Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory

Novel hardware-aided trusted execution environments, as provided by Intel's Software Guard Extensions (SGX), enable to execute applications in a secure context that enforces confidentiality and integrity of the application state even when the host system is misbehaving. While this paves the way towards secure and trustworthy cloud computing, essential system support to protect persistent application state against rollback and forking attacks is missing. In this paper we present LCM – a lightweight protocol to establish a collective memory amongst all clients of a remote application to detect integrity and consistency violations. LCM enables the detection of rollback attacks against the remote application, enforces the consistency notion of fork-linearizability and notifies clients about operation stability. The protocol exploits the trusted execution environment, complements it with simple client-side operations, and maintains only small, constant storage at the clients. This simplifies the solution compared to previous approaches, where the clients had to verify all operations initiated by other clients. We have implemented LCM and demonstrated its advantages with a key-value store application. The evaluation shows that it introduces low network and computation overhead, in particular, a LCM-protected key-value store achieves 0.72x – 0.98x of an SGX-secured key-value store throughput.

[1]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[2]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[3]  Idit Keidar,et al.  Venus: verification for untrusted cloud storage , 2010, CCSW '10.

[4]  Peter Williams,et al.  The Blind Stone Tablet: Outsourcing Durability to Untrusted Parties , 2009, NDSS.

[5]  Frank Piessens,et al.  Ariadne: A Minimal Approach to State Continuity , 2016, USENIX Security Symposium.

[6]  Abhi Shelat,et al.  Efficient fork-linearizable access to untrusted shared memory , 2007, PODC '07.

[7]  Frank Piessens,et al.  ICE: a passive, high-speed, state-continuity scheme , 2014, ACSAC.

[8]  Arno Fiedler,et al.  Certificate transparency , 2014, Commun. ACM.

[9]  Jacob R. Lorch,et al.  TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[10]  Raoul Strackx,et al.  Idea: State-Continuous Transfer of State in Protected-Module Architectures , 2015, ESSoS.

[11]  Idit Keidar,et al.  Fail-Aware Untrusted Storage , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[12]  Jonathan M. McCune,et al.  Memoir: Practical State Continuity for Protected Modules , 2011, 2011 IEEE Symposium on Security and Privacy.

[13]  Dan Dobre,et al.  Abortable Fork-Linearizable Storage , 2009, OPODIS.

[14]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[15]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[16]  David Safford,et al.  Trustworthy geographically fenced hybrid clouds , 2014, Middleware.

[17]  Hagit Attiya,et al.  Distributed Computing: Fundamentals, Simulations and Advanced Topics , 1998 .

[18]  Marcin Paprzycki,et al.  Distributed Computing: Fundamentals, Simulations and Advanced Topics , 2001, Scalable Comput. Pract. Exp..

[19]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[20]  Christian Cachin,et al.  Don't trust the cloud, verify: integrity and consistency for cloud object stores , 2015, SYSTOR.

[21]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[22]  Adam Silberstein,et al.  Benchmarking cloud serving systems with YCSB , 2010, SoCC '10.

[23]  Ariel J. Feldman,et al.  SPORC: Group Collaboration using Untrusted Cloud Resources , 2010, OSDI.

[24]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[25]  Christian Cachin,et al.  Verifying the Consistency of Remote Untrusted Services with Commutative Operations , 2013, OPODIS.

[26]  Shay Gueron,et al.  A Memory Encryption Engine Suitable for General Purpose Processors , 2016, IACR Cryptol. ePrint Arch..

[27]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[28]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[29]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[30]  Marvin Theimer,et al.  Managing update conflicts in Bayou, a weakly connected replicated storage system , 1995, SOSP.

[31]  Michael T. Goodrich,et al.  Athos: Efficient Authentication of Outsourced File Systems , 2008, ISC.

[32]  Christof Fetzer,et al.  SecureKeeper: Confidential ZooKeeper using Intel SGX , 2016, Middleware.

[33]  Scott Shenker,et al.  Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[34]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[35]  Jiangtao Li,et al.  Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation , 2010, 2010 IEEE Second International Conference on Social Computing.

[36]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[37]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.

[38]  Carlo Curino,et al.  Mobius: unified messaging and data serving for mobile apps , 2012, MobiSys '12.