Isolating Operating System Components with Intel SGX

In this paper, we present a novel approach on isolating operating system components with Intel SGX. Although SGX has not been designed to work in kernel mode, we found a way of wrapping Linux kernel functionality within SGX enclaves by moving parts of it to user space. Kernel components are strictly isolated from each other such that a vulnerability in one kernel module cannot escalate into compromising the entire kernel. We provide a proof-of-concept implementation which protects an exemplary kernel function, namely full disk encryption, using an Intel SGX enclave. Besides integrity of the disk encryption, our implementation ensures that the confidentiality of the disk encryption key is protected against all software level attacks as well as physical attacks. In addition to the user password, we use a second authentication factor for deriving the encryption key which is stored sealed and bound to the platform. Thus, stealing the hard drive and sniffing the user password is insufficient for an attacker to break disk encryption. Instead, the two factor authentication scheme requires an attacker to additionally obtain the actual machine to be able to break encryption.

[1]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[3]  Frank Piessens,et al.  Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base , 2013, USENIX Security Symposium.

[4]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[5]  William K. Robertson,et al.  TRESOR-HUNT: attacking CPU-bound encryption , 2012, ACSAC '12.

[6]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[7]  Johannes Götzfried,et al.  Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption , 2014, TSEC.

[8]  Andrew S. Tanenbaum,et al.  Modern Operating Systems: Jumpstart Sampling Edition , 2008 .

[9]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[10]  Felix C. Freiling,et al.  Soteria: Offline Software Protection within Low-cost Embedded Devices , 2015, ACSAC.

[11]  Martin Johns,et al.  USB Device Drivers: A Stepping Stone into Your Kernel , 2010, 2010 European Conference on Computer Network Defense.

[12]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[13]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[14]  Michael K. Reiter,et al.  An Execution Infrastructure for TCB Minimization , 2007 .

[15]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[16]  Johannes Götzfried,et al.  ARMORED: CPU-Bound Encryption for Android-Driven ARM Devices , 2013, 2013 International Conference on Availability, Reliability and Security.

[17]  Ruby B. Lee,et al.  Scalable architectural support for trusted software , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[18]  Frank Piessens,et al.  Fides: selectively hardening software application components against kernel-level or process-level malware , 2012, CCS '12.

[19]  Andreas Dewald,et al.  TRESOR Runs Encryption Securely Outside RAM , 2011, USENIX Security Symposium.

[20]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[21]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[22]  Luca Faust,et al.  Modern Operating Systems , 2016 .