opensgx an open platform for
play

OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, - PowerPoint PPT Presentation

Aug 13, 2022 •518 likes •1.27k views

OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim* , Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim, Brent Byunghoon Kang, Dongsu Han 1 Trusted Execution Environment (TEE) Hardware

  1. OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim* , Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim, Brent Byunghoon Kang, Dongsu Han 1

  2. Trusted Execution Environment (TEE) • Hardware technologies for trusted computing – Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform 2

  3. Trusted Execution Environment (TEE) • Hardware technologies for trusted computing – Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform 3

  4. Trusted Execution Environment (TEE) • Hardware technologies for trusted computing – Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform 4

  5. Trusted Execution Environment (TEE) • Hardware technologies for trusted computing – Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform 5

  6. Trusted Execution Environment (TEE) • Hardware technologies for trusted computing – Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform • Practical limitations of TEEs – Trusted Platform Module (TPM) : Poor performance – ARM TrustZone : Compatibility (only for embedded devices) 6

  7. Intel SGX • An extension of x86 Instruction Set Architecture (ISA) – Offers native performance, Compatibility with x86 – Application keeps its data/code inside the “ enclave ” Enclave Application (untrusted) Operating System (untrusted) Skylake CPU 7

  8. Intel SGX • An extension of x86 Instruction Set Architecture (ISA) – Offers native performance, Compatibility with x86 – Application keeps its data/code inside the “ enclave ” Data Code Enclave Application (untrusted) Operating System (untrusted) Skylake CPU 8

  9. Intel SGX 101: Isolated Execution • Smallest attack surface by reducing TCB (App + processor) • Protect app’s secret from untrusted privilege software Physical Address Memory Space CPU Package Enclave EPC Encrypted code/data 9

  10. Intel SGX 101: Isolated Execution • Smallest attack surface by reducing TCB (App + processor) • Protect app’s secret from untrusted privilege software Physical Address Memory Space CPU Package Enclave EPC Encrypted code/data Memory Encryption Engine (MEE) 10

  11. Intel SGX 101: Isolated Execution • Smallest attack surface by reducing TCB (App + processor) • Protect app’s secret from untrusted privilege software Physical Address Memory Space CPU Package Enclave EPC Encrypted code/data Memory Encryption Engine (MEE) 11

  12. Intel SGX 101: Isolated Execution • Smallest attack surface by reducing TCB (App + processor) • Protect app’s secret from untrusted privilege software Physical Address Memory Space CPU Package Enclave Processor Key EPC Encrypted code/data Memory Encryption Engine (MEE) 12

  13. Intel SGX 101: Isolated Execution • Smallest attack surface by reducing TCB (App + processor) • Protect app’s secret from untrusted privilege software Physical Address Memory Space CPU Package Enclave Processor Key EPC Encrypted Snooping code/data Memory Encryption Engine (MEE) 13

  14. Intel SGX 101: Isolated Execution • Smallest attack surface by reducing TCB (App + processor) • Protect app’s secret from untrusted privilege software Physical Address Memory Space CPU Package Enclave Processor Key EPC Access from Encrypted Snooping OS/VMM code/data Memory Encryption Engine (MEE) 14

  15. Intel SGX 101: Remote attestation • Attest an application on remote platform – Check the integrity of enclave (hash of code/data pages) – Verify whether enclave is running on real SGX CPU – Can establish a “ secure channel ” between enclaves User platform Remote platform 1. Request Application Challenger Enclave Application Enclave 4. Send Ephemeral QUOTE 2. Create REPORT 5. Verify 3. Sign with Quoting Attestation EPID group key Enclave Verification (Create QUOTE) EPID key 15 15

  16. Intel SGX 101: Remote attestation • Attest an application on remote platform – Check the integrity of enclave (hash of code/data pages) – Verify whether enclave is running on real SGX CPU – Can establish a “ secure channel ” between enclaves User platform Remote platform Intel SGX brings new opportunities for 1. Request Application enhancing security of applications Challenger Enclave Application Enclave 4. Send Ephemeral QUOTE 2. Create REPORT 5. Verify 3. Sign with Quoting Attestation EPID group key Enclave Verification (Create QUOTE) EPID key 16 16

  17. SGX Research: Current Status • Pioneering research: Adopting SGX on cloud computing (Haven [OSDI14], VC3 [S&P15]) • Confidentiality verification of SGX program (Moat [CCS15]) • Adopts SGX on networking [HotNets15] 17

  18. SGX Research: Current Status • However, software technologies for SGX lag behind their hardware counterpart SGX CPU and SDK is now available! But.. • Specification for SGX [revision 1 & 2] is not fully available on the SGX hardware (only functionalities in revision 1) • SGX technology has a complex license model 18

  19. OpenSGX: Design Goal • Offers a complete platform for SGX research – To explore software and hardware design space of SGX – To develop and evaluate SGX-enabled applications 19

  20. OpenSGX: Design Goal • Offers a complete platform for SGX research – To explore software and hardware design space of SGX – To develop and evaluate SGX-enabled applications • Fills non-trivial issues on SGX software components – Support for system software and user-level APIs – Familiar programming model and interface – Secure design to defend against potential attack vectors (e.g., Iago attacks) 20

  21. OpenSGX: Design Goal • Offers a complete platform for SGX research – To explore software and hardware design space of SGX – To develop and evaluate SGX-enabled applications • Fills non-trivial issues on SGX software components – Support for system software and user-level APIs – Familiar programming model and interface – Secure design to defend against potential attack vectors (e.g., Iago attacks) • Non goal : security guarantee 21

  22. OpenSGX: Approach • Using userspace emulation of QEMU – Binary translation to support SGX instructions – QEMU helper routine to implement complex instructions Host (single address space) QEMU Entry point EPC Code RIP Lib EPC Binary enclu(){ … Helper routine … … Translation EPC Data asm (“.byte 0x0f ” if(opcode == - Set registers “.byte 0x01 ” … 0x0f01d7) { “.byte 0xd7 ” - Operates “ rax =entry” Stack EPC helper_enclu(); SGX instructions … } EPC } Heap … Enclave Wrapper 22

  23. OpenSGX: Approach • Using userspace emulation of QEMU – Binary translation to support SGX instructions – QEMU helper routine to implement complex instructions Host (single address space) QEMU Entry point EPC Code RIP Lib EPC Binary enclu(){ … Helper routine … … Translation EPC Data asm (“.byte 0x0f ” if(opcode == - Set registers “.byte 0x01 ” … 0x0f01d7) { “.byte 0xd7 ” - Operates “ rax =entry” Stack EPC helper_enclu(); SGX instructions … } EPC } Heap … Enclave Wrapper 23

  24. OpenSGX: Component Overview • Emulated SGX hardware SGX QEMU (HW emulation) 24

  25. OpenSGX: Component Overview • Emulated SGX hardware • OS emulation layer SGX OS Emulation SGX QEMU (HW emulation) 25

  26. OpenSGX: Component Overview • Emulated SGX hardware • OS emulation layer • OpenSGX user library SGX Libraries Trampoline Stub SGX OS Emulation SGX QEMU (HW emulation) 26

  27. OpenSGX: Component Overview • Emulated SGX hardware • OS emulation layer • OpenSGX user library • OpenSGX toolchain SGX Libraries Trampoline Stub SGX OS Emulation OpenSGX toolchain SGX QEMU (HW emulation) 27

  28. OpenSGX: Component Overview • Emulated SGX hardware • Enclave loader • OS emulation layer • OpenSGX user library • OpenSGX toolchain SGX Libraries Enclave Runtime Trampoline loader library Stub SGX OS Emulation OpenSGX toolchain SGX QEMU (HW emulation) 28

  29. OpenSGX: Component Overview • Emulated SGX hardware • Enclave loader • Performance monitor • OS emulation layer • Enclave debugger • OpenSGX user library • OpenSGX toolchain SGX Libraries Enclave Enclave Runtime Debugger Trampoline loader library Stub Performance Monitor SGX OS Emulation OpenSGX toolchain SGX QEMU (HW emulation) 29

  30. OpenSGX: Component Overview • Emulated SGX hardware • Enclave loader • Performance monitor • OS emulation layer • Enclave debugger • OpenSGX user library • OpenSGX toolchain Enclave Program SGX Libraries Enclave Enclave Runtime Debugger Trampoline loader library Stub Performance Monitor SGX OS Emulation OpenSGX toolchain SGX QEMU (HW emulation) 30

Recommend

Open Smart Grid id Pla latform An Open source IoT platform for large infrastructures Why did

Open Smart Grid id Pla latform An Open source IoT platform for large infrastructures Why did

Open Smart Grid id Pla latform An Open source IoT platform for large infrastructures Why did we develop the Open Smart Grid Platform? The Open Smart Grid Platform architecture Use cases: Applications Smart Lighting Application

488 views • 9 slides
open platform, open tools and open data for an open Internet Tiziana Refice (tiziana@google.com)

open platform, open tools and open data for an open Internet Tiziana Refice (tiziana@google.com)

open platform, open tools and open data for an open Internet Tiziana Refice (tiziana@google.com) ISMA 2012 What & who is M-Lab? Measurement Lab (M-Lab) is a collaborative, researcher-driven effort to empower Internet users , researchers ,

483 views • 17 slides
OPEN SCHOOL: An Open E-Learning Platform for Khmer-speaking Users Sokunthearith Makara Learning

OPEN SCHOOL: An Open E-Learning Platform for Khmer-speaking Users Sokunthearith Makara Learning

OPEN SCHOOL: An Open E-Learning Platform for Khmer-speaking Users Sokunthearith Makara Learning Design and Technology Problem Access to quality education Solution Purpose statement: Develop and evaluate the ease of use of an open

1.02k views • 90 slides
Introduction: Open Web Platform and Automotive Philipp Hoschka<ph@w3.org> This project is

Introduction: Open Web Platform and Automotive Philipp Hoschka<ph@w3.org> This project is

Introduction: Open Web Platform and Automotive Philipp Hoschka<ph@w3.org> This project is funded by the European Union through the Seventh Framework Programme (FP7/2010-2012) under grant Webinos Why This Workshop? Motivation: Open

345 views • 13 slides
GlobalSight is an open-source translation management platform that manages the end-to-end

GlobalSight is an open-source translation management platform that manages the end-to-end

GlobalSight is an open-source translation management platform that manages the end-to-end localization process . GlobalSight provides a robust, easy-to- access platform for managing, translating and delivering global content.

72 views • 6 slides
Open Election Data (OED), Electoral Violence Education and Resolution (EVER) Platform OED-EVER

Open Election Data (OED), Electoral Violence Education and Resolution (EVER) Platform OED-EVER

LAM-TECH Consulting Enterprises Open Election Data (OED), Electoral Violence Education and Resolution (EVER) Platform OED-EVER Platform LAMTECH.SL Version 0.3 | Wednesday, 3 rd , December 2018 Introduction What is elec elector oral al

583 views • 44 slides
TravelSpirit and the Open Internet of Mobility Open internet of mobility Call SmartCard

TravelSpirit and the Open Internet of Mobility Open internet of mobility Call SmartCard

TravelSpirit and the Open Internet of Mobility Open internet of mobility Call SmartCard Contactless App Data Payment MaaS Journey Platform Operator Planner aggregator facilitator Service planner Open data feeds Platform

339 views • 7 slides
The African Open Science Platform ICT Infrastructure in Support of Data Sharing Presented by Ina

The African Open Science Platform ICT Infrastructure in Support of Data Sharing Presented by Ina

The African Open Science Platform ICT Infrastructure in Support of Data Sharing Presented by Ina Smith Project Manager African Open Science Platform Academy of Science of South Africa (ASSAf) WACREN 2018 Conference, 15 March 2018 Data Driven

390 views • 35 slides
Introducing Open Platform for NFV Dirk Kutscher Chief Researcher NEC

Introducing Open Platform for NFV Dirk Kutscher Chief Researcher NEC

Introducing Open Platform for NFV Dirk Kutscher Chief Researcher NEC Laboratories Europe Please direct any questions or comments to info@opnfv.org 1 OPNFV is a carrier- grade, integrated, open source reference

576 views • 13 slides
Introduction of an open-source, multi-material bioprinting platform 3D bioprinting conference -

Introduction of an open-source, multi-material bioprinting platform 3D bioprinting conference -

Introduction of an open-source, multi-material bioprinting platform 3D bioprinting conference - 26 January 2016 - Maastricht Overview www.teamhelloworld.com 1.CANTER at a glance 2.AM in medicine 3.Open issue 4.Why open-source?

690 views • 22 slides
TOWARDS OPEN ORGANIZATIONS V4.2 6/12/18 MISSION A few days; rapid technical guidance; you

TOWARDS OPEN ORGANIZATIONS V4.2 6/12/18 MISSION A few days; rapid technical guidance; you

TOWARDS OPEN ORGANIZATIONS V4.2 6/12/18 MISSION A few days; rapid technical guidance; you handle the Platform. Presans is an open-innovation platform whose mission is to inject Light Speed on-demand expertise into industrial Insights

388 views • 12 slides
Open311 A Platform for a Participatory Civic Infrastructure Toward an open standard 311 is an

Open311 A Platform for a Participatory Civic Infrastructure Toward an open standard 311 is an

Open311 A Platform for a Participatory Civic Infrastructure Toward an open standard 311 is an access point for non-emergency city services Cities support 311 to varying degrees with a wide range of services and methods of access Open Data

311 views • 20 slides
OPAVES An open platform for autonomous vehicle tinkerers Fabien Chouteau Embedded Software

OPAVES An open platform for autonomous vehicle tinkerers Fabien Chouteau Embedded Software

OPAVES An open platform for autonomous vehicle tinkerers Fabien Chouteau Embedded Software Engineer at AdaCore Twitter : @DesChips GitHub : Fabien-Chouteau Hackaday.io: Fabien.C 1 What is this project? Open Platform for Autonomous

482 views • 24 slides
Evaluation of Park Harrison Brown for R244 Park: An Open Platform for Learning- Augmented

Evaluation of Park Harrison Brown for R244 Park: An Open Platform for Learning- Augmented

Adding the packet classification problem Evaluation of Park Harrison Brown for R244 Park: An Open Platform for Learning- Augmented Platform for researchers to experiment with RL 12 systems problems with an easy to use interface

100 views • 9 slides
Towards an Open Mobile Measurement Platform David Choffnes University of Washington Along with

Towards an Open Mobile Measurement Platform David Choffnes University of Washington Along with

Towards an Open Mobile Measurement Platform David Choffnes University of Washington Along with University of Michigan and Google Thursday, February 7, 13 1 Mobile Internet can be terrible Open Platform for Mobile Measurement 2 Thursday,

195 views • 15 slides
The Power of Platform Technology Adapting to change using open, integrated systems 1 Webinar

The Power of Platform Technology Adapting to change using open, integrated systems 1 Webinar

The Power of Platform Technology Adapting to change using open, integrated systems 1 Webinar overview 01. Brief Introduction 02. Current state of Technology in the Construction industry 03. Benefits of Platform technology 04. Key insights

1.27k views • 31 slides
The SEMAINE API: The SEMAINE API: An open-source research platform for An open-source research

The SEMAINE API: The SEMAINE API: An open-source research platform for An open-source research

The SEMAINE API: The SEMAINE API: An open-source research platform for An open-source research platform for multimodal, emotion-oriented multimodal, emotion-oriented interactive systems interactive systems Marc Schrder, DFKI eNTERFACE

1.53k views • 37 slides
open simulation platform, HPC) : Towards the Road Map 2017 Pietro Asinari, Kersti Hermansson, Roy

open simulation platform, HPC) : Towards the Road Map 2017 Pietro Asinari, Kersti Hermansson, Roy

The European Materials Modelling Council EMMC Road Map 2015 Meeting Model development (electronic, atomistic, mesoscopic, continuum, coupling & linking, interoperability, open simulation platform, HPC) : Towards the Road Map 2017 Pietro

306 views • 17 slides
Standards Bodies Who Does What? Publishing and the Open Web Platform W3C DPIG Workshop Par is

Standards Bodies Who Does What? Publishing and the Open Web Platform W3C DPIG Workshop Par is

Standards Bodies Who Does What? Publishing and the Open Web Platform W3C DPIG Workshop Par is October 16 17, 2013 Bill Kasdorf Vice President, Apex Content Solutions Metadata Subgroup Lead, IDPF EPUB 3 Working Group Chair, BISG

206 views • 6 slides
Beyond x86_64 : Docker images for Multi-Platform Phil Estes IBM Cloud Open Technologies

Beyond x86_64 : Docker images for Multi-Platform Phil Estes IBM Cloud Open Technologies

Beyond x86_64 : Docker images for Multi-Platform Phil Estes IBM Cloud Open Technologies Twitter: @estesp 1 About Me Phil Estes Senior Technical Staff Member IBM Cloud, Open Technologies Container Strategy/Open Source Leader Docker

629 views • 10 slides
An Open Source SDN Platform Beraldo Leal beraldo.leal@cern.ch beraldo@ncc.unesp.br Sao Paulo

An Open Source SDN Platform Beraldo Leal beraldo.leal@cern.ch beraldo@ncc.unesp.br Sao Paulo

An Open Source SDN Platform Beraldo Leal beraldo.leal@cern.ch beraldo@ncc.unesp.br Sao Paulo State University - Unesp Kytos SDN Platform (Confidential) Kytos SDN Platform (Confidential) WLCG - Worldwide LHC Computing Grid Global

368 views • 32 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
MaxSim: A Simulation Platform for Managed Applications Open-source:

MaxSim: A Simulation Platform for Managed Applications Open-source:

R MaxSim: A Simulation Platform for Managed Applications Open-source: https://github.com/beehive-lab/MaxSim Andrey Rodchenko , Christos Kotselidis, Andy Nisbet, Antoniu Pop, Mikel Lujan Advanced Processor Technologies Group, School Of Computer

462 views • 23 slides
Implement an Industry Vision One global platform open to all stakeholders in the translation

Implement an Industry Vision One global platform open to all stakeholders in the translation

Implement an Industry Vision One global platform open to all stakeholders in the translation industry TDA Services TM Sharing Services for members only Upload and download translation memories Search free & open to the

432 views • 9 slides

More recommend