mptee bringing flexible and efficient memory protection
play

MPTEE: Bringing Flexible and Efficient Memory Protection to Intel - PowerPoint PPT Presentation

MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX Wenjia Zhao 1,2 , Kangjie Lu 2 , Yong Qi 1 , Sqiyu Qi 3 1 Xian Jiaotong University, China 2 University of Minnesota, USA 3 Xidian University, China EuroSys'20, April 2730,


  1. MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX Wenjia Zhao 1,2 , Kangjie Lu 2 , Yong Qi 1 , Sqiyu Qi 3 1 Xi’an Jiaotong University, China 2 University of Minnesota, USA 3 Xidian University, China EuroSys'20, April 27–30, 2020

  2. Intel Software eXecute Guard (SGX) • Hardware-based trusted execution environment • Provide secure region, namely enclave • Enhance Application Security Secure Cloud Services Blockchain Edge Computing Digital Wallet

  3. Two types of SGX Research Applications (to protect data/code) • VC3 [OAKLAND’15] • SCONE [OSDI’16] • JITGuard [CCS’17] • SGXCrypter [ASP-DAC’17] Protection/attack to SGX itself • Page Fault [OAKLAND’15] • SGX-Shield [NDSS’17] • SGXBOUNDS [EUROSYS’17] • Side-channel [OAKLAND’18, SECURITY’17]

  4. Examples and current disadvantages SGXCrypter protects code by unpacking the packed code in enclave. • relies on the OS page table to remove the W perm of unpacked code • is incompatible with the SGX security model SGX-Shield protects SGX code itself through randomization • uses software-based DEP to create an Non-RW boundary(R15) • wastes the R15 register • NRW boundary using a general register can be shifted[security’18]

  5. Two types of SGX Research Applications (to protect data/code) • VC3 [OAKLAND’15] • SCONE [OSDI’16] flexibly and securely enforcing • JITGuard [CCS’17] memory-page permissions • SGXCrypter [ASP-DAC’17] Protection/attack to SGX itself • Page Fault [OAKLAND’15] • SGX-Shield [NDSS’17] • SGXBOUNDS [EUROSYS’17] • Side-channel [OAKLAND’18, SECURITY’17]

  6. Unfortunately, the feature is missing

  7. Unfortunately, the feature is missing Why?

  8. Unfortunately, the feature is missing Why? Security considerations (untrusted os) Permissions are statically decided (sign-verify)

  9. Challenges Limited hardware support Strong adversary

  10. Challenges A software-based solution, significant performance overhead Limited hardware support Strong adversary

  11. Challenges Limited hardware The privileged software (e.g., OS, hypervisor) is untrusted support and SGX programs themselves might be vulnerable Strong adversary

  12. Challenges A hardware-assisted solution Limited hardware support Strong adversary

  13. Challenges A hardware-assisted solution low overhead Limited hardware support Strong adversary

  14. Challenges A hardware-assisted solution low overhead Limited hardware support Strong adversary

  15. MPTEE: memory permission protection Flexible, efficient, and isolated memory permission enforcement for SGX. • Flexible and Efficient Memory-Permission Enforcement • Enforcement Integrity Permission R/W/X enforcement Region Enforcement integrity Code Attack

  16. MPTEE: memory permission protection Flexible, efficient, and isolated memory permission enforcement for SGX. • Flexible and Efficient Memory-Permission Enforcement • Enforcement Integrity Permission R/W/X enforcement Region Enforcement integrity Code Attack

  17. MPTEE: memory permission protection Flexible, efficient, and isolated memory permission enforcement for SGX. • Flexible and Efficient Memory-Permission Enforcement • Enforcement Integrity Permission R/W/X enforcement Region Enforcement integrity Code Attack

  18. Memory-Permission Enforcement Elastic Cross-Region Bound Check(CRBC) Basic idea Use hardware-assisted technique(MPX) to bound-check access

  19. Elastic Cross-Region Bound Check(CRBC) Memory Protection Extension(MPX) • New instructions, bndcu, bndcl, bndmk… • Four dedicated bound registers (BND0 ∼ BND3) bnd0.lb bnd0.ub fun: : ……

  20. Elastic Cross-Region Bound Check(CRBC) Memory Protection Extension(MPX) • New instructions, bndcu, bndcl, bndmk… • Four dedicated bound registers (BND0 ∼ BND3) • More bounds will be stored in a bound table in memory Significant performance overhead (over 60%)

  21. Elastic Cross-Region Bound Check(CRBC) OS kernel region0 env,argv,argc Stack ... .data dynamic RW region1 .bss libraries X .text region2 region3 Heap .data region4 RW .bss program region5 X .text

  22. Elastic Cross-Region Bound Check(CRBC) OS kernel region0 bnd regs UBound LBound env,argv,argc Stack ... Bound Table0 .data dynamic RW region1 Bound Directory .bss libraries X .text region2 Bound Table1 region3 Heap Bound tables .data impose high region4 RW .bss program overhead region5 X .text

  23. Elastic Cross-Region Bound Check(CRBC) How can we use limited number of bound registers to protect multiple memory region access?

  24. Elastic Cross-Region Bound Check(CRBC) Key observation The same permission memory range is continuous in an enclave

  25. Elastic Cross-Region Bound Check(CRBC) Key observation The same permission memory range is continuous in an enclave Because All required libraries must be statically linked in the target enclave program

  26. Elastic Cross-Region Bound Check(CRBC) X .text,.rodata,... Permission change .got,.bss,.data,... ... R Heap Continuous à Non-continuous W Thread context Exceeded the number of MPX registers Enclave memory layout

  27. Elastic Cross-Region Bound Check(CRBC) X .text,.rodata,... .got,.bss,.data,... Remove W ... R Unpack code/randomize code Heap W Thread context Enclave memory layout

  28. Elastic Cross-Region Bound Check(CRBC) X .text,.rodata,... .got,.bss,.data,... W Remove W 3 regions à 5 regions ... R X Unpack code/randomize code Heap W Thread context Enclave memory layout

  29. Elastic Cross-Region Bound Check(CRBC) X .text,.rodata,... .got,.bss,.data,... W Remove W 3 regions à 5 regions ... R X Unpack code/randomize code Heap 4 MPX registers are not enough W Thread context Enclave memory layout

  30. Elastic Cross-Region Bound Check(CRBC) X .text,.rodata,... .got,.bss,.data,... W Remove W We design a new layout ... R X Unpack code/randomize code Heap W Thread context Enclave memory layout

  31. Elastic Cross-Region Bound Check(CRBC) non-permission X .text,.rodata,... X .got,.bss,.data,... .text,.rodata, … (RX) ... R Heap R W W .got,.bss,.data,heap (RW) Thread context Enclave memory layout New memory layout with CRBC

  32. Elastic Cross-Region Bound Check(CRBC) non-permission X .text,.rodata,... X .got,.bss,.data,... .text,.rodata, … (RX) ... R Heap R W W .got,.bss,.data,heap (RW) Thread context Enclave memory layout New memory layout with CRBC

  33. Elastic Cross-Region Bound Check(CRBC) Non-perm. (ImageBase, BND0.LB) non-permission X (BND0.LB, BND2.LB) RX (BND2.LB, BND1.LB) X(BND0) .text,.rodata, … (RX) RWX (BND1.LB, BND0.UB) R(BND2) W(BND1) .got,.bss,.data,heap (RW) RW (BND0.UB, BND1.UB) R (BND1.UB, BND2.UB) New memory layout with CRBC

  34. Elastic Cross-Region Bound Check(CRBC) Non-perm. (ImageBase, BND0.LB) non-permission X (BND0.LB, BND2.LB) RX (BND2.LB, BND1.LB) X(BND0) .text,.rodata, … (RX) Only three registers to offer six regions RWX (BND1.LB, BND0.UB) Continuous after permission change R(BND2) W(BND1) .got,.bss,.data,heap (RW) RW (BND0.UB, BND1.UB) R (BND1.UB, BND2.UB) New memory layout with CRBC

  35. Elastic Cross-Region Bound Check(CRBC) JIT code generator non-permission non-permission Remove W X X Generated code fragment0 Reserved area R R W W

  36. Elastic Cross-Region Bound Check(CRBC) JIT code generator non-permission non-permission Remove W Remove W X X Generated code fragment0 Generated code fragment0 Generated code fragment1 R R W W

  37. Elastic Cross-Region Bound Check(CRBC) JIT code generator non-permission non-permission Remove W Remove W X X Generated code fragment0 Generated code fragment0 Generated code fragment1 R R W W

  38. Elastic Cross-Region Bound Check(CRBC) • Initializing the bounds • Updating the bounds • Permission enforcement using CRBC • Four APIs, mpt_mmap, mpt_mremap, mpt_uunmap, mpt_write • Improving EPC usage • Optimizing CRBC: Adaptive Permission Enforcement More details in the paper

  39. Elastic Cross-Region Bound Check(CRBC) • CRBC leverages MPX to efficiently bound-check multiple regions with different boundary registers. Use only regs , bnd0, bnd1, and bnd2 • Provide six different permission regions • Allow the flexible changes of the ranges of • memory regions at runtime

  40. Elastic Cross-Region Bound Check(CRBC) • CRBC leverages MPX to efficiently bound-check multiple regions with different boundary registers Use only regs , bnd0, bnd1, and bnd2 • Provide six different permission regions • Without using MPX bound Allow the flexible changes of the ranges of • table to avoid the high memory regions at runtime performance overhead

  41. CRBC may be attacked Check-skipping attacks • Control-flow attacks that bypass the bound checks and abuse the permission control Unaligned call without check

  42. CRBC may be attacked Bound-manipulating attacks • Data-flow attacks that manipulate bounds Bndmk is called maliciously

  43. Enforcement Integrity control-data integrity + memory isolation

Recommend


More recommend