CROSS 2019 Hardware Security Workshop

Abstract: Vulnerabilities like Meltdown and Spectre highlight the need for principled methods for preventing information leakage through microarchitectural timing channels. We claim that achieving this goal requires rethinking the hardware-software contract to describe the timing behavior of processor instructions. In this talk, we propose an instruction set architecture (ISA) based on RISC-V, which describes a processor that tracks information-flow labels at run time and uses these labels to eliminate or mitigate timing channels. By requiring that the hardware implementation separates the influence of secret and untrusted microarchitectural state from the timing of public or trusted operations, this ISA guarantees that any executing program will exhibit timing-sensitive-noninterference. Furthermore our proposal includes instructions to downgrade information and to transfer control between privilege domains (both are critical to realistic systems). We hope that this ISA serves as a first step towards defining general purpose hardware-software contracts for controlling microarchitectural timing channels.

Abstract: Trusted execution environments (TEEs) are used on devices from embedded sensors to cloud servers and encompass a range of choices for cost, power constraints, and security threat models. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs with little room for customization. We present Keystone — the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware such as memory isolation and a programmable layer underneath untrusted components (e.g., OS). We build reusable TEE core primitives from these while allowing platform-specific modifications and application features. We showcase how Keystone-based TEEs run on unmodified RISC-V hardware and the strengths of our design in terms of security, TCB size, execution of a range of benchmarks, applications, kernels, and deployment models.

Abstract: Modern web services pose a growing public concern regarding their lack of transparency. While any shift towards increased transparency would require significant changes across the board (including new business models, privacy regulations, etc.), there is still progress to be made on the technical front. We posit that several such services can be modeled as a joint computation over data from multiple parties (comprising both end users and the service provider), where transparency requires enforcing: 1) agreed-upon policies on what computations can occur on each party's data, and 2) set of parties with whom the results are shared.

To that end, I will present LucidiTEE, a system that enables multiple parties to jointly perform stateful computations on large private inputs, while enforcing history-dependent policies (even when the input providers are offline) and fairness (i.e. all or no party gets the output). LucidiTEE tolerates arbitrary corruption thresholds amongst the parties, and assumes malicious storage and compute providers. To that effect, we develop a set of novel protocols between a network of TEEs and a shared, append-only ledger. LucidiTEE uses the ledger only to enforce policies; it does not store inputs, outputs, or state on the ledger, nor does it duplicate execution amongst the participants, which allows it to scale to large data and large number of parties. We demonstrate applications including a private personal finance app, federated machine learning, and policy-based surveys.