CROSS 2019 Hardware Security Workshop
Date: Thursday, Oct. 3rd, 2019
Time: 10:50am - 12:00pm
Location: E2-599
Chair: Owen Arden
Program
Using Information Flow to Design an ISA that Controls Timing Channels
Abstract: Vulnerabilities like Meltdown and Spectre highlight the need for principled methods for preventing information leakage through microarchitectural timing channels. We claim that achieving this goal requires rethinking the hardware-software contract to describe the timing behavior of processor instructions. In this talk, we propose an instruction set architecture (ISA) based on RISC-V, which describes a processor that tracks information-flow labels at run time and uses these labels to eliminate or mitigate timing channels. By requiring that the hardware implementation separates the influence of secret and untrusted microarchitectural state from the timing of public or trusted operations, this ISA guarantees that any executing program will exhibit timing-sensitive-noninterference. Furthermore our proposal includes instructions to downgrade information and to transfer control between privilege domains (both are critical to realistic systems). We hope that this ISA serves as a first step towards defining general purpose hardware-software contracts for controlling microarchitectural timing channels.
Drew Zagieboylo, Cornell
Keystone: An Open Framework for Architecting TEEs
Abstract: Trusted execution environments
(TEEs) are used on devices from embedded sensors to cloud servers and encompass
a range of choices for cost, power constraints, and security threat models. On
the other hand, each of the current vendor-specific TEEs makes a fixed set of
trade-offs with little room for customization. We present Keystone — the first
open-source framework for building customized TEEs. Keystone uses simple
abstractions provided by the hardware such as memory isolation and a
programmable layer underneath untrusted components (e.g., OS). We build
reusable TEE core primitives from these while allowing platform-specific
modifications and application features. We showcase how Keystone-based TEEs run
on unmodified RISC-V hardware and the strengths of our design in terms of
security, TCB size, execution of a range of benchmarks, applications, kernels,
and deployment models.
Dayeol Lee, UC Berkeley
Policy-based Big Data Computation using TEEs and Shared Ledgers
Abstract:
Modern web services pose a growing public concern regarding their
lack of transparency. While any shift towards increased transparency
would require significant changes across the board (including
new business models, privacy regulations, etc.), there is still
progress to be made on the technical front. We posit that several
such services can be modeled as a joint computation over data from
multiple parties (comprising both end users and the service provider),
where transparency requires enforcing: 1) agreed-upon policies on what
computations can occur on each party's data, and 2) set of parties
with whom the results are shared.
To that end, I will present LucidiTEE, a system that enables multiple
parties to jointly perform stateful computations on large private
inputs, while enforcing history-dependent policies (even when the input
providers are offline) and fairness (i.e. all or no party gets the
output). LucidiTEE tolerates arbitrary corruption thresholds amongst
the parties, and assumes malicious storage and compute providers. To
that effect, we develop a set of novel protocols between a network of
TEEs and a shared, append-only ledger. LucidiTEE uses the ledger only
to enforce policies; it does not store inputs, outputs, or state on
the ledger, nor does it duplicate execution amongst the participants,
which allows it to scale to large data and large number of parties. We
demonstrate applications including a private personal finance app,
federated machine learning, and policy-based surveys.
Rohit Sinha, Visa Research
Chair: Owen Arden
Program
Using Information Flow to Design an ISA that Controls Timing Channels
Abstract: Vulnerabilities like Meltdown and Spectre highlight the need for principled methods for preventing information leakage through microarchitectural timing channels. We claim that achieving this goal requires rethinking the hardware-software contract to describe the timing behavior of processor instructions. In this talk, we propose an instruction set architecture (ISA) based on RISC-V, which describes a processor that tracks information-flow labels at run time and uses these labels to eliminate or mitigate timing channels. By requiring that the hardware implementation separates the influence of secret and untrusted microarchitectural state from the timing of public or trusted operations, this ISA guarantees that any executing program will exhibit timing-sensitive-noninterference. Furthermore our proposal includes instructions to downgrade information and to transfer control between privilege domains (both are critical to realistic systems). We hope that this ISA serves as a first step towards defining general purpose hardware-software contracts for controlling microarchitectural timing channels.
Drew Zagieboylo, Cornell
Keystone: An Open Framework for Architecting TEEs
Abstract: Trusted execution environments
(TEEs) are used on devices from embedded sensors to cloud servers and encompass
a range of choices for cost, power constraints, and security threat models. On
the other hand, each of the current vendor-specific TEEs makes a fixed set of
trade-offs with little room for customization. We present Keystone — the first
open-source framework for building customized TEEs. Keystone uses simple
abstractions provided by the hardware such as memory isolation and a
programmable layer underneath untrusted components (e.g., OS). We build
reusable TEE core primitives from these while allowing platform-specific
modifications and application features. We showcase how Keystone-based TEEs run
on unmodified RISC-V hardware and the strengths of our design in terms of
security, TCB size, execution of a range of benchmarks, applications, kernels,
and deployment models.
Dayeol Lee, UC Berkeley
Policy-based Big Data Computation using TEEs and Shared Ledgers
Abstract:
Modern web services pose a growing public concern regarding their
lack of transparency. While any shift towards increased transparency
would require significant changes across the board (including
new business models, privacy regulations, etc.), there is still
progress to be made on the technical front. We posit that several
such services can be modeled as a joint computation over data from
multiple parties (comprising both end users and the service provider),
where transparency requires enforcing: 1) agreed-upon policies on what
computations can occur on each party's data, and 2) set of parties
with whom the results are shared.
To that end, I will present LucidiTEE, a system that enables multiple
parties to jointly perform stateful computations on large private
inputs, while enforcing history-dependent policies (even when the input
providers are offline) and fairness (i.e. all or no party gets the
output). LucidiTEE tolerates arbitrary corruption thresholds amongst
the parties, and assumes malicious storage and compute providers. To
that effect, we develop a set of novel protocols between a network of
TEEs and a shared, append-only ledger. LucidiTEE uses the ledger only
to enforce policies; it does not store inputs, outputs, or state on
the ledger, nor does it duplicate execution amongst the participants,
which allows it to scale to large data and large number of parties. We
demonstrate applications including a private personal finance app,
federated machine learning, and policy-based surveys.
Rohit Sinha, Visa Research
Program
Using Information Flow to Design an ISA that Controls Timing Channels
Abstract: Vulnerabilities like Meltdown and Spectre highlight the need for principled methods for preventing information leakage through microarchitectural timing channels. We claim that achieving this goal requires rethinking the hardware-software contract to describe the timing behavior of processor instructions. In this talk, we propose an instruction set architecture (ISA) based on RISC-V, which describes a processor that tracks information-flow labels at run time and uses these labels to eliminate or mitigate timing channels. By requiring that the hardware implementation separates the influence of secret and untrusted microarchitectural state from the timing of public or trusted operations, this ISA guarantees that any executing program will exhibit timing-sensitive-noninterference. Furthermore our proposal includes instructions to downgrade information and to transfer control between privilege domains (both are critical to realistic systems). We hope that this ISA serves as a first step towards defining general purpose hardware-software contracts for controlling microarchitectural timing channels. |
Drew Zagieboylo, Cornell |
Keystone: An Open Framework for Architecting TEEs
Abstract: Trusted execution environments (TEEs) are used on devices from embedded sensors to cloud servers and encompass a range of choices for cost, power constraints, and security threat models. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs with little room for customization. We present Keystone — the first open-source framework for building customized TEEs. Keystone uses simple abstractions provided by the hardware such as memory isolation and a programmable layer underneath untrusted components (e.g., OS). We build reusable TEE core primitives from these while allowing platform-specific modifications and application features. We showcase how Keystone-based TEEs run on unmodified RISC-V hardware and the strengths of our design in terms of security, TCB size, execution of a range of benchmarks, applications, kernels, and deployment models. | Dayeol Lee, UC Berkeley |
Policy-based Big Data Computation using TEEs and Shared Ledgers
Abstract: Modern web services pose a growing public concern regarding their lack of transparency. While any shift towards increased transparency would require significant changes across the board (including new business models, privacy regulations, etc.), there is still progress to be made on the technical front. We posit that several such services can be modeled as a joint computation over data from multiple parties (comprising both end users and the service provider), where transparency requires enforcing: 1) agreed-upon policies on what computations can occur on each party's data, and 2) set of parties with whom the results are shared. To that end, I will present LucidiTEE, a system that enables multiple parties to jointly perform stateful computations on large private inputs, while enforcing history-dependent policies (even when the input providers are offline) and fairness (i.e. all or no party gets the output). LucidiTEE tolerates arbitrary corruption thresholds amongst the parties, and assumes malicious storage and compute providers. To that effect, we develop a set of novel protocols between a network of TEEs and a shared, append-only ledger. LucidiTEE uses the ledger only to enforce policies; it does not store inputs, outputs, or state on the ledger, nor does it duplicate execution amongst the participants, which allows it to scale to large data and large number of parties. We demonstrate applications including a private personal finance app, federated machine learning, and policy-based surveys. | Rohit Sinha, Visa Research |