OpenSGX: An Open Platform for SGX Research

23rd Annual Network and Distributed System Security Symposium, NDSS 2016

Volumn , Issue , 2016, Pages

  Jain, Prerit ^a   Desai, Soham ^a   Kim, Seongmin ^b   Shih, Ming Wei ^a   Lee, JaeHyuk ^b   Choi, Changho ^b   Shin, Youjung ^b   Kim, Taesoo ^a   Kang, Brent Byunghoon ^b   Han, Dongsu ^b  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

^b Korea Advanced Institute of Science and Technology (KAIST)   (South Korea)

Author keywords

[No Author keywords available]

Indexed keywords

OPEN SOURCE SOFTWARE; OPEN SYSTEMS; PROGRAM DEBUGGING;

COMMODITIZATION; HARDWARE COMPONENTS; HARDWARE TECHNOLOGY; INSTRUCTION-LEVEL; OPEN PLATFORMS; OPEN SOURCE PLATFORMS; SOFTWARE TECHNOLOGY; SOFTWARE-COMPONENT; SYSTEM SOFTWARES; TRUSTED EXECUTION ENVIRONMENTS;

TRUSTED COMPUTING;

EID: 85180759573     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss.2016.23011     Document Type: Conference Paper

References (54)

1. T. G. Abbott, K. J. Lai, M. R. Lieberman, and E. C. Price. Browser-based attacks on tor. In Proceedings of the 7th International Conference on Privacy Enhancing Technologies, 2007.
2. I. Anati, S. Gueron, S. P. Johnson, and V. R. Scarlata. Innovative Technology for CPU Based Attestation and Sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), pages 1-8, Tel-Aviv, Israel, 2013.
3. ARM. Building a secure system ising trustzone technology, Dec. 2008. PRD29- GENC-009492C.
4. A. M. Azab, P. Ning, and X. Zhang. SICE: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In Proceedings of the 18th ACM Conference on Computer and Communications Security, pages 375-388, Chicago, Illinois, Oct. 2011.
5. A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with haven. In Proceedings of the 11th Symposium on Operating Systems Design and Implementation (OSDI), pages 267-283, Broomfield, Colorado, Oct. 2014.
6. S. L. Blond, P. Manils, C. Abdelberi, M. A. D. Kaafar, C. Castelluccia, A. Legout, and W. Dabbous. One bad apple spoils the bunch: exploiting p2p applications to trace and profile tor users. arXiv preprint arXiv:1103.1518, 2011.
7. R. Boivie and P. Williams. SecureBlue++: CPU support for Secure Executables, 2013. RC25369, IBM Research Report.
8. F. Brasser, B. E. Mahjoub, A.-R. Sadeghi, C. Wachsmann, and P. Koeberl. TyTAN: tiny trust anchor for tiny devices. In Proceedings of the 52nd Annual Design Automation Conference (DAC), 2015.
9. E. Brickell and J. Li. Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. In Proceedings of the 2007 ACM workshop on Privacy in electronic society, pages 21-30, 2007.
10. P. Carbin. Intel Identity Protection Technology with PKI (Intel IPT with PKI), May 2012. White Paper, Technology Overview.
11. S. Checkoway and H. Shacham. Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 253-264, Houston, TX, Mar. 2013.
12. X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 2-13, Seattle, WA, Mar. 2008.
13. S. Davenport and R. Ford. SGX: the good, the bad and the downright ugly, Jan. 2014. https://www.virusbtn.com/virusbulletin/archive/2014/01/vb201401-SGX.
14. R. Dingledine. Tor Project infrastructure updates in response to security breach. http://archives.seul.org/or/talk/Jan-2010/msg00161.html, January 2010.
15. R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In USENIX Security Symposium, 2004.
16. L. Duflot, Y.-A. Perez, and B. Morin. What if you canâĂŹt trust your network card? In Recent Advances in Intrusion Detection, pages 378-397. Springer, 2011.
17. FortConsult. Practical Onion Hacking: Find the Real Address of Tor Clients. http: //www.fortconsult.net/images/pdf/Practical_Onion_Hacking.pdf, 2006.
18. J. Greene. Intel trusted execution technology. Intel Technology White Paper, 2012.
19. M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo. Using innovative instructions to create trustworthy software solutions. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), pages 1-8, Tel-Aviv, Israel, 2013.
20. Intel. Graphics Drivers Blue-ray Disc* Playback On Intel Graphics FAQ. http: //www.intel.com/support/graphics/sb/CS-029871.htm#bestexperience, 2008. Accessed: 05/04/2015.
21. Intel. Intel Software Guard Extensions Programming Reference (rev1), Sept. 2013. 329298-001US.
22. Intel. Intel Software Guard Extensions Programming Reference (rev2), Oct. 2014. 329298-002US.
23. Intel. Product change notification, Oct. 2015. PCN114074-00.
24. Intel. SGX Tutorial, ISCA 2015. http://sgxisca.weebly.com/, June 2015.
25. A. Ionescu. Intel sgx enclave support in windows 10 fall update. Winsider Technical White Paper, 2015.
26. A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson. Users get routed: Traffic correlation on tor by realistic adversaries. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 337-348. ACM, 2013.
27. S. Kim, Y. Shin, J. Ha, T. Kim, and D. Han. A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (HotNets), Philadelphia, PA, Nov. 2015.
28. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. sel4: Formal verification of an os kernel. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, SOSP '09, pages 207-220, 2009.
29. P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan. Trustlite: a security architecture for tiny embedded devices. In Proceedings of the Ninth European Conference on Computer Systems (EuroSys), page 10. ACM, 2014.
30. S. Le Blond, P. Manils, A. Chaabane, M. A. Kaafar, C. Castelluccia, A. Legout, and W. Dabbous. One bad apple spoils the bunch: Exploiting p2p applications to trace and profile tor users. In Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, pages 2-2, 2011.
31. D. Levin, J. R. Douceur, J. R. Lorch, and T. Moscibroda. TrInc: Small trusted hardware for large distributed systems. In Proceedings of the 6th Symposium on Networked Systems Design and Implementation (NSDI), pages 1-14, Boston, MA, Apr. 2009.
32. Y. Li, J. M. McCune, and A. Perrig. VIPER: verifying the integrity of PERipherals’ firmware. In Proceedings of the 18th ACM conference on Computer and communications security, pages 3-16. ACM, 2011.
33. Y. Li, J. McCune, J. Newsome, A. Perrig, B. Baker, and W. Drewry. MiniBox: A Two-Way Sandbox for x86 Native Code. In Proceedings of the 2014 ATC Annual Technical Conference (ATC), pages 409-420, Philadelphia, PA, June 2014.
34. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An Execution Infrastructure for TCB Minimization. In Proceedings of the ACM EuroSys Conference, pages 315-328, Glasgow, Scotland, Mar. 2008.
35. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In Proceedings of the 31th IEEE Symposium on Security and Privacy (Oakland), pages 143-158, Oakland, CA, May 2010.
36. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), pages 1-8, Tel-Aviv, Israel, 2013.
37. S. J. Murdoch. Introduction to trusted execution environments (tee), 2014. http: //sec.cs.ucl.ac.uk/users/smurdoch/talks/rhul14tee.pdf.
38. E. Owusu, J. Guajardo, J. McCune, J. Newsome, A. Perrig, and A. Vasudevan. OASIS: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In Proceedings of the 20th ACM Conference on Computer and Communications Security, pages 13-24, Berlin, Germany, Oct. 2013.
39. J. Rutkowska. Thoughts on Intel’s upcoming Software Guard Extensions (Part 1), Aug. 2013. http://theinvisiblethings.blogspot.com/2013/08/thoughts-on-intelsupcoming- software.html.
40. J. Rutkowska. Thoughts on Intel’s upcoming Software Guard Extensions (Part 2), Sept. 2013. http://theinvisiblethings.blogspot.com/2013/09/thoughts-on-intelsupcoming- software.html.
41. Samsung. White Paper: An Overview of Samsung KNOX, 2013. Enterprise Mobility Solutions.
42. F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: Trustworthy Data Analytics in the Cloud using SGX. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, May 2015.
43. R. Sinha, S. Rajamani, S. Seshia, and K. Vaswani. Moat: Verifying confidentiality of enclave programs. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1169-1184. ACM, 2015.
44. L. Soares and M. Stumm. Flexsc: flexible system call scheduling with exceptionless system calls. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1-8. USENIX Association, 2010.
45. U. Steinberg and B. Kauer. NOVA: A microhypervisor-based secure virtualization architecture. In Proceedings of the ACM EuroSys Conference, pages 209-222, Paris, France, Apr. 2010.
46. K. Sun, J. Wang, F. Zhang, and A. Stavrou. SecureSwitch: BIOS-assisted isolation and switch between trusted and untrusted commodity oses. In Proceedings of the 19th Annual Network and Distributed System Security Symposium, San Diego, CA, Feb. 2012.
47. Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal. Raptor: routing attacks on privacy in tor. In USENIX Security Symposium, 2015.
48. Torproject. The chutney tool for testing and automating Tor network setup. https: //gitweb.torproject.org/chutney.git/tree/README, 2015. Accessed: 05/15/2015.
49. A. Vasudevan, E. Owusu, Z. Zhou, J. Newsome, and J. M. McCune. Trustworthy execution on mobile devices: What security properties can my mobile platform give me? In Proceedings of the 5th International Conference on Trust and Trustworthy Computing (TRUST), pages 159-178, Vienna, Austria, 2012.
50. Wikipedia. C dynamic memory allocation - wikipedia, the free encyclopedia, 2015. URL http://en.wikipedia.org/w/index.php?title=C_dynamic_memory_ allocation&oldid=658580417. [Online; accessed 13-May-2015].
51. P. Williams and R. Boivie. CPU support for Secure Executables. In Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST), pages 172-187, 2011.
52. P. Winter, R. Kower, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, and E.Weippl. Spoiled onions: Exposing malicious tor exit relays. In Privacy Enhancing Technologies, pages 304-331. Springer, 2014.
53. P. Winter, R. Kower, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, and E.Weippl. Spoiled onions: Exposing malicious tor exit relays. In Privacy Enhancing Technologies, pages 304-331. Springer, 2014.
54. F. Zhang. IOCheck: A framework to enhance the security of I/O devices at runtime. In Dependable Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on, pages 1-4. IEEE, 2013.