SinClave: Hardware-assisted Singletons for TEEs
Publikation: Beitrag zu Konferenzen › Paper › Beigetragen › Begutachtung
Beitragende
Abstract
For trusted execution environments (TEEs), remote attestation permits establishing trust in software executed on a remote host. It requires that the measurement of a remote TEE is both complete and fresh: We need to measure all aspects that might determine the behavior of an application, and this measurement has to be reasonably fresh. Performing measurements only at the start of a TEE simplifies the attestation but enables "reuse" attacks of enclaves. We demonstrate how to perform such reuse attacks for different TEE frameworks. We also show how to address this issue by enforcing freshness -- through the concept of a singleton enclave -- and completeness of the measurements. Completeness of measurements is not trivial since the secrets provisioned to an enclave and the content of the filesystem can both affect the behavior of the software, i.e., can be used to mount reuse attacks. We present mechanisms to include measurements of these two components in the remote attestation. Our evaluation based on real-world applications shows that our approach incurs only negligible overhead ranging from 1.03% to 13.2%.
Details
Originalsprache | Englisch |
---|---|
Seiten | 85-97 |
Seitenumfang | 13 |
Publikationsstatus | Veröffentlicht - 27 Nov. 2023 |
Peer-Review-Status | Ja |
Konferenz
Titel | 24th International Middleware Conference |
---|---|
Kurztitel | Middleware 2023 |
Veranstaltungsnummer | 24 |
Dauer | 11 - 15 Dezember 2023 |
Webseite | |
Bekanntheitsgrad | Internationale Veranstaltung |
Ort | University of Bologna |
Stadt | Bologna |
Land | Italien |
Externe IDs
Scopus | 85179883981 |
---|---|
ORCID | /0000-0003-0768-6351/work/151433656 |
Schlagworte
Forschungsprofillinien der TU Dresden
DFG-Fachsystematik nach Fachkollegium
ASJC Scopus Sachgebiete
Schlagwörter
- Security & Privacy, Systems Security, Trusted Execution Environments