cosmix a compiler based system for secure memory
play

CoSMIX: A Compiler-based System for Secure Memory Instrumentation - PowerPoint PPT Presentation

CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni Orenbach (Technion), Yan Michalevsky (Anjuna), Christof Fetzer (TU Dresden, Scone), Mark Silberstein (Technion) Published in USENIX ATC19


  1. CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves Meni Orenbach (Technion), Yan Michalevsky (Anjuna), 
 Christof Fetzer (TU Dresden, Scone), Mark Silberstein (Technion) Published in USENIX ATC’19

  2. Speaker bio • Yan Michalevsky • Co-founder and CTO of Anjuna Security (www.anjuna.io) • Phd from Stanford University (applied security and cryptography) • B.Sc from Technion (EE) • Speaker at BlackHat, RSA Conference • Research featured in BBC, Wired, Engadget, ArsTechnica and more

  3. Enclaves Enclave • Confidentiality • Integrity • Assume an untrusted operating system • Recent advancements in OS Library OS and unikernel- based approaches enable execution of entire applications

  4. Motivation: missing OS abstractions, performance and side-channel protection • Features • Memory-mapping • Performance • Secure User-managed Virtual Memory (SUVM) 
 [Orenbach et al. ’17 (Eleos)] • Side-channel protection • Transparent Oblivious RAM for enclaved applications protects against controlled side-channel attacks • And much more (custom memory backends…)

  5. Memory-mapping: missing construct in enclaves

  6. Page-fault handling with SGX 6x the latency of signal handling without SGX

  7. Prior work • Sidestep the lack of secure page faults by customizing applications • Eleos (SUVM) [Orenbach et al. ’17] • ZeroTrace (ORAM) [Sasy et al. ’18] • Require specialized handling of memory accesses • Reference implementations are language-specific • Eleos implementation is not suitable for high-level languages

  8. CoSMIX • Compiler + runtime • Automatic and transparent customization of memory accesses and page-fault handling • Automatic inference of pointer types via pointer-analysis • Locality-optimized translation caching • Selective instrumentation of memory accesses • Guided by annotations of memory allocation • Automatic inference of related memory accesses

  9. Memory Store (mStore) • mStore — a software abstraction of memory access behavior • An additional virtual memory layer on top of a backing store • Handles • Allocation • Deallocation mStore 
 Backing-store 
 address address • Address translation • Paging

  10. Direct-access memory store

  11. Cached memory store

  12. Use-case: Secure User-managed Virtual Memory (SUVM) • Proposed by Orenbach et al. ’17 (Eleos) • Motivation: avoid costly enclave transitions to handle demand paging • Provides the same confidentiality and integrity guarantees as the EPC • Caches pages in the EPC • Can boost performance by ~2x compared to regular execution in SGX

  13. Use case: Oblivious RAM (ORAM) Controlled side-channel attacks can recover quite a bit of information by examining memory access patterns [Xu et al. 2015]

  14. Use case: Oblivious RAM (ORAM) • Preserves I/O behavior • Obfuscates memory access patterns

  15. CoSMIX end-to-end

  16. CoSMIX end-to-end Annotate memory allocations with memory stores to use

  17. CoSMIX end-to-end Annotate Proper memory access memory instrumentation is allocations inferred based on with memory allocation annotations stores to use

  18. Stacking mStore-s ORAM SUVM SUVM ORAM

  19. Evaluation Workloads Fetching a 4 KB page

  20. Memcached 600 MB dataset Random access to 1KB objects. 90% get / 10% set

  21. Memcached 600 MB dataset Random access to 1KB objects. 90% get / 10% set

  22. ORAM SUVM

  23. Summary • Compiler-based approach to memory instrumentation and SW page-fault handling • Conveniently addresses • Lacking functionality • Performance • Security against certain side-channels • Extensible

  24. Thank You. Questions? www.anjuna.io yan@anjuna.io � 22

Recommend


More recommend