A Bus Authentication and Anti-Probing Architecture Extending Hardware Trusted Computing Base Off CPU Chips and Beyond

2020 ◽  
Author(s):  
Zhenyu Xu ◽  
Thomas Mauldin ◽  
Zheyi Yao ◽  
Shuyi Pei ◽  
Tao Wei ◽  
...  
Keyword(s):  
Trusted Computing ◽  
Trusted Computing Base

scholarly journals Threats and Vulnerabilities to IoT End Devices Architecture and suggested remedies

2020 ◽  
Vol 8 (6) ◽  
pp. 5712-5718
Keyword(s):  
Decision Making ◽  
Internet Of Things ◽  
Data Processing ◽  
Trusted Computing ◽  
External World ◽  
Security Threats ◽  
Iot Applications ◽  
Trusted Computing Base ◽  
Chain Of Trust ◽  
New Challenges

Due to decentralization of Internet of Things(IoT) applications and anything, anytime, anywhere connectivity has increased burden of data processing and decision making at IoT end devices. This overhead initiated new bugs and vulnerabilities thus security threats are emerging and presenting new challenges on these end devices. IoT End Devices rely on Trusted Execution Environments (TEEs) by implementing Root of trust (RoT) as soon as power is on thus forming Chain of trust (CoT) to ensure authenticity, integrity and confidentiality of every bit and byte of Trusted Computing Base (TCB) but due to un-trusted external world connectivity and security flaws such as Spectre and meltdown vulnerabilities present in the TCB of TEE has made CoT unstable and whole TEE are being misutilized. This paper suggests remedial solutions for the threats arising due to bugs and vulnerabilities present in the different components of TCB so as to ensure the stable CoT resulting into robust TEE.

scholarly journals Composite Enclaves: Towards Disaggregated Trusted Execution

2021 ◽  
pp. 630-656
Author(s):  
Moritz Schneider ◽  
Aritra Dhar ◽  
Ivan Puddu ◽  
Kari Kostiainen ◽  
Srdjan Čapkun
Keyword(s):  
Case Studies ◽  
Large Scale ◽  
Trusted Computing ◽  
Design Time ◽  
Wide Range ◽  
Trusted Computing Base ◽  
Recent Developments ◽  
Configurable Hardware ◽  
Low Performance ◽  
Specialized Hardware

The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs’ potential and applicability to a handful of applications. We observe that the TEEs’ hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose composite enclaves with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.

scholarly journals Formal Verification of a Mandatory Integrity Control Model for the KasperskyOS Operating System

2020 ◽  
Vol 32 (6) ◽  
pp. 31-48
Author(s):  
Vladimir Sergeevich Burenkov
Keyword(s):  
Operating System ◽  
Formal Verification ◽  
Operating Systems ◽  
Trusted Computing ◽  
Control Model ◽  
Discrete Mathematics ◽  
Active Components ◽  
Access To Resources ◽  
Trusted Computing Base ◽  
Automated Proof

Models of mandatory integrity control in operating systems usually restrict accesses of active components of a system to passive ones and represent the accesses directly. This is suitable in case of monolithic operating systems whose components that provide access to resources are part of the trusted computing base. However, due to the sheer complexity of such components, it is extremely nontrivial to prove such a model to be adequate to the real system. KasperskyOS is a microkernel operating system that organizes access to resources via components that are not necessarily part of the trusted computing base. KasperskyOS implements a specifically developed mandatory integrity control model that takes such components into account. This paper formalizes the model and describes the process of automated proof of the model’s properties. For formalization, we use the Event-B language. We clarify parts specific to Event-B to make our presentation accessible to professionals familiar with discrete mathematics but not necessarily with Event-B. We reflect on the proof experience obtained in the Rodin platform.

scholarly journals StealthDB: a Scalable Encrypted Database with Full SQL Query Support

2019 ◽  
Vol 2019 (3) ◽  
pp. 370-388 ◽  
Author(s):  
Dhinakaran Vinayagamurthy ◽  
Alexey Gribov ◽  
Sergey Gorbunov
Keyword(s):  
High Performance ◽  
Trusted Computing ◽  
Database Systems ◽  
Sensitive Data ◽  
Garbled Circuits ◽  
Cryptographic Algorithms ◽  
Trusted Computing Base ◽  
Encrypted Database ◽  
Security Guarantees ◽  
Sql Query

Abstract Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either special-purpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms (e.g., public-key encryptions, garbled circuits) usually result in high performance overheads, while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around the architectural limitations of the specific devices used. In this work we build StealthDB – an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large transactional workloads, requires minor DBMS changes, and provides a relatively strong security guarantees at steady state and during query execution. Our prototype on top of Postgres supports the full TPC-C benchmark with a 30% decrease in the average throughput over an unmodified version of Postgres operating on a 2GB unencrypted dataset.

scholarly journals Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI

2022 ◽  
Vol 6 (POPL) ◽  
pp. 1-30
Author(s):  
Matthew Kolosick ◽  
Shravan Narayan ◽  
Evan Johnson ◽  
Conrad Watt ◽  
Michael LeMay ◽  
...  
Keyword(s):  
Trusted Computing ◽  
Fault Isolation ◽  
Third Party ◽  
Logical Relation ◽  
Secure Systems ◽  
Context Switching ◽  
Function Calls ◽  
Trusted Computing Base ◽  
Significant Performance ◽  
Almost All

Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use heavyweight transitions that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of zero-cost conditions that characterize when sandboxed code has sufficient structured to guarantee security via lightweight zero-cost transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7% and 10% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a static binary verifier , VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by developing a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system.

Sign in / Sign up

Export Citation Format

Share Document