Motivation Approach of TrustJS Evaluation Conclusion TrustJS: Trusted Client-side Execution of JavaScript David Goltzsche 1 , Colin Wulf 1 , Divya Muthukumaran 2 , Konrad Rieck 1 , Peter Pietzuch 2 and R¨ udiger Kapitza 1 1 TU Braunschweig, Germany 2 Imperial College London, UK EuroSec’17, April 23, 2017, Belgrade, Serbia 0 / 15
Motivation Approach of TrustJS Evaluation Conclusion place 1 / 15
Motivation Approach of TrustJS Evaluation Conclusion hol 1 / 15
Motivation Approach of TrustJS Evaluation Conclusion der 1 / 15
Motivation Approach of TrustJS Evaluation Conclusion untrusted client-side computation 1 / 15
Motivation Approach of TrustJS Evaluation Conclusion computation repeated 1 / 15
Motivation Approach of TrustJS Evaluation Conclusion computation not offloaded 1 / 15
Motivation Approach of TrustJS Evaluation Conclusion Agenda Motivation Approach of TrustJS Evaluation Conclusion 2 / 15
Motivation Approach of TrustJS Evaluation Conclusion Motivation • Web applications replace traditional desktop applications • Providers offload computations to clients • Popular programming language: JavaScript • Minimise round trips • Reduce server-side resource demand • Clients not assumed as trustworthy • Results can be faulty • No confidential code or data → Strong limitation for offloading approach • Results of untrusted clients typically verified at server-side • Requires recomputation, that can lead to vulnerabilites 1 → Waste of resources 1P. Bisht, et el. NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications. CCS, 2010. 3 / 15
Motivation Approach of TrustJS Evaluation Conclusion TrustJS Trusted client-side execution of JavaScript • General purpose JavaScript • Integration in commodity browsers • Protecting code and data • Integrity • Confidentiality (optional) • Remote verification of computation results 4 / 15
Motivation Approach of TrustJS Evaluation Conclusion Architecture of TrustJS Browser SP 1 SP 2 Add-on Browser tab 1 Browser tab 2 IE 3 Browser tab 3 IE 3 SP 3 IE 3 T rusted channel High-level architecture of TrustJS IE : interpreter enclave SP : service provider 5 / 15
Motivation Approach of TrustJS Evaluation Conclusion Intel SGX (1/2) • S oftware G uard E x tensions • Extension of x86 instruction set • Creation of isolated compartments → enclaves • Execution isolated from untrusted OS • Transparent memory encryption • Pages stored in EPC • Support for remote attestation • based on Intel-provided service IAS 6 / 15
Motivation Approach of TrustJS Evaluation Conclusion Intel SGX (2/2) Application enclave creation Enclave ecall ocall trusted untrusted untrusted execution execution execution return return enclave destrucion Basic interaction pattern between application and enclave 7 / 15
Motivation Approach of TrustJS Evaluation Conclusion Approach of TrustJS • Use Intel SGX enclaves at client-side • Put JavaScript interpreter MuJS in it • ”Interpreter enclave” • Integration as browser add-on • Generic enclave binary shipped • Additional trusted JavaScript interpreter in browser • Untrusted : GUI rendering, user interaction • Trusted : execution of integrity-protected/encrypted code • Remote attestation to generate verifiable responses → Verification at server • Developers annotate code parts for trusted execution • Automated transition into interpreter enclave 8 / 15
Motivation Approach of TrustJS Evaluation Conclusion TrustJS Client Browser process HTML page Add-on Bridge Interpreter JS Engine enclave untrusted JS Engine JavaScript execution trusted JS execution 9 / 15 Client-side components of TrustJS
Motivation Approach of TrustJS Evaluation Conclusion TrustJS Client Browser process HTML page Add-on Bridge ports injected js-ctypes content script ecalls ocalls Interpreter JS Engine enclave untrusted JS Engine JavaScript execution trusted JS execution 9 / 15 Client-side components of TrustJS
Motivation Approach of TrustJS Evaluation Conclusion TrustJS Server < script trustjs-encrypt="yes"> /* @exposed confidentialFunction 1 */ function hiddenFunction(y) { ... } function confidentialFunction(x) { ... hiddenFunction(x); } </ script > < script >var a = confidentialFunction(42);</ script > 10 / 15
Motivation Approach of TrustJS Evaluation Conclusion TrustJS Server < script trustjs-encrypt="yes"> /* @exposed confidentialFunction 1 */ function hiddenFunction(y) { ... } function confidentialFunction(x) { ... hiddenFunction(x); } </ script > < script >var a = confidentialFunction(42);</ script > ⇓ < script trustjs-encrypt="yes" trustjs-blob="X6YXkazAVA7oBZYC..9CkX0Tq9I="/> < script >var a = confidentialFunction(42);</ script > 10 / 15
Motivation Approach of TrustJS Evaluation Conclusion Evaluation 1/4 Client Server t 0 HTTP GET HTML calc 1 t 1 HTTP POST Result calc 1 calc 2 HTTP POST Result calc 2 t 2 Latency build-up of traditional web application with server-side recalculations 11 / 15
Motivation Approach of TrustJS Evaluation Conclusion Evaluation 2/4 Client Server IAS Enclave start t 0 HTTP GET Quote + public key Quote Hash check Quote veri fi cation OK Secret key generation Preparation of HTML document HTML t 1 Encrypted secret key calc 1 calc 2 HMAC generation HTTP POST Result + HMAC HMAC veri fi cation t 2 Latency build-up of web application using TrustJS with single server-side verification 12 / 15
Motivation Approach of TrustJS Evaluation Conclusion Evaluation 3/4 1200 1000 Application run time [ms] 800 600 400 200 no TrustJS TrustJS 0 1 2 3 4 5 6 7 8 9 10 Number of calculations 13 / 15
Motivation Approach of TrustJS Evaluation Conclusion Evaluation 4/4 100 Server CPU usage [%] 80 60 40 20 no TrustJS TrustJS 0 1 100 200 300 400 500 600 Number of clients 14 / 15
Motivation Approach of TrustJS Evaluation Conclusion Conclusion and Future Work • TrustJS enables... • trusted execution of JavaScript in commodity browsers seamlessly integrated as an add-on • service providers to save resources by removing (re)computations on server-side • developers to remove unnecessary round trips • With future work TrustJS may... • support more sophisticated JavaScript engines • make parts of the Node.js API available in enclave 15 / 15
Recommend
More recommend
