Cabin: Confining Untrusted Programs within Confidential VMs

• URL: http://arxiv.org/abs/2407.12334v2
• Date: Thu, 18 Jul 2024 01:37:07 GMT
• Title: Cabin: Confining Untrusted Programs within Confidential VMs
• Authors: Benshan Mei, Saisai Xia, Wenhao Wang, Dongdai Lin,
• Abstract summary: Confidential computing safeguards sensitive computations from untrusted clouds. CVMs often come with large and vulnerable operating system kernels, making them susceptible to attacks exploiting kernel weaknesses. This study proposes Cabin, an isolated execution framework within guest VM utilizing the latest AMD SEV-SNP technology.
• Score: 13.022056111810599
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Confidential computing safeguards sensitive computations from untrusted clouds, with Confidential Virtual Machines (CVMs) providing a secure environment for guest OS. However, CVMs often come with large and vulnerable operating system kernels, making them susceptible to attacks exploiting kernel weaknesses. The imprecise control over the read/write access in the page table has allowed attackers to exploit vulnerabilities. The lack of security hierarchy leads to insufficient separation between untrusted applications and guest OS, making the kernel susceptible to direct threats from untrusted programs. This study proposes Cabin, an isolated execution framework within guest VM utilizing the latest AMD SEV-SNP technology. Cabin shields untrusted processes to the user space of a lower virtual machine privilege level (VMPL) by introducing a proxy-kernel between the confined processes and the guest OS. Furthermore, we propose execution protection mechanisms based on fine-gained control of VMPL privilege for vulnerable programs and the proxy-kernel to minimize the attack surface. We introduce asynchronous forwarding mechanism and anonymous memory management to reduce the performance impact. The evaluation results show that the Cabin framework incurs a modest overhead (5% on average) on Nbench and WolfSSL benchmarks.

Related papers

• Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation [46.268703252557316]
  Rowhammer is a hardware security vulnerability at the heart of every system with modern DRAM-based memory. C Citadel is a new memory allocator design that prevents Rowhammer-initiated security exploits. C Citadel supports thousands of security domains at a modest 7.4% average memory overhead and no performance loss.
  arXiv  Detail & Related papers  (2024-09-23T18:41:14Z)
• Devlore: Extending Arm CCA to Integrated Devices A Journey Beyond Memory to Interrupt Isolation [10.221747752230131]
  Arm Confidential Computing Architecture executes sensitive computation in an abstraction called realm. CCA does not allow integrated devices on the platform to access realm. We present Devlore which allows realm to directly access integrated peripherals.
  arXiv  Detail & Related papers  (2024-08-11T17:33:48Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP [2.8436446946726557]
  AMD SEV-SNP offers VM-level trusted execution environments (TEEs) to protect sensitive cloud workloads. WeSee attack injects malicious #VC into a victim VM's CPU to compromise the security guarantees of AMD SEV-SNP. Case-studies demonstrate that WeSee can leak sensitive VM information (kTLS keys for NGINX), corrupt kernel data (firewall rules), and inject arbitrary code.
  arXiv  Detail & Related papers  (2024-04-04T15:30:13Z)
• Heckler: Breaking Confidential VMs with Malicious Interrupts [2.650561978417805]
  Heckler is a new attack wherein the hypervisor injects malicious non-timer interrupts to break the confidentiality and integrity of CVMs. With AMD SEV-SNP and Intel TDX, we demonstrate Heckler on OpenSSH and to bypass authentication.
  arXiv  Detail & Related papers  (2024-04-04T11:37:59Z)
• The Road to Trust: Building Enclaves within Confidential VMs [17.064775757967627]
  NestedSGX is a framework which leverages virtual machine privilege level (VMPL) It considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested.
  arXiv  Detail & Related papers  (2024-02-18T03:15:02Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
  Software services place implicit trust in the cloud provider, without an explicit trust relationship. There is currently no cloud provider that exposes Trusted Platform Module capabilities. We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
  arXiv  Detail & Related papers  (2023-10-05T13:13:55Z)
• Citadel: Real-World Hardware-Software Contracts for Secure Enclaves Through Microarchitectural Isolation and Controlled Speculation [8.414722884952525]
  Hardware isolation primitives such as secure enclaves aim to protect programs, but remain vulnerable to transient execution attacks. This paper advocates for processors to incorporate microarchitectural isolation primitives and mechanisms for controlled speculation. We introduce two mechanisms to securely share memory between an enclave and an untrusted OS in an out-of-order processor.
  arXiv  Detail & Related papers  (2023-06-26T17:51:23Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.