSA 2006 T i disable preemptions R 5 = read T i [x j ] R 0 = xor R 0 , R 5 … read T i [0] T i … read T i [n] enable preemptions Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 12

  13. This talk Re-investigate delayed-preemption: • How can we allow user-level applications (in enclaves) to disable preemptions without being able to monopolizing the system? • How can we prevent solicited exits through which the management OS could regain control? • How can we translate delayed- preemption to Intel SGX? Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 13

  14. This talk disable preemptions How can we prevent solicited exits in sensitive code? R 5 = read T i [x j ] R 0 = xor R 0 , R 5 … read T i [0] … How can we make sure the enclave enables read T i [n] enable preemptions preemptions again? Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 14

  15. This talk disable preemptions prepare if preempted goto retry How can we prevent solicited exits in sensitive code? R 5 = read T i [x j ] R 0 = xor R 0 , R 5 … read T i [0] … How can we make sure the enclave enables read T i [n] enable preemptions preemptions again? Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 15

  16. Delayed Preemption • … in a Trusted-Trustworthy Hypervisor user / enclave mode kernel mode time execute delayed preemptions disable all interrupts except timer program timer to max_tolerable_delay inform app about pending preemption: p = 1 Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 16

  17. Delayed Preemption • … in a Trusted-Trustworthy Hypervisor … user / enclave mode kernel mode time max_tolerable_delay execute delayed preemptions disable all interrupts except timer program timer to max_tolerable_delay inform app about pending preemption: p = 1 Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 17

  18. Delayed Preemption • … in a Trusted-Trustworthy Hypervisor sensitive code user / enclave mode kernel mode time max_tolerable_delay Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 18

  19. Delayed Preemption • … in SGX xAPIC register sensitive code user / enclave mode kernel mode time max_tolerable_delay Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 19

  20. Delayed Preemption • … in SGX not virtualizable xAPIC register sensitive code user / enclave mode kernel mode time local xAPIC register; max_tolerable_delay max_tolerable_delay write only in kernel mode (i.e., not in enclave mode) xAPIC: set timer on first preemption; don’t interrupt application Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 20

  21. Solicited Exits disable preemptions prepare if preempted goto retry R 5 = read T i [x j ] R 0 = xor R 0 , R 5 … read T i [0] … read T i [n] enable preemptions Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 21

  22. Solicited Exits retry:  xApic.d = 1; Trigger all such exits during non-sensitive prepare phase; prepare Set p flag to make code aware of these exits; if (p = 1) Context switch p flag as part of enclave state goto retry How to prevent solicited exits in sensitive code? R 5 = read T i [x j ] data / instruction page-faults R 0 = xor R 0 , R 5 • lazy FPU context switch … • read T i [0] power management • … device virtualization • read T i [n] xApic.d = 0  max_tolerable_delay // if (xApic.p = 1) -> AEX Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control - SysTEX 2016 - Marcus Völp (marcus.voelp@uni.lu) 22

Recommend

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
RESISTIVE COMPUTATION: AVOIDING THE POWER WALL WITH LOW-LEAKAGE, STT-MRAM BASED COMPUTING

RESISTIVE COMPUTATION: AVOIDING THE POWER WALL WITH LOW-LEAKAGE, STT-MRAM BASED COMPUTING

RESISTIVE COMPUTATION: AVOIDING THE POWER WALL WITH LOW-LEAKAGE, STT-MRAM BASED COMPUTING Xiaochen Guo , Engin Ipek, and Tolga Soyata Rochester Computer Systems Architecture Laboratory Multicore Scaling Limited by Power 2 Traditional MOSFET

768 views • 20 slides
Dynamically balanced synchronization-avoiding LU factorization with multicore and GPUs Simplice

Dynamically balanced synchronization-avoiding LU factorization with multicore and GPUs Simplice

Dynamically balanced synchronization-avoiding LU factorization with multicore and GPUs Simplice D ONFACK Stanimire T OMOV Jack D ONGARRA presenter: Piotr L USZCZEK formerly: University of Tennessee, currently: CSCS Lugano,

319 views • 19 slides
Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &amp;

836 views • 45 slides
Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj Singh Gaur 1 , Vijay Laxmi 1 , Tushar Singhal 1 , Mauro Conti 2 1 Malaviya National Institute of Technology, Jaipur, India 2 University of Padua, Italy

882 views • 58 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral Heiland Matthew Kienow deral_heiland@rapid7.com mkienow@inokii.com dh@layereddefense.com @HacksForProfit @Percent_X Why ? Add value ?

939 views • 66 slides
Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah Lacharit, Brice Minaud , Kenny Paterson Information Security Group IEEE Symposium on Security and Privacy, May 21, 2018 Outsourcing Data with Search

654 views • 62 slides
Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud

Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud

Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud Kenny Paterson Information Security Group Application Setting Storing Records in the Cloud value of record ( N possible values) record identifier

615 views • 59 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson eprint 2019/011 and IEEE S&amp;P 2019. (also eprint 2018/965, CCS 2018.) AriC crypto seminar, ENS

651 views • 48 slides
Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional Account Director Arcom Digital &lt; HOME Digital Leakage Outline Digital Leakage Traditional Leakage LTE Ingress and Egress issues

877 views • 68 slides
The Synchronization Toolbox The Synchronization Toolbox Mutual Exclusion Mutual Exclusion Race

The Synchronization Toolbox The Synchronization Toolbox Mutual Exclusion Mutual Exclusion Race

The Synchronization Toolbox The Synchronization Toolbox Mutual Exclusion Mutual Exclusion Race conditions can be avoiding by ensuring mutual exclusion in critical sections. Critical sections are code sequences that are vulnerable to races.

708 views • 34 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto &amp; Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed

1.29k views • 60 slides
Content Synchronization Content Synchronization March 2nd 2005 Jukka Honkola T-110.456

Content Synchronization Content Synchronization March 2nd 2005 Jukka Honkola T-110.456

Content Synchronization Content Synchronization March 2nd 2005 Jukka Honkola T-110.456 Synchronization Synchronization Needed whenever multiple copies of an object may be updated independently After synchronization objects should be

413 views • 14 slides
Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography Krzysztof Pietrzak Challenges

994 views • 96 slides
The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water leakage can occur . To prevent leakage-related damages it sends an alert whenever water is detected. The device also visualizes its status on the online

234 views • 10 slides
Condition Synchronization 1 Synchronization Now that you have seen locks, is that all there is?

Condition Synchronization 1 Synchronization Now that you have seen locks, is that all there is?

Condition Synchronization 1 Synchronization Now that you have seen locks, is that all there is? No, but what is the right way to build a parallel program. People are still trying to figure that out. Compromises: between making it

643 views • 16 slides
Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS Encrypted Search Trusted client Untrusted server Cat Fish Cat Dog Dog 2 Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted

983 views • 60 slides
Chapter 6: Process [&amp; Thread] Synchronization Why is synchronization needed? CSCI [4|6]

Chapter 6: Process [&amp; Thread] Synchronization Why is synchronization needed? CSCI [4|6]

Chapter 6: Process [&amp; Thread] Synchronization Why is synchronization needed? CSCI [4|6] 730 Synchronization Language/Definitions: What are race conditions? Operating Systems What are critical sections? What are atomic

488 views • 11 slides
Carbon leakage: theory, evidence and policy PMR Webinar on Carbon Leakage John Ward November 24

Carbon leakage: theory, evidence and policy PMR Webinar on Carbon Leakage John Ward November 24

Carbon leakage: theory, evidence and policy PMR Webinar on Carbon Leakage John Ward November 24 and December 3, 2015 Vivid Economics Overview Definition Theory Evidence Addressing leakage Why? Which sectors? How? 2

408 views • 29 slides
LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov Gordon, Feng-Hao Lui, Adam, ONeill, and Hong-Sheng Zhou O UTLINE OF T ALK Leakage Models for PKE Bounded, Continual, and Continual w/ Leakage on

1.05k views • 102 slides

More recommend