CAFE: A Virtualization-Based Approach to Protecting Sensitive Cloud Application Logic Confidentiality

Cloud application marketplaces of modern cloud infrastructures offer a new software deployment model, integrated with the cloud environment in its configuration and policies. However, similar to traditional software distribution which has been suffering from software piracy and reverse engineering, cloud marketplaces face the same challenges that can deter the success of the evolving ecosystem of cloud software. We present a novel system named CAFE for cloud infrastructures where sensitive software logic can be executed with high secrecy protected from any piracy or reverse engineering attempts in a virtual machine even when its operating system kernel is compromised. The key mechanism is the end-to-end framework for the execution of applications, which consists of the secure encryption and distribution of confidential application binary files, and the runtime techniques to load, decrypt, and protect the program logic by isolating them from tenant virtual machines based on hypervisor-level techniques. We evaluate applications in several software categories which are commonly offered in cloud marketplaces showing that strong confidential execution can be provided with only marginal changes (around 100-220 lines of code) and minimal performance overhead.

[1]  Clemens Heinrich,et al.  Transport Layer Security (TLS) , 2011, Encyclopedia of Cryptography and Security.

[2]  Christian Wenz,et al.  DRM Under Attack: Weaknesses in Existing Systems , 2003, Digital Rights Management.

[3]  Jong Kim,et al.  binOb+: a framework for potent and stealthy binary obfuscation , 2010, ASIACCS '10.

[4]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[5]  Christoforos E. Kozyrakis,et al.  Evaluating MapReduce for Multi-core and Multiprocessor Systems , 2007, 2007 IEEE 13th International Symposium on High Performance Computer Architecture.

[6]  Tal Garfinkel,et al.  Towards Application Security on Untrusted Operating Systems , 2008, HotSec.

[7]  Daesung Kwon,et al.  A Description of the ARIA Encryption Algorithm , 2010, RFC.

[8]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[9]  Rolf Rolles,et al.  Unpacking Virtualization Obfuscators , 2009, WOOT.

[10]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Nezer Zaidenberg,et al.  Truly-Protect: An Efficient VM-Based Software Protection , 2013, IEEE Systems Journal.

[12]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[13]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[14]  Rüdiger Kapitza,et al.  Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[15]  James Newsome,et al.  Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework , 2013, 2013 IEEE Symposium on Security and Privacy.

[16]  Jonathon T. Giffin,et al.  Impeding Malware Analysis Using Conditional Code Obfuscation , 2008, NDSS.

[17]  Alec Wolman,et al.  fTPM: A Software-Only Implementation of a TPM Chip , 2016, USENIX Security Symposium.

[18]  Mario Werner,et al.  SGXIO: Generic Trusted I/O Path for Intel SGX , 2017, CODASPY.

[19]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[20]  Adrian Perrig,et al.  Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms , 2012, TRUST.

[21]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[22]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[23]  Thomas E. Anderson,et al.  A Comparison of File System Workloads , 2000, USENIX Annual Technical Conference, General Track.

[24]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[25]  Yong Qi,et al.  AppSec: A Safe Execution Environment for Security Sensitive Applications , 2015, VEE.

[26]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[27]  Xiangyu Zhang,et al.  Obfuscation resilient binary code reuse through trace-oriented programming , 2013, CCS.

[28]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[29]  Leendert van Doorn,et al.  A Practical Guide to Trusted Computing , 2007 .

[30]  B. Gladman,et al.  Security Engineering: a Guide to Building Dependable Distributed Systems Physical Tamper Resistance 14.1 Introduction , 2022 .

[31]  Kenneth A. Goldman,et al.  A Practical Guide to TPM 2.0 , 2015, Apress.

[32]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[33]  Gregory R. Andrews,et al.  Binary Obfuscation Using Signals , 2007, USENIX Security Symposium.

[34]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[35]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[36]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .