A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications

Network applications and protocols are increasingly adopting security and privacy features, as they are becoming one of the primary requirements. The wide-spread use of transport layer security (TLS) and the growing popularity of anonymity networks, such as Tor, exemplify this trend. Motivated by the recent movement towards commoditization of trusted execution environments (TEEs), this paper explores alternative design choices that application and protocol designers should consider. In particular, we explore the possibility of using Intel SGX to provide security and privacy in a wide range of network applications. We show that leveraging hardware protection of TEEs opens up new possibilities, often at the benefit of a much simplified application/protocol design. We demonstrate its practical implications by exploring the design space for SGX-enabled software-defined inter-domain routing, peer-to-peer anonymity networks (Tor), and middleboxes. Finally, we quantify the potential overheads of the SGX-enabled design by implementing it on top of OpenSGX, an open source SGX emulator.

[1]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[2]  James Newsome,et al.  MiniBox: A Two-Way Sandbox for x86 Native Code , 2014, USENIX ATC.

[3]  Yan Grunenberger,et al.  The Cost of the "S" in HTTPS , 2014, CoNEXT.

[4]  Brent Byunghoon Kang,et al.  OpenSGX: An Open Platform for SGX Research , 2016, NDSS.

[5]  Ronald Perez,et al.  Linking remote attestation to secure tunnel endpoints , 2006, STC '06.

[6]  Xin Zhang,et al.  Network fault localization with small TCB , 2011, 2011 19th IEEE International Conference on Network Protocols.

[7]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[9]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[10]  Kenneth G. Paterson,et al.  Trusted computing: providing security for peer-to-peer networks , 2005, Fifth IEEE International Conference on Peer-to-Peer Computing (P2P'05).

[11]  Pablo Rodriguez,et al.  Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS , 2015, Comput. Commun. Rev..

[12]  Sanjit A. Seshia,et al.  Moat: Verifying Confidentiality of Enclave Programs , 2015, CCS.

[13]  Björn Scheuermann,et al.  The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network , 2014, NDSS.

[14]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[15]  X.. Yang,et al.  NIRA: A New Inter-Domain Routing Architecture , 2007, IEEE/ACM Transactions on Networking.

[16]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[17]  Roger Dingledine,et al.  Building Incentives into Tor , 2010, Financial Cryptography.

[18]  Jiangtao Li,et al.  Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities , 2007, IEEE Transactions on Dependable and Secure Computing.

[19]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[21]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[22]  Alexander J. T. Gurney,et al.  Private and Verifiable Interdomain Routing Decisions , 2016, IEEE/ACM Transactions on Networking.

[23]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[24]  Walid Dabbous,et al.  One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users , 2011, LEET.

[25]  Joan Feigenbaum,et al.  A new approach to interdomain routing based on secure multi-party computation , 2012, HotNets-XI.

[26]  Alec Wolman,et al.  cTPM: A Cloud TPM for Cross-Device Trusted Applications , 2014, NSDI.

[27]  Christos Gkantsidis,et al.  VC 3 : Trustworthy Data Analytics in the Cloud , 2014 .

[28]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[29]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[30]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.

[31]  Russell J. Clark,et al.  SDX , 2014 .

[32]  Stefan Lindskog,et al.  Spoiled Onions: Exposing Malicious Tor Exit Relays , 2014, Privacy Enhancing Technologies.