SaTC: CORE: Medium: Provably Secure, Usable, and Performant Enclaves in Multicore Processors

SaTC：CORE：中：多核处理器中可证明安全、可用且高性能的 Enclave

• 批准号: 2115587
• 负责人: Srini Devadas
• 金额: $ 120万
• 依托单位: Massachusetts Institute of Technology
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2115587&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Provably; Secure

In cloud computing and other popular modes of computer usage today, one physical computer is shared by different applications contributed by users who do not trust each other. The resources of the shared computer must be divided securely across the users; mistakes allow one user to learn another's secrets or influence another applications’ execution. A promising approach to address the challenge of protecting applications from one another is enclaves, best known through Intel's SGX architecture available since 2015, but SGX allows secrets to be leaked while applications execute. This project develops enclaves with strong protections, focusing on usability, performance, and assurance. First, enclaves have still been used relatively rarely in production, and the project therefore studies new interfaces that streamline the sharing of hardware resources. Second, to motivate adoption by the community, the developed enclaves encompass hardware optimizations so as not to affect runtime performance of applications. Third, the project develops techniques for mathematical proofs of hardware security. Planned approaches in software API design for enclaves include limited I/O channel interfaces (e.g., enforcing fixed or otherwise relatively predictable schedules) and new flexible means of allocating resources like cache lines across enclaves. New enclave-to-enclave communication primitives are realized through modifications to memory-management hardware. These mechanisms are being proved secure to the highest standards of mathematical rigor, through machine-checking of proofs with the Coq theorem prover. The technique is to prove that specific enclave systems cycle-accurately simulate groups of separate computers (one per enclave) connected by a basic network, and to prove such results modularly, via nonobvious decomposition of proof obligations into localized security conditions for different components (e.g., processor vs. memory system). This research produces usable enclave systems that the investigators make available to the public as images for Amazon's F1 cloud-FPGA system, facilitating easy bring-up for security evaluation or extending the work.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在今天的云计算和其他流行的计算机使用模式中，一台物理计算机由不信任彼此的用户贡献的不同应用程序共享。共享计算机的资源必须在用户之间安全地分配；错误允许一个用户了解另一个用户的秘密或影响另一个应用程序的执行。解决相互保护应用程序的挑战的一个有前途的方法是Enclaves，最为人所知的是自2015年以来推出的英特尔SGX架构，但SGX允许在应用程序执行时泄露机密。这个项目开发的飞地具有强大的保护，专注于可用性、性能和保证。首先，Enclaves在生产中的使用仍然相对较少，因此该项目研究了简化硬件资源共享的新接口。其次，为了促进社区的采用，开发的Enclaves包含硬件优化，以避免影响应用程序的运行时性能。第三，该项目开发了硬件安全性的数学证明技术。飞地的软件API设计中计划的方法包括有限的I/O通道接口(例如，强制实施固定或相对可预测的时间表)和跨飞地分配资源的新的灵活方法，如高速缓存线。新的Enclave到Enclave通信原语是通过修改内存管理硬件来实现的。通过用Coq定理证明器对证明进行机器检查，这些机制被证明符合最高标准的数学严谨性。该技术旨在证明特定的Enclave系统循环准确地模拟由基本网络连接的多组独立计算机(每个Enclave一台)，并通过将证明义务不明显地分解成不同组件(例如，处理器与存储器系统)的本地化安全条件来模块化地证明这样的结果。这项研究产生了可用的Enclave系统，调查人员将其作为亚马逊F1云-FPGA系统的图像向公众提供，便于进行安全评估或扩展工作。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。