Migrating SGX Enclaves with Persistent State

Fritz Alder; Arseny Kurnikov; Andrew Paverd; N. Asokan

doi:10.1109/DSN.2018.00031

Migrating SGX Enclaves with Persistent State

Fritz Alder, Arseny Kurnikov, Andrew Paverd, N. Asokan

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

Abstrakti

Hardware-supported security mechanisms like Intel Software Guard Extensions (SGX) provide strong security guarantees, which are particularly relevant in cloud settings. However, their reliance on physical hardware conflicts with cloud practices, like migration of VMs between physical platforms. For instance, the SGX trusted execution environment (enclave) is bound to a single physical CPU. Although prior work has proposed an effective mechanism to migrate an enclave's data memory, it overlooks the migration of persistent state, including sealed data and monotonic counters; the former risks data loss whilst the latter undermines the SGX security guarantees. We show how this can be exploited to mount attacks, and then propose an improved enclave migration approach guaranteeing the consistency of persistent state. Our software-only approach enables migratable sealed data and monotonic counters, maintains all SGX security guarantees, minimizes developer effort, and incurs negligible performance overhead.

Alkuperäiskieli	Englanti
Otsikko	48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Kustantaja	IEEE
Sivut	195-206
ISBN (elektroninen)	978-1-5386-5595-5
DOI - pysyväislinkit	https://doi.org/10.1109/DSN.2018.00031
Tila	Julkaistu - 23 heinäk. 2018
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS - Luxembourg, Luxemburg Kesto: 25 kesäk. 2018 → 28 kesäk. 2018 Konferenssinumero: 48

Conference

Conference	ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS
Lyhennettä	DSN
Maa/Alue	Luxemburg
Kaupunki	Luxembourg
Ajanjakso	25/06/2018 → 28/06/2018

Pääsy asiakirjaan

10.1109/DSN.2018.00031

https://arxiv.org/pdf/1803.11021.pdf

CloSer: Cloud-assisted Security Services (CloSer)
Asokan, N. (Vastuullinen tutkija)
01/09/2016 → 31/08/2018
Projekti: Business Finland: Other research funding

Siteeraa tätä

@inproceedings{1c4dcd9eeabe423aba737586c4bb0c45,

title = "Migrating SGX Enclaves with Persistent State",

abstract = "Hardware-supported security mechanisms like Intel Software Guard Extensions (SGX) provide strong security guarantees, which are particularly relevant in cloud settings. However, their reliance on physical hardware conflicts with cloud practices, like migration of VMs between physical platforms. For instance, the SGX trusted execution environment (enclave) is bound to a single physical CPU. Although prior work has proposed an effective mechanism to migrate an enclave's data memory, it overlooks the migration of persistent state, including sealed data and monotonic counters; the former risks data loss whilst the latter undermines the SGX security guarantees. We show how this can be exploited to mount attacks, and then propose an improved enclave migration approach guaranteeing the consistency of persistent state. Our software-only approach enables migratable sealed data and monotonic counters, maintains all SGX security guarantees, minimizes developer effort, and incurs negligible performance overhead.",

author = "Fritz Alder and Arseny Kurnikov and Andrew Paverd and N. Asokan",

year = "2018",

month = jul,

day = "23",

doi = "10.1109/DSN.2018.00031",

language = "English",

pages = "195--206",

booktitle = "48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)",

publisher = "IEEE",

address = "United States",

note = "Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN ; Conference date: 25-06-2018 Through 28-06-2018",

}

Alder, F, Kurnikov, A, Paverd, A & Asokan, N 2018, Migrating SGX Enclaves with Persistent State. julkaisussa 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Sivut 195-206, ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, Luxembourg, Luxemburg, 25/06/2018. https://doi.org/10.1109/DSN.2018.00031

TY - GEN

T1 - Migrating SGX Enclaves with Persistent State

AU - Alder, Fritz

AU - Kurnikov, Arseny

AU - Paverd, Andrew

AU - Asokan, N.

N1 - Conference code: 48

PY - 2018/7/23

Y1 - 2018/7/23

N2 - Hardware-supported security mechanisms like Intel Software Guard Extensions (SGX) provide strong security guarantees, which are particularly relevant in cloud settings. However, their reliance on physical hardware conflicts with cloud practices, like migration of VMs between physical platforms. For instance, the SGX trusted execution environment (enclave) is bound to a single physical CPU. Although prior work has proposed an effective mechanism to migrate an enclave's data memory, it overlooks the migration of persistent state, including sealed data and monotonic counters; the former risks data loss whilst the latter undermines the SGX security guarantees. We show how this can be exploited to mount attacks, and then propose an improved enclave migration approach guaranteeing the consistency of persistent state. Our software-only approach enables migratable sealed data and monotonic counters, maintains all SGX security guarantees, minimizes developer effort, and incurs negligible performance overhead.

AB - Hardware-supported security mechanisms like Intel Software Guard Extensions (SGX) provide strong security guarantees, which are particularly relevant in cloud settings. However, their reliance on physical hardware conflicts with cloud practices, like migration of VMs between physical platforms. For instance, the SGX trusted execution environment (enclave) is bound to a single physical CPU. Although prior work has proposed an effective mechanism to migrate an enclave's data memory, it overlooks the migration of persistent state, including sealed data and monotonic counters; the former risks data loss whilst the latter undermines the SGX security guarantees. We show how this can be exploited to mount attacks, and then propose an improved enclave migration approach guaranteeing the consistency of persistent state. Our software-only approach enables migratable sealed data and monotonic counters, maintains all SGX security guarantees, minimizes developer effort, and incurs negligible performance overhead.

U2 - 10.1109/DSN.2018.00031

DO - 10.1109/DSN.2018.00031

M3 - Conference article in proceedings

SP - 195

EP - 206

BT - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

PB - IEEE

T2 - Annual IEEE/IFIP International Conference on Dependable Systems and Networks

Y2 - 25 June 2018 through 28 June 2018

ER -

Migrating SGX Enclaves with Persistent State

Abstrakti

Conference

Pääsy asiakirjaan

Sormenjälki

Projektit

CloSer: Cloud-assisted Security Services (CloSer)

Siteeraa tätä