Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI

Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use heavyweight transitions that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of zero-cost conditions that characterize when sandboxed code has sufficient structured to guarantee security via lightweight zero-cost transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7% and 10% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a static binary verifier , VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by developing a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system.

Composite Enclaves: Towards Disaggregated Trusted Execution

The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs’ potential and applicability to a handful of applications. We observe that the TEEs’ hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose composite enclaves with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.

A Hardware Platform for Ensuring OS Kernel Integrity on RISC-V

The OS kernel is typically preassumed as a trusted computing base in most computing systems. However, it also implies that once an attacker takes control of the OS kernel, the attacker can seize the entire system. Because of such security importance of the OS kernel, many works have proposed security solutions for the OS kernel using an external hardware module located outside the processor. By doing this, these works can realize the physical isolation of security solutions from the OS kernel running in the processor, but they cannot access the inner state of the processor, which attackers can manipulate. Thus, they elaborated several methods to overcome such limited capability of external hardware. However, those methods usually come with several side effects, such as high-performance overhead, kernel code modifications, and/or excessively complicated hardware designs. In this paper, we introduce RiskiM, a new hardware-based monitoring platform to ensure kernel integrity from outside the host system. To deliver the inner state of the host to RiskiM, we have devised a hardware interface architecture, called PEMI. Through PEMI, RiskiM is supplied with all internal states of the host system essential for fulfilling its monitoring task to protect the kernel. To empirically validate our monitoring platform’s security strength and performance, we have fully implemented PEMI and RiskiM on a RISC-V based processor and FPGA, respectively. Our experiments show that RiskiM succeeds in the host kernel protection by detecting even the advanced attacks which could circumvent previous solutions, yet suffering from virtually no aforementioned side effects.

Towards Secure E-Voting Using Blockchain

Voting in this country is the most tedious job to be handled, involving all kinds of corrupted and illegal deeds. Elections in India are conducted exclusively using EVM’s developed over the past two decades by a group of government-owned companies. These devices, known in India as EVMs, have been adopted greatly for their simple design, ease of conduct, and robustness. However, recently they have also been marked prey following widespread reports of election irregularities. Despite this criticism, many details of the mechanism have never been publicly discussed, and they have not been subjected to a stringent, independent security evaluation. We conclude that in spite of the machines’ simplicity and software trusted computing base, they are vulnerable to indigenous attacks that can modify election results and violate the law of the election commission. Most of the attacks done are physical, by changing the electricals, but if the machine is connected real time to a cloud server and involves an independent screen which shows the confirmation of choice symbolically before placing the final vote, it can help in detecting problems and maintain the integrity of the system.

Protecting Security-Sensitive Data Using Program Transformation and Trusted Execution Environment

Cloud computing allows clients to upload their sensitive data to the public cloud and perform sensitive computations in those untrusted areas, which drives to possible violations of the confidentiality of client sensitive data. Utilizing Trusted Execution Environments (TEEs) to protect data confidentiality from other software is an effective solution. TEE is supported by different platforms, such as Intel’s Software Guard Extension (SGX). SGX provides a TEE, called an enclave, which can be used to protect the integrity of the code and the confidentiality of data. Some efforts have proposed different solutions in order to isolate the execution of security-sensitive code from the rest of the application. Unlike our previous work, CFHider, a hardware-assisted method that aimed to protect only the confidentiality of control flow of applications, in this study, we develop a new approach for partitioning applications into security-sensitive code to be run in the trusted execution setting and cleartext code to be run in the public cloud setting. Our approach leverages program transformation and TEE to hide security-sensitive data of the code. We describe our proposed solution by combining the partitioning technique, program transformation, and TEEs to protect the execution of security-sensitive data of applications. Some former works have shown that most applications can run in their entirety inside trusted areas such as SGX enclaves, and that leads to a large Trusted Computing Base (TCB). Instead, we analyze three case studies, in which we partition real Java applications and employ the SGX enclave to protect the execution of sensitive statements, therefore reducing the TCB. We also showed the advantages of the proposed solution and demonstrated how the confidentiality of security-sensitive data is protected.

cake_lpr: Verified Propagation Redundancy Checking in CakeML

Modern SAT solvers can emit independently checkable proof certificates to validate their results. The state-of-the-art proof system that allows for compact proof certificates is propagation redundancy (PR). However, the only existing method to validate proofs in this system with a formally verified tool requires a transformation to a weaker proof system, which can result in a significant blowup in the size of the proof and increased proof validation time. This paper describes the first approach to formally verify PR proofs on a succinct representation; we present (i) a new Linear PR (LPR) proof format, (ii) a tool to efficiently convert PR proofs into LPR format, and (iii) , a verified LPR proof checker developed in CakeML. The LPR format is backwards compatible with the existing LRAT format, but extends the latter with support for the addition of PR clauses. Moreover, is verified using CakeML ’s binary code extraction toolchain, which yields correctness guarantees for its machine code (binary) implementation. This further distinguishes our clausal proof checker from existing ones because unverified extraction and compilation tools are removed from its trusted computing base. We experimentally show that LPR provides efficiency gains over existing proof formats and that the strong correctness guarantees are obtained without significant sacrifice in the performance of the verified executable.

Mitigator: Privacy policy compliance using trusted hardware

Through recent years, much research has been conducted into processing privacy policies and presenting them in ways that are easy for users to understand. However, understanding privacy policies has little utility if the website’s data processing code does not match the privacy policy. Although systems have been proposed to achieve compliance of internal software to access control policies, they assume a large trusted computing base and are not designed to provide a proof of compliance to an end user. We design Mitigator, a system to enforce compliance of a website’s source code with a privacy policy model that addresses these two drawbacks of previous work. We use trusted hardware platforms to provide a guarantee to an end user that their data is only handled by code that is compliant with the privacy policy. Such an end user only needs to trust a small module in the hardware of the remote back-end machine and related libraries but not the entire OS. We also provide a proof-of-concept implementation of Mitigator and evaluate it for its latency. We conclude that it incurs only a small overhead with respect to an unmodified system that does not provide a guarantee of privacy policy compliance to the end user.

Threats and Vulnerabilities to IoT End Devices Architecture and suggested remedies

Due to decentralization of Internet of Things(IoT) applications and anything, anytime, anywhere connectivity has increased burden of data processing and decision making at IoT end devices. This overhead initiated new bugs and vulnerabilities thus security threats are emerging and presenting new challenges on these end devices. IoT End Devices rely on Trusted Execution Environments (TEEs) by implementing Root of trust (RoT) as soon as power is on thus forming Chain of trust (CoT) to ensure authenticity, integrity and confidentiality of every bit and byte of Trusted Computing Base (TCB) but due to un-trusted external world connectivity and security flaws such as Spectre and meltdown vulnerabilities present in the TCB of TEE has made CoT unstable and whole TEE are being misutilized. This paper suggests remedial solutions for the threats arising due to bugs and vulnerabilities present in the different components of TCB so as to ensure the stable CoT resulting into robust TEE.