From Trusted Computing to Trustworthy Execution

从可信计算到可信执行

• 批准号: RGPIN-2020-04734
• 负责人: Zhao, Lianying
• 金额: $ 2.11万
• 依托单位: Carleton University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=740155
• 关键词: Trusted; Computing; Trustworthy; Execution

When a computer user accesses a remote service involving sensitive information, ensuring that the service program has executed with integrity and confidentiality is important before the service outcome can be trusted. For this purpose, trusted computing (TC) is introduced, which performs certain cryptographic measurements for inital integrity and isolates the program from outside for integrity and confidentiality. To eventually provide evidence of such protection to the user, a mechanism called attestation signs the measurements with a long-term secret that never gets exposed elsewhere and sends them to the user. The user chooses to trust the execution, seeing the measurements come from the long-term secret (verified with the public part of that secret) and cryptographically match the intended program. Nonetheless, current TC is still sub-ideal to be considered trustworthy. Things can go wrong in the following ways (examples): 1) the long-term secret can be learned by an adversary from intrinsic side channels, i.e., even when hardware never exposes the secret as the computer architecture specifies, the unspecified (mostly timing) behavior still leaks the secret. 2) with guaranteed initial integrity, a program's execution dynamics can largely be affected by data exchange with the outside, even if the program itself is isolated. Such dynamics include control/data flow and memory access safety. Therefore, the execution can deviate from what was originally measured. 3) the attestation request can be relayed to and fulfilled by a computer possessing the correct long-term secret, but different from where the program has actually run. I propose to advance TC to be closer to trustworthiness, embodied mainly by architectural discretization of secure elements and execution binding. The secure element (SE) is a hardware component where the long-term secrets are stored and protected. Compared to merely physical discreteness, the proposed architectural discretization makes sure that secrets in the SE never get exposed to the rich processor environment (never leaving the SE), and the involved operations are not visible to any system software and firmware. The discrete SE is designed with minimal complexity. This way, the aforementioned side channels are no longer applicable, due to no resource sharing. Execution binding (as opposed to platform binding to avoid attestation relay) is to include the execution dynamics into attestation so that correct attestation result can reflect (to a larger extent) correct execution. Such an SE design also allows the trust to be user-oriented, e.g., open provisioning and multi-purpose/multi-user SE.

当计算机用户访问涉及敏感信息的远程服务时，在服务结果可以被信任之前，确保服务程序以完整性和机密性执行是重要的。为此，可信计算（TC）被引入，它执行某些加密测量的初始完整性和隔离程序从外部的完整性和机密性。为了最终向用户提供这种保护的证据，一种称为证明的机制用一个永远不会在其他地方暴露的长期秘密来签署测量结果，并将它们发送给用户。用户选择信任执行，看到测量来自长期秘密（用该秘密的公开部分验证），并以加密方式匹配预期程序。尽管如此，目前的TC仍然是次理想的被认为是值得信赖的。事情可能以以下方式（示例）出错：1）长期秘密可能被对手从固有的侧信道（即，即使当硬件从不像计算机体系结构所指定的那样暴露秘密时，未指定的（主要是定时）行为仍然泄漏秘密。2)在保证初始完整性的情况下，即使程序本身是孤立的，程序的执行动态也会在很大程度上受到与外部的数据交换的影响。这种动态包括控制/数据流和存储器访问安全性。因此，执行可能会偏离最初测量的内容。3)证明请求可以被中继到拥有正确的长期秘密但与程序实际运行的地方不同的计算机，并由该计算机来实现。我建议推进TC更接近可信性，主要体现在安全元素和执行绑定的架构离散化。安全元件（SE）是存储和保护长期秘密的硬件组件。与仅仅物理离散性相比，所提出的架构离散化确保SE中的秘密永远不会暴露给富处理器环境（永远不会离开SE），并且所涉及的操作对任何系统软件和固件都不可见。离散SE的设计具有最小的复杂性。这样，由于没有资源共享，上述侧信道不再适用。执行绑定（与避免证明中继的平台绑定相反）是将执行动态包括到证明中，使得正确的证明结果可以（在更大程度上）反映正确的执行。这种SE设计还允许信任是面向用户的，例如，开放式配置和多用途/多用户SE。