Running secure user services in a hostile environment · Title: Running secure user services in a...
Transcript of Running secure user services in a hostile environment · Title: Running secure user services in a...
Running secure user services in a hostile environmentTROOS – Trusted Open OS, the basis for a trustzone based open TEEAssaf Rosenbuam, Eli Biham and Sara BitanDepartment of Computer Science, Technion
Do you trust your OS? We don’t...
0204060
Critical vulnerabiliteis foundJan–Apr 2017
How to protect critical assetsfrom a compromised OS?
Exploitation of an OS vulnerability might leave thesystem resources completely exposed to attacks.Hence, we need a mechanism (entity) that can betrusted even when the OS is breached.
Trusted Execution Environment(TEE)
We need an environment in which we can safelystore critical data and perform critical processing
User SpaceOSTEE
Current TEE technologies
Intel software guard extension (SGX)
SGX enables to run secure services in an isolatedexecution environment (called enclave), embeddedin the process virtual memory space.
ARM TrsutZone
TrustZone provides a technology to run two virtualworlds – a Normal World (NW) and Secure World(SW) – on the same CPU. This mechanism is aninfrastructure on which we can create a TrustedExecution Environment.
The Genode OS framework
Application TCBin Genode
Genode is an open source operat-ing system framework designed forincreased security. Genode main-tains strong application isolationproperties and is designed to keepeach application Trusted Computing Base (TCB)as small as possible.
Our contribution – TROOS
Our goal is to provide a TEE for user services (muchlike Intel’s SGX). We use Genode as the basis forour trusted OS. On top of the native Core and Initcomponents, which are the system kernel and firstuser process respectively, we added a few more com-ponents to enable trusted user services – trustlets –loading and execution.
TZ VMM: Intercepts SMCs and handles the switchbetween the two worlds.
Loader:Responsible of loading and verifying thetrustlets code from the normal world.
Trustlet Manager:Acts as a container for thetrustlets. Manages the trustlets resourcesallocation.
Crypto:Will provide each trustlet with uniquekeys, accessible only to it and only whilerunning on the secure world.
Trustlet TCB on TROOS
Core
Init
TZ VMM Trustlets Manager
Trustlet1 Trustlet2 Trustlet3
Loader Crypto
Notice that in TROOS, a trustlet must not trust theother trustlets in the system. A trustlet doesn’teven need to trust the TROOS services, unless itwishes to use them.
Secure world interface
The normal world OS utilizes the secure world in-terface in order to create and execute trustlets ac-cording to its needs via SMCs. As part of our effortsto keep the system attack surface as small as possi-ble, we keep the number of SMCs at the bare min-imum. The most significant SMCs are described inthe following table:
SMC DescriptionTcreate create a new (empty) trustletTload load and measure the trustlet codeTinit mark trustlet as ready to runTstart start executing a trustletTresume resume trustlet run after it was stoppedTdestroy stop the trustlet run and free its resources
Future work
Our next step is to complete the system implemen-tation with all of the designed components. Wethen plan to deliver an elaborated security analysisof the system and a comparison to existing TEEs(TrustZone based and others). The preference im-pact on the normal world will be tested as well.Due to time constrains, there are aspects that wedo not plan to address at this stage, even thoughthey surely are beneficial to TROOS. For example:
• Integrating a secure element.•Extending system abilities with secure IO.•Utilizing on chip memory to better protecttrustlets code and data against probing.
Contact Information