Aurora: Providing Trusted System Services for Enclaves On an Untrusted System
نویسندگان
چکیده
Intel SGX provisions shielded executions for securitysensitive computation, but lacks support for trusted system services (TSS), such as clock, network and filesystem. This makes enclaves vulnerable to Iago attacks [12] in the face of a powerful malicious system. To mitigate this problem, we present Aurora, a novel architecture that provides TSSes via a secure channel between enclaves and devices on top of an untrusted system, and implement two types of TSSes, i.e. clock and end-to-end network. We evaluate our solution by porting SQLite and OpenSSL into Aurora, experimental results show that SQLite benefits from a microsecond accuracy trusted clock and OpenSSL gains end-to-end secure network with about 1ms overhead.
منابع مشابه
EnclaveDB: A Secure Database using SGX
We propose EnclaveDB, a database engine that guarantees confidentiality, integrity, and freshness for data and queries. EnclaveDB guarantees these properties even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, and when the database runs in an untrusted host in the cloud. EnclaveDB achieves this by placing sensitive data (ta...
متن کاملTrusted Code Execution on Untrusted Platforms Using Intel Sgx
Today, isolated trusted computation and code execution is of paramount importance to protect sensitive information and workfl ows from other malicious privileged or unprivileged software. Intel Software Guard Extensions (SGX) is a set of security architecture extensions fi rst introduced in the Skylake microarchitecture that enables a Trusted Execution Environment (TEE). It provides an ‘inverse...
متن کاملGuarDroid: A Trusted Path for Password Entry
Sensitive online transactions are now frequently executed using smartphone clients. Whereas users of personal computers execute these transactions in a browser, smartphone users tend to use installed apps. These apps use username and password pairs as the primary authentication method and may come from untrusted parties, opening users up to attacks that steal user’s passwords. We present GuarDr...
متن کاملImproving Cloud Security using Secure Enclaves
Improving Cloud Security using Secure Enclaves by Jethro Gideon Beekman Doctor of Philosophy in Engineering – Electrical Engineering and Computer Sciences University of California, Berkeley Professor David Wagner, Chair Internet services can provide a wealth of functionality, yet their usage raises privacy, security and integrity concerns for users. This is caused by a lack of guarantees about ...
متن کاملPerformance Study of Untrusted Relay Network Utilizing Cooperative Jammer
Abstract—In this paper, the problem of secure transmission in two-hop amplify-and-forward (AF) systems with an untrusted relay is investigated. To prevent the untrusted relay from intercepting the source message and to achieve positive secrecy rate, the destination-based cooperative jamming (DBCJ) technique is used. In this method the destination sends an intended jamming signal to the relay. T...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1802.03530 شماره
صفحات -
تاریخ انتشار 2018