Civet: An Efficient Java Partitioning Framework for Hardware Enclaves

USENIX Security 2020, 2020.

Cited by: 1|Bibtex|Views23|Links
Keywords:
Memory Protection KeysGarbage collectionByte Code Engineering Librarydynamic taint trackinglibrary osMore(12+)
Weibo:
The signature of each class is checked by the in-enclave Java runtime, whereas the signature of each binary is checked by the Graphene-Software Guard Extensions library OS

Abstract:

Hardware enclaves are designed to execute small pieces of sensitive code or to operate on sensitive data, in isolation from larger, less trusted systems. Partitioning a large, legacy application requires significant effort. ...More

Code:

Data:

0
Introduction
  • Hardware enclaves [1,2,3,4] are designed to protect sensitive code and data from compromised OSes, hypervisors, or offchip devices.
  • The design space for enclaves quickly becomes murkier for complex cloud applications that contain sensitive and insensitive components, and that are written in an object-oriented, managed language.
  • These applications often integrate large code bases and data from both users and cloud providers, who may distrust each other.
  • Take Hadoop [11] as example: Mappers Reducers Garbage collection
Highlights
  • Hardware enclaves [1,2,3,4] are designed to protect sensitive code and data from compromised OSes, hypervisors, or offchip devices
  • The signature of each class is checked by the in-enclave Java runtime, whereas the signature of each binary is checked by the Graphene-Software Guard Extensions (SGX) library OS
  • A limitation of the type checks is that we need to conservatively approve input types based on the points-to analysis, as well as overestimate classes loaded via reflection or loaded internally by the JVM
  • The JVM ensures that sensitive code and data inside the enclave remain in a hardware-protected memory region
  • Taint tracking can catch cases where an output derives from sensitive information, but the results were not encrypted or checked against a different policy
  • In initial attempts to run Java in an enclave, we found that no garbage collection strategy performed well within the constraints of SGX enclaves
Methods
  • Civet packs all of the trusted classes into a single JAR file, named as enclave.jar, which contains all of the Java code that can be loaded into the enclave
  • The input to this tool is a configuration written in XML, with each entry class listed as an rule.
  • RPC as long as this subclass is in the trusted domain
  • This request may be directed to a FileInputStream object that is connected to a file that include sensitive data, and could be exfiltrated by serving the request.
  • To the extent that the authors can statically extract these invariants, Civet can automatically harden the enclave interface
Conclusion
  • Civet measures the integrity of the code included in enclaves (Property I–Code Integrity and Remote Attestation).
  • Dynamic taint-tracking complements the language safety of Java by requiring any sensitive data that leaves the enclave to be explicitly checked (Property III–Explicit data declassification).
  • The three case studies show the challenges to creating a secure and efficient partition: one must consider not just points to divide the code, and the data flow and the optimal granularity for moving data in and out of an enclave.
  • Civet minimizes the code footprint in the enclave, as well as adapting the garbage collector to the hardware peculiarities of SGX
Summary
  • Introduction:

    Hardware enclaves [1,2,3,4] are designed to protect sensitive code and data from compromised OSes, hypervisors, or offchip devices.
  • The design space for enclaves quickly becomes murkier for complex cloud applications that contain sensitive and insensitive components, and that are written in an object-oriented, managed language.
  • These applications often integrate large code bases and data from both users and cloud providers, who may distrust each other.
  • Take Hadoop [11] as example: Mappers Reducers Garbage collection
  • Methods:

    Civet packs all of the trusted classes into a single JAR file, named as enclave.jar, which contains all of the Java code that can be loaded into the enclave
  • The input to this tool is a configuration written in XML, with each entry class listed as an rule.
  • RPC as long as this subclass is in the trusted domain
  • This request may be directed to a FileInputStream object that is connected to a file that include sensitive data, and could be exfiltrated by serving the request.
  • To the extent that the authors can statically extract these invariants, Civet can automatically harden the enclave interface
  • Conclusion:

    Civet measures the integrity of the code included in enclaves (Property I–Code Integrity and Remote Attestation).
  • Dynamic taint-tracking complements the language safety of Java by requiring any sensitive data that leaves the enclave to be explicitly checked (Property III–Explicit data declassification).
  • The three case studies show the challenges to creating a secure and efficient partition: one must consider not just points to divide the code, and the data flow and the optimal granularity for moving data in and out of an enclave.
  • Civet minimizes the code footprint in the enclave, as well as adapting the garbage collector to the hardware peculiarities of SGX
Tables
  • Table1: Comparison of a non-partitioned Hadoop job between Ubuntu and Graphene-SGX [<a class="ref-link" id="c16" href="#r16">16</a>]
  • Table2: The complexity of the whole Civet framework and the run-time TCB measured in LoC (lines of code), including both modified and unmodified components
  • Table3: Partitioning results of Civet for Hadoop, partitioned with two boundaries and measured in classes (#C), methods (#M), and lines of code (LoC). For both cases, AESCipher and PCBC are explicitly included for dynamic loading
  • Table4: Partitioning results for Tomcat, measured in classes (#C), methods (#M), and lines of code (LoC). RSACipher and RSAKeyPairGenerator are expliclity included for dynamic loading
  • Table5: Partitioning results for GraphChi Pagerank, partitioned with three boundaries and measured in classes (#C), methods (#M), and lines of code (LoC). For all three cases, AESCipher is explicitly included for dynamic loading
  • Table6: DRAM cost and processing time (for points-to analysis, shredding, Phosphor instrumentation, packaging, and class signing) of Civet’s partition tool. Lower is better
  • Table7: Execution time (in microseconds) of each method and the breakdown of latency in Civet
Download tables as Excel
Related work
  • Enclave frameworks and SDKs. Intel SGX introduces new design challenges, such as validating system call results from a malicious OS [21]. The state-of-the-art solution is a library OS [12, 16] or a shield layer [13, 26] to hoist OS functionality into the enclave and/or validate inputs from an untrusted OS. Developers can also write enclave code from scratch, using an SGX SDK [27,28,29]. Applications written in a managed language are commonly rewritten for SGX in another language; for example, VC3 [5] sacrifices the benefits of using a type-safe language and compatibility by rewriting the Hadoop code in C++.

    Partitioned trusted execution. Prior work reduces trusted code size through program slicing and/or generating the interface between partitions. TLR [17] and Rubinov et al [30] partition android programs to run in ARM TrustZone [20]. Glamdring [18] partitions C/C++ programs for enclaves using static program slicing. SeCage [19] partitions an application into secret compartments with hardware-based isolation. GoTEE [31] compiles Go functions into enclaves, with a lightweight runtime and APIs for shielding. Brenner et al [32] run microservices in enclaves, apart from the orchitestration framework. EnclaveDom [33] leverages Memory Protection Keys (MPK) for privilege separation inside enclaves.
Funding
  • This work was supported in part by NSF grants CNS-1228839, CNS-1405641, CNS-1700512, NSF CISE Expeditions Award CCF- 1730628, as well as gifts from the Sloan Foundation, Alibaba, Amazon Web Services, Ant Financial, Arm, Capital One, Ericsson, Facebook, Google, Intel, Microsoft, Scotiabank, Splunk and VMware
  • Bhushan Jain was supported in part by an IBM Ph.D
Reference
  • Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative instructions and software model for isolated execution. In HASP, 2013.
    Google ScholarFindings
  • AMD secure encrypted virtualization. https://developer.amd.com/amd-secure-memoryencryption-sme-amd-secure-encryptedvirtualization-sev/.
    Findings
  • David Lie, Chandramohan A Thekkath, and Mark Horowitz. Implementing an untrusted operating system on trusted hardware. ACM SIGOPS Operating Systems Review, 2003.
    Google ScholarLocate open access versionFindings
  • Victor Costan, Ilia Lebedev, and Srinivas Devadas. Sanctum: Minimal hardware extensions for strong software isolation. In USENIX Security, volume 16, 2016.
    Google ScholarLocate open access versionFindings
  • Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. VC3: Trustworthy data analytics in the cloud using SGX. In IEEE S&P, 2015.
    Google ScholarLocate open access versionFindings
  • Wenting Zheng, Ankur Dave, Jethro G. Beekman, Raluca Ada Popa, Joseph E. Gonzalez, and Ion Stoica. Opaque: An oblivious and encrypted distributed analytics platform. In NSDI, 2017.
    Google ScholarLocate open access versionFindings
  • Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. SecureKeeper: Confidential ZooKeeper using Intel SGX. In Proceedings of the 17th International Middleware Conference, 2016.
    Google ScholarLocate open access versionFindings
  • David Goltzsche, Colin Wulf, Divya Muthukumaran, Konrad Rieck, Peter Pietzuch, and Rüdiger Kapitza. TrustJS: Trusted client-side execution of JavaScript. In Proceedings of the 10th European Workshop on Systems Security, 2017.
    Google ScholarLocate open access versionFindings
  • Mark Russinovich. Introducing Azure confidential computing. https://azure.microsoft.com/enus/blog/introducing-azure-confidentialcomputing/, 2017 September.
    Findings
  • Pratheek Karnati and Karna Bojjireddy. Data-in-use protection on IBM Cloud – IBM, Intel, and Fortanix partner to keep enterprises secure to the core.
    Google ScholarFindings
  • Apache Hadoop. http://hadoop.apache.org/.
    Findings
  • Andrew Baumann, Marcus Peinado, and Galen Hunt. Shielding applications from an untrusted cloud with Haven. In OSDI, 2014.
    Google ScholarLocate open access versionFindings
  • Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux containers with Intel SGX. In OSDI, 2016.
    Google ScholarLocate open access versionFindings
  • Graphene library OS. oscarlab/graphene. http://github.com/
    Findings
  • SGX-LKL. https://github.com/lsds/sgx-lkl.
    Findings
  • Chia-Che Tsai, Donald E. Porter, and Mona Vij. Graphene-SGX: A practical library os for unmodified applications on SGX. In USENIX ATC, 2017.
    Google ScholarLocate open access versionFindings
  • Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. Using arm trustzone to build a trusted language runtime for mobile applications. In ASPLOS, 2014.
    Google ScholarLocate open access versionFindings
  • Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O’Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rudiger Kapitza, Christof Fetzer, and Peter Pietzuch. Glamdring: Automatic application partitioning for Intel SGX. In USENIX ATC, 2017.
    Google ScholarLocate open access versionFindings
  • Yutao Liu, Tianyu Zhou, Kexin Chen, Haibo Chen, and Yubin Xia. Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In CCS, 2015.
    Google ScholarLocate open access versionFindings
  • ARM TrustZone. http://www.arm.com/products/processors/technologies/trustzone/.
    Findings
  • Stephen Checkoway and Hovav Shacham. Iago attacks: Why the system call API is a bad untrusted RPC interface. In ASPLOS, 2013.
    Google ScholarFindings
  • CWE-843: Access of resource using incompatible type (’type confusion’). https://cwe.mitre.org/data/definitions/843.html.
    Findings
  • Gang Tan and Jason Croft. An empirical security study of the native code in the JDK. In USENIX Security, 2008.
    Google ScholarLocate open access versionFindings
  • Phosphor: Dynamic taint tracking for the JVM. https://github.com/Programming-SystemsLab/phosphor.
    Findings
  • Meni Orenbach, Pavel Lifshits, Marina Minkin, and Mark Silberstein. Eleos: Exitless OS services for SGX enclaves. In EuroSys, 2017.
    Google ScholarLocate open access versionFindings
  • Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. PANOPLY: Low-TCB Linux Applications With SGX Enclaves. In NDSS, 2017.
    Google ScholarLocate open access versionFindings
  • Software Guard Extenstions (SGX) SDK for Linux.
    Google ScholarFindings
  • sgx-utils. https://github.com/jethrogb/sgxutils.
    Findings
  • Rust SGX SDK. https://github.com/baidu/rust-sgx-sdk.
    Findings
  • Konstantin Rubinov, Lucia Rosculete, Tulika Mitra, and Abhik Roychoudhury. Automated partitioning of Android applications for trusted execution environments. In IEEE/ACM 38th International Conference on Software Engineering (ICSE), 2016.
    Google ScholarLocate open access versionFindings
  • Adrien Ghosn, James R. Larus, and Edouard Bugnion. Secured routines: Language-based construction of trusted execution environments. In USENIX ATC, 2019.
    Google ScholarLocate open access versionFindings
  • Stefan Brenner, Tobias Hundt, Giovanni Mazzeo, and Rüdiger Kapitza. Secure cloud micro services using Intel SGX. In IFIP International Conference on Distributed Applications and Interoperable Systems, 2017.
    Google ScholarLocate open access versionFindings
  • Marcela S Melara, Michael J Freedman, and Mic Bowman. EnclaveDom: Privilege separation for large-TCB applications in trusted execution environments. arXiv preprint arXiv:1907.13245, 2019.
    Findings
  • Michiaki Tatsubori, Toshiyuki Sasaki, Shigeru Chiba, and Kozo Itano. A bytecode translator for distributed execution of “legacy” Java software. In Proceedings of the 15th European Conference on Object-Oriented Programming, 2001.
    Google ScholarLocate open access versionFindings
  • Eli Tilevich and Yannis Smaragdakis. J-Orchestra: Automatic Java application partitioning. In Proceedings of the 16th European Conference on Object-Oriented Programming, 2002.
    Google ScholarLocate open access versionFindings
  • Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In SOSP, 2001.
    Google ScholarLocate open access versionFindings
  • Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng. Secure web applications via automatic partitioning. In SOSP, 2007.
    Google ScholarFindings
  • M Miller. Robust composition: Towards a unified approach to access control and concurrency control 2006. Johns Hopkins: Baltimore, MD, page 302, 2006.
    Google ScholarFindings
  • Adrian Mettler, David A. Wagner, and Tyler Close. JoeE: A security-oriented subset of java. In NDSS, 2010.
    Google ScholarLocate open access versionFindings
  • Fred Spiessens and Peter Van Roy. The oz-e project: Design guidelines for a secure multiparadigm programming language. In International Conference on Multiparadigm Programming in Mozart/OZ, 2004.
    Google ScholarLocate open access versionFindings
  • Marc Stiegler and Mark Miller. How emily tamed the caml. Hewlett Packard Labs Tech Report, 2006.
    Google ScholarFindings
  • Raoul Strackx and Frank Piessens. Ariadne: A minimal approach to state continuity. In USENIX Security, 2016.
    Google ScholarLocate open access versionFindings
  • Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE S&P, 2015.
    Google ScholarLocate open access versionFindings
  • Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In USENIX Security, 2017.
    Google ScholarLocate open access versionFindings
  • Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. Software Grand Exposure: SGX cache attacks are practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17), 2017.
    Google ScholarLocate open access versionFindings
  • Marcus Hähnel, Weidong Cui, and Marcus Peinado. High-resolution side channels for untrusted operating systems. In USENIX ATC, 2017.
    Google ScholarLocate open access versionFindings
  • Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring finegrained control flow inside SGX enclaves with branch shadowing. In USENIX Security, 2017.
    Google ScholarLocate open access versionFindings
  • Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In CCS, 2017.
    Google ScholarLocate open access versionFindings
  • Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre attacks: Exploiting speculative execution. In IEEE S&P, 2018.
    Google ScholarLocate open access versionFindings
  • Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. CacheZoom: How SGX amplifies the power of cache attacks. In CHES, 2017.
    Google ScholarLocate open access versionFindings
  • Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. Cache attacks on Intel SGX. In Euro S&P, 2017.
    Google ScholarLocate open access versionFindings
  • Li Li, Tegawendé F. Bissyandé, Damien Octeau, and Jacques Klein. DroidRA: Taming reflection to support whole-program analysis of android apps. In Proceedings of the 25th International Symposium on Software Testing and Analysis, 2016.
    Google ScholarLocate open access versionFindings
  • Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In Proceedings of the 33rd International Conference on Software Engineering, 2011.
    Google ScholarLocate open access versionFindings
  • Paulo Barros, Rene Just, Suzanne Millstein, Paul Vines, Werner Dietl, Marcelo dAmorim, and Michael D. Ernst. Static analysis of implicit control flow: Resolving java reflection and android intents. In Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2015.
    Google ScholarLocate open access versionFindings
  • B. G. Ryder. Constructing the call graph of a program. IEEE Transaction of Software Engineering., May 1979.
    Google ScholarLocate open access versionFindings
  • Mark Weiser. Program slicing. In Proceedings of the International Conference on Software Engineering (ICSE), 1981.
    Google ScholarLocate open access versionFindings
  • Lars Ole Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, Johns Hopkins University, 1994.
    Google ScholarFindings
  • Bjarne Steensgaard. Points-to analysis in almost linear time. In Proceedings of the 23rd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, 1996.
    Google ScholarLocate open access versionFindings
  • Manuvir Das. Unification-based pointer analysis with directional assignments. In PLDI, 2000.
    Google ScholarLocate open access versionFindings
  • Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. Soot - a Java bytecode optimization framework. In Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research, 1999.
    Google ScholarLocate open access versionFindings
  • Ondrej Lhoták and Laurie Hendren. Scaling Java pointsto analysis using SPARK. In Proceedings of the 12th International Conference on Compiler Construction, 2003.
    Google ScholarLocate open access versionFindings
  • Jens Knoop, Oliver Rüthing, and Bernhard Steffen. Partial dead code elimination. In PLDI, 1994.
    Google ScholarLocate open access versionFindings
  • Apache Tomcat. http://tomcat.apache.org/.
    Findings
  • AppArmor. http://wiki.apparmor.net/.
    Findings
  • Cynthia Dwork. Differential privacy. In Proceedings of the 33rd international conference on Automata, Languages and Programming-Volume Part II. SpringerVerlag, 2006.
    Google ScholarLocate open access versionFindings
  • Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In IEEE S&P, 2010.
    Google ScholarLocate open access versionFindings
  • Vivek Haldar, Deepak Chandra, and Michael Franz. Dynamic taint propagation for Java. In Proceedings of the 21st Annual Computer Security Applications Conference, 2005.
    Google ScholarLocate open access versionFindings
  • James Clause, Wanchun Li, and Alessandro Orso. Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis, 2007.
    Google ScholarLocate open access versionFindings
  • Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In USENIX Security, 2006.
    Google ScholarLocate open access versionFindings
  • Winnie Cheng, Qin Zhao, Bei Yu, and Scott Hiroshige. TaintTrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of the 11th IEEE Symposium on Computers and Communications, 2006.
    Google ScholarLocate open access versionFindings
  • Nicholas Nethercote and Julian Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In ACM Sigplan notices, 2007.
    Google ScholarLocate open access versionFindings
  • William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst., 2014.
    Google ScholarLocate open access versionFindings
  • James Newsome and Dawn Song. Dynamic taint analysis for automatic detection, analysis, and signature— generation of exploits on commodity software. In NDSS, 2005.
    Google ScholarLocate open access versionFindings
  • Jonathan Bell and Gail Kaiser. Phosphor: Illuminating dynamic data flow in commodity jvms. In ACM SIGPLAN Notices. ACM, 2014.
    Google ScholarLocate open access versionFindings
  • Java garbage collection basics. //www.oracle.com/webfolder/technetwork/
    Findings
  • Meysam Taassori, Ali Shafiee, and Rajeev Balasubramonian. VAULT: Reducing paging overheads in SGX with efficient integrity verification structures. In ASPLOS, 2018.
    Google ScholarLocate open access versionFindings
  • FST: fast java serialization drop in-replacement. https://github.com/RuedigerMoeller/fastserialization.
    Findings
  • Intel® Software Guard Extensions for Linux* OS SGX driver. http://github.com/01org/linuxsgx-driver.
    Findings
  • Aapo Kyrola, Guy Blelloch, and Carlos Guestrin. GraphChi: Large-scale graph computation on just a PC. In OSDI, 2012.
    Google ScholarLocate open access versionFindings
  • LiveJournal social network dataset. https://snap.stanford.edu/data/soc-
    Findings
Your rating :
0

 

Tags
Comments