Toward rds s Managem agemen ent of C f Chain ins s of f Tru rust st for Mu fo r Mult lti-Cl Clouds ouds wi with Intel l SGX GX Houssem KANZARI and Marc LACOSTE Orange Labs Second Workshop on Security in Clouds (SEC2 2016 )
Trust and Isolation Issues in Cloud Environment Horizontal CoT ISOLATION VM Inter-DC Network VM VM(Attacker) Exploit Cloud Hypervisor (Compromised) Infrastructure Layers Hardware Vertical CoT Approach: Threats : VM secure execution compromised Hardware aided secure isolated due to the vulnerability against execution insider attack Intel SGX enclave 2 interne Orange
Trust and Isolation Issues in Cloud Environment Horizontal CoT ISOLATION VM Inter-DC Network VM VM Cloud Hypervisor (Untrusted) Infrastructure Layers Hardware Vertical CoT Approach: Threats : VM integrity issues due to the Secure channel who can bypass vulnerability of virtualized untrusted layers hardware over hypervisor Chain of Trust 3 interne Orange
Outline Background: chains of trust and Intel SGX CoT attestation protocols: • Intra-SGX Platform • Remote SGX Platform Implementation: CoT API over OpenSGX Evaluation 4 interne Orange
Chain of Trust Based Intel SGX Chain of Trust: Enclave Intel SGX: • RoT for measurement and reporting • A secure execution context • Each element reports it’s trustworthy in (code+data) isolated from external order to be a part of the CoT access • • Append element to the CoT by On demand report generation for measuring it’s trust trustworthy attestation • Built-in report integrity measurement Check report integrity Enclave Intel SGX capabilities matches CoT Enclave (Trustor) (Trustee) model requirements Build then deliver report 5 interne Orange
Proposed Attestation Protocols Intra-SGX Platform enclaves Attestation Intel SGX platform guarantees the local integrity of its enclaves Each enclave verify the integrity of the other through a MAC computing challenge allowed by Intel SGX Establish trust between two enclaves 6 interne Orange
Proposed Attestation Protocols Inter-SGX Platform Quoting enclave is responsible of reporting enclave integrity outside the platform The target attest about its integrity to quoting enclave The quoting enclave deliver to the target a formatted proof able to be verified outside the platform Establish trust between two enclaves remotely located 7 interne Orange
Implementation over OpenSGX Architecture Appli licatio ion Program ram Encla lave Prog ogra ram Code Data ta Stac ack Measu surement reports rts CoT API API Encryp ryptio ion keys Attestati tion on Rout utine nes Enclave SGX lib Inter er-En Enclave clave Key and Repor ort Handl ndler Mode Commu mmuni nica cator SGX System switch Call SGX X OS Emulation lation SGX Instruction QEMU SGX CoT API features: • Built-in key creation, report signing and checking procedure. • Dedicated secure socket interface • Ready to use attestation routines 8 interne Orange
Preliminary Scalability Results CPU cycle consumption during CoT building vs CoT size • Start-up offset (~120 Mcycles) Million CPU Cycles • CoT establishment overhead 140 appears sub-linear w.r.t size 135 Our protocols could 130 scale to large CoT sizes 125 CoT Size (# of enclaves) 2 3 4 5 6 7 8 9 10 Next steps: • Translate our approach from emulated to real Intel SGX hardware • Verify scalability on very large CoT size • Extend and enhance CoT API to capture richer CoT model (cross-layer) • Integrate with self management security framework 9 interne Orange
Thank you
Recommend
More recommend