SecScale: A Scalable and Secure Trusted Execution Environment for Servers
- URL: http://arxiv.org/abs/2407.13572v1
- Date: Thu, 18 Jul 2024 15:14:36 GMT
- Title: SecScale: A Scalable and Secure Trusted Execution Environment for Servers
- Authors: Ani Sunny, Nivedita Shrivastava, Smruti R. Sarangi,
- Abstract summary: Intel plans to deprecate its most trustworthy enclave, SGX, on its 11th and 12th generation processors.
We propose SecScale that uses some new ideas centered around speculative execution.
We show that we are 10% faster than the nearest competing alternative.
- Score: 0.36868085124383626
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Trusted execution environments (TEEs) are an integral part of modern secure processors. They ensure that their application and code pages are confidential, tamper proof and immune to diverse types of attacks. In 2021, Intel suddenly announced its plans to deprecate its most trustworthy enclave, SGX, on its 11th and 12th generation processors. The reasons stemmed from the fact that it was difficult to scale the enclaves (sandboxes) beyond 256 MB as the hardware overheads outweighed the benefits. Competing solutions by Intel and other vendors are much more scalable, but do not provide many key security guarantees that SGX used to provide notably replay attack protection. In the last three years, no proposal from industry or academia has been able to provide both scalability (with a modest slowdown) as well as replay-protection on generic hardware (to the best of our knowledge). We solve this problem by proposing SecScale that uses some new ideas centered around speculative execution (read first, verify later), creating a forest of MACs (instead of a tree of counters) and providing complete memory encryption (no generic unsecure regions). We show that we are 10% faster than the nearest competing alternative.
Related papers
- Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing [16.22481369547266]
Hardware fuzzing is an effective approach to exploring and detecting security vulnerabilities in large-scale designs like modern processors.
We propose a novel ML-based hardware fuzzer, ChatFuzz, to address this challenge.
ChatFuzz achieves condition coverage rate of 75% in just 52 minutes compared to a state-of-the-art fuzzer.
arXiv Detail & Related papers (2024-04-10T09:28:54Z) - Weak-to-Strong Jailbreaking on Large Language Models [96.50953637783581]
Large language models (LLMs) are vulnerable to jailbreak attacks.
Existing jailbreaking methods are computationally costly.
We propose the weak-to-strong jailbreaking attack.
arXiv Detail & Related papers (2024-01-30T18:48:37Z) - Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems [0.0]
We present a design that utilizes the Station to Station (STS) protocol with implicit certificates.
We show that with a slight computational increase of 20% compared to a static ECDSA key derivation, we are able to mitigate many session-related security vulnerabilities.
arXiv Detail & Related papers (2023-11-19T22:40:21Z) - SOCI^+: An Enhanced Toolkit for Secure OutsourcedComputation on Integers [50.608828039206365]
We propose SOCI+ which significantly improves the performance of SOCI.
SOCI+ employs a novel (2, 2)-threshold Paillier cryptosystem with fast encryption and decryption as its cryptographic primitive.
Compared with SOCI, our experimental evaluation shows that SOCI+ is up to 5.4 times more efficient in computation and 40% less in communication overhead.
arXiv Detail & Related papers (2023-09-27T05:19:32Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Citadel: Real-World Hardware-Software Contracts for Secure Enclaves Through Microarchitectural Isolation and Controlled Speculation [8.414722884952525]
Hardware isolation primitives such as secure enclaves aim to protect programs, but remain vulnerable to transient execution attacks.
This paper advocates for processors to incorporate microarchitectural isolation primitives and mechanisms for controlled speculation.
We introduce two mechanisms to securely share memory between an enclave and an untrusted OS in an out-of-order processor.
arXiv Detail & Related papers (2023-06-26T17:51:23Z) - Evil from Within: Machine Learning Backdoors through Hardware Trojans [72.99519529521919]
Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars.
We introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning.
We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU.
arXiv Detail & Related papers (2023-04-17T16:24:48Z) - Near-Optimal Multi-Agent Learning for Safe Coverage Control [76.99020416197631]
In multi-agent coverage control problems, agents navigate their environment to reach locations that maximize the coverage of some density.
In this paper, we aim to efficiently learn the density to approximately solve the coverage problem while preserving the agents' safety.
We give first of its kind results: near optimal coverage in finite time while provably guaranteeing safety.
arXiv Detail & Related papers (2022-10-12T16:33:34Z) - Building Your Own Trusted Execution Environments Using FPGA [16.206300249987354]
BYOTee (Build Your Own Trusted Execution Environments) is an easy-to-use infrastructure for building multiple equally secure enclaves.
BYOTee creates enclaves with customized hardware TCBs, which include softcore CPUs, block RAMs, and peripheral connections, in FPGA on demand.
arXiv Detail & Related papers (2022-03-08T17:22:52Z) - CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in
C/C++ [0.9208007322096532]
CryptSan is a memory safety approach based on ARM Pointer Authentication.
We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro.
This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
arXiv Detail & Related papers (2022-02-17T14:04:01Z) - Quantum copy-protection of compute-and-compare programs in the quantum random oracle model [48.94443749859216]
We introduce a quantum copy-protection scheme for a class of evasive functions known as " compute-and-compare programs"
We prove that our scheme achieves non-trivial security against fully malicious adversaries in the quantum random oracle model (QROM)
As a complementary result, we show that the same scheme fulfils a weaker notion of software protection, called "secure software leasing"
arXiv Detail & Related papers (2020-09-29T08:41:53Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.