SGX-FS: Hardening a File System in User-Space with Intel SGX

File systems have long benefited from hardware acceleration to improve their performance. In order to leverage such hardware capabilities, file systems rely on direct and trusted support from the underlying operating system. However, this assumes that the OS and the associated kernel drivers, which access the accelerators, are trustworthy. The recent introduction of the Intel software guard extensions (SGX) instruction set allows application developers to lift part of these assumptions, in conjunction with the widespread availability of these new extensions in mass-market CPUs. With SGX, programmers can design secure applications under a stronger adversarial model, such as a compromised OS or kernel module. Code executes inside enclaves and is protected from privileged processes, including the OS itself. This paper presents SGX-FS, a new user-space file system that leverages SGX data sealing capabilities for secure in-memory and persistent storage. It combines the FUSE framework with SGX to securely protect user data. In particular, SGX-FS efficiently encrypts and decrypts the application data within the enclaves. We fully implement an open-source SGX-FS prototype and evaluate its performance by means of a representative set of nano-and micro-benchmarks.

[1]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[2]  Jeff Dike,et al.  A user-mode port of the Linux kernel , 2000, Annual Linux Showcase & Conference.

[3]  Donald E. Porter,et al.  Rethinking the library OS from the top down , 2011, ASPLOS XVI.

[4]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[5]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[6]  Todd M. Austin,et al.  Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[7]  David M. Eyers,et al.  Glamdring: Automatic Application Partitioning for Intel SGX , 2017, USENIX Annual Technical Conference.

[8]  Rebekah Leslie-Hurd,et al.  Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave , 2016, HASP@ISCA.

[9]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[10]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.

[11]  Erez Zadok,et al.  To FUSE or Not to FUSE: Performance of User-Space File Systems , 2017, FAST.

[12]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[13]  Valerio Schiavoni,et al.  SafeFS: a modular architecture for secure user-space file systems: one FUSE to rule them all , 2017, SYSTOR.

[14]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[15]  Christof Fetzer,et al.  TaLoS : Secure and Transparent TLS Termination inside SGX Enclaves , 2017 .

[16]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.