PIE: A Dynamic TCB for Remote Systems with a Platform Isolation Environment

Trusted execution environments (TEE) remove the OS and the hypervisor from the trusted computing base (TCB) and provide isolation to applications, known as enclaves. TEEs also provide remote attestation, which allows a remote verifier to check if the proper version of the enclave is running. However, TEEs provide only a static and restricted hardware trusted computing base, which includes only the CPU. While this might be acceptable for some applications, it is too restrictive for others, and falls short when one considers external hardware entities that are connected to the platform. Current proposals to include specific external components into a TEE exist, but these remain limited to very specific use cases and cannot be used dynamically. In this paper, we investigate platforms where enclaves can utilize a dynamic hardware TCB. We propose new security properties that are relevant for such systems, namely, platform-wide attestation and platform awareness. These properties allow a remote verifier to verify the current state and to define how the enclave reacts upon a change in connected peripherals. Finally, we present a prototype based on RISC-V's Keystone to show that such systems are feasible with only around 350 lines added to the software TCB.

[1]  Herbert Bos,et al.  MINIX 3: a highly reliable, self-repairing operating system , 2006, OPSR.

[2]  David Lie,et al.  Splitting interfaces: making trust between applications and operating systems configurable , 2006, OSDI '06.

[3]  Luca Benini,et al.  Near-Threshold RISC-V Core With DSP Extensions for Scalable IoT Endpoint Devices , 2016, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[4]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[5]  Shay Gueron,et al.  Memory Encryption for General-Purpose Processors , 2016, IEEE Security & Privacy.

[6]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[8]  James Newsome,et al.  Building Verifiable Trusted Path on Commodity x86 Computers , 2012, 2012 IEEE Symposium on Security and Privacy.

[9]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[10]  Adam M. Izraelevitz,et al.  The Rocket Chip Generator , 2016 .

[11]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[12]  Vikram S. Adve,et al.  Virtual ghost: protecting applications from hostile operating systems , 2014, ASPLOS.

[13]  Yubin Xia,et al.  VButton: Practical Attestation of User-driven Operations in Mobile Apps , 2018, MobiSys.

[14]  Xiao Zhang,et al.  Towards practical page coloring-based multicore cache management , 2009, EuroSys '09.

[15]  Luca Benini,et al.  The Cost of Application-Class Processing: Energy and Performance Analysis of a Linux-Ready 1.7-GHz 64-Bit RISC-V Core in 22-nm FDSOI Technology , 2019, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[16]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[17]  Srdjan Capkun,et al.  ProtectIOn: Root-of-Trust for IO in Compromised Platforms , 2019, IACR Cryptol. ePrint Arch..

[18]  Gil Neiger,et al.  Intel ® Virtualization Technology for Directed I/O , 2006 .

[19]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[20]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[21]  Wenliang Du,et al.  TruZ-Droid: Integrating TrustZone with Mobile Operating System , 2018, MobiSys.

[22]  Srdjan Capkun,et al.  DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization , 2019, ACSAC.

[23]  Krste Asanovic,et al.  The RISC-V Instruction Set Manual Volume 2: Privileged Architecture Version 1.7 , 2015 .

[24]  Srinivas Devadas,et al.  Sanctorum: A lightweight security monitor for secure enclaves , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[25]  Bobby Bhattacharjee,et al.  SeCloak: ARM Trustzone-based Mobile Peripheral Control , 2018, MobiSys.

[26]  Ahmad-Reza Sadeghi,et al.  TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V , 2019, NDSS.

[27]  Rodrigo Bruno,et al.  Graviton: Trusted Execution Environments on GPUs , 2018, OSDI.

[28]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[29]  David A. Patterson,et al.  The Berkeley Out-of-Order Machine (BOOM): An Industry-Competitive, Synthesizable, Parameterized RISC-V Processor , 2015 .

[30]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[31]  Cyrille Artho,et al.  Memory deduplication as a threat to the guest OS , 2011, EUROSEC '11.

[32]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[33]  Yubin Xia,et al.  Building trusted path on untrusted device drivers for mobile devices , 2014, APSys.

[34]  Ahmad-Reza Sadeghi,et al.  SANCTUARY: ARMing TrustZone with User-space Enclaves , 2019, NDSS.

[35]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[36]  Peng Ning,et al.  Samsung KNOX and Enterprise Mobile Security , 2014, SPSM@CCS.

[37]  Srinath T. V. Setty,et al.  Visor: Privacy-Preserving Video Analytics as a Cloud Service , 2020, USENIX Security Symposium.

[38]  Srdjan Capkun,et al.  IntegriKey: End-to-End Integrity Protection of User Input , 2017, IACR Cryptol. ePrint Arch..

[39]  Dawn Song,et al.  Keystone: an open framework for architecting trusted execution environments , 2020, EuroSys.

[40]  Mario Werner,et al.  SGXIO: Generic Trusted I/O Path for Intel SGX , 2017, CODASPY.

[41]  Dan Boneh,et al.  Fidelius: Protecting User Secrets from Compromised Browsers , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[42]  Michael Trimarchi,et al.  Trusted display and input using screen overlays , 2017, 2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[43]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..