-
BliMe Linter
Authors:
Hossam ElAtali,
Xiaohe Duan,
Hans Liljestrand,
Meng Xu,
N. Asokan
Abstract:
Outsourced computation presents a risk to the confidentiality of clients' sensitive data since they have to trust that the service providers will not mishandle this data. Blinded Memory (BliMe) is a set of hardware extensions that addresses this problem by using hardware-based taint tracking to keep track of sensitive client data and enforce a security policy that prevents software from leaking th…
▽ More
Outsourced computation presents a risk to the confidentiality of clients' sensitive data since they have to trust that the service providers will not mishandle this data. Blinded Memory (BliMe) is a set of hardware extensions that addresses this problem by using hardware-based taint tracking to keep track of sensitive client data and enforce a security policy that prevents software from leaking this data, either directly or through side channels. Since programs can leak sensitive data through timing channels and memory access patterns when this data is used in control-flow or memory access instructions, BliMe prohibits such unsafe operations and only allows constant-time code to operate on sensitive data. The question is how a developer can confirm that their code will run correctly on BliMe. While a program can be manually checked to see if it is constant-time, this process is tedious and error-prone.
In this paper, we introduce the BliMe linter, a set of compiler extensions built on top of SVF that analyze LLVM bitcode to identify possible BliMe violations. We evaluate the BliMe linter analytically and empirically and show that it is sound.
△ Less
Submitted 21 June, 2024;
originally announced June 2024.
-
Cancellable Memory Requests: A transparent, lightweight Spectre mitigation
Authors:
Hossam ElAtali,
N. Asokan
Abstract:
Speculation is fundamental to achieving high CPU performance, yet it enables vulnerabilities such as Spectre attacks, which remain a significant challenge to mitigate without incurring substantial performance overheads. These attacks typically unfold in three steps: they speculatively access sensitive data (access), alter the cache state (transmit), and then utilize a cache timing attack (e.g., Fl…
▽ More
Speculation is fundamental to achieving high CPU performance, yet it enables vulnerabilities such as Spectre attacks, which remain a significant challenge to mitigate without incurring substantial performance overheads. These attacks typically unfold in three steps: they speculatively access sensitive data (access), alter the cache state (transmit), and then utilize a cache timing attack (e.g., Flush+Reload) to extract the secret (receive). Most Spectre attacks exploit a cache timing side channel during the transmit and receive steps. Our key observation is that Spectre attacks do not require the transmit instruction to complete before mis-prediction is detected and mis-speculated instructions are squashed. Instead, it suffices for the instruction to execute and dispatch a request to the memory hierarchy. Responses from memory that arrive after squashing occurs still alter the cache state, including those related to mis-speculated memory accesses. We therefore propose a novel mitigation technique, Cancellable Memory Requests (CMR), that cancels mis-speculated memory requests. Immediately upon squashing, a cancellation is sent to the cache hierarchy, propagating downstream and preventing any changes to caches that have not yet received a response. This reduces the likelihood of cache state changes, thereby reducing the likelihood of Spectre attacks succeeding. We implement CMR on gem5 and show that it thwarts practical Spectre attacks, and has near-zero performance overheads. We show that CMR can completely thwart Spectre attacks in four real-world processors with realistic system configurations.
△ Less
Submitted 17 June, 2024;
originally announced June 2024.
-
Data-Oblivious ML Accelerators using Hardware Security Extensions
Authors:
Hossam ElAtali,
John Z. Jekel,
Lachlan J. Gunn,
N. Asokan
Abstract:
Outsourced computation can put client data confidentiality at risk. Existing solutions are either inefficient or insufficiently secure: cryptographic techniques like fully-homomorphic encryption incur significant overheads, even with hardware assistance, while the complexity of hardware-assisted trusted execution environments has been exploited to leak secret data.
Recent proposals such as BliMe…
▽ More
Outsourced computation can put client data confidentiality at risk. Existing solutions are either inefficient or insufficiently secure: cryptographic techniques like fully-homomorphic encryption incur significant overheads, even with hardware assistance, while the complexity of hardware-assisted trusted execution environments has been exploited to leak secret data.
Recent proposals such as BliMe and OISA show how dynamic information flow tracking (DIFT) enforced in hardware can protect client data efficiently. They are designed to protect CPU-only workloads. However, many outsourced computing applications, like machine learning, make extensive use of accelerators.
We address this gap with Dolma, which applies DIFT to the Gemmini matrix multiplication accelerator, efficiently guaranteeing client data confidentiality, even in the presence of malicious/vulnerable software and side channel attacks on the server. We show that accelerators can allow DIFT logic optimizations that significantly reduce area overhead compared with general-purpose processor architectures. Dolma is integrated with the BliMe framework to achieve end-to-end security guarantees. We evaluate Dolma on an FPGA using a ResNet-50 DNN model and show that it incurs low overheads for large configurations ($4.4\%$, $16.7\%$, $16.5\%$ for performance, resource usage and power, respectively, with a 32x32 configuration).
△ Less
Submitted 29 January, 2024;
originally announced January 2024.
-
BliMe: Verifiably Secure Outsourced Computation with Hardware-Enforced Taint Tracking
Authors:
Hossam ElAtali,
Lachlan J. Gunn,
Hans Liljestrand,
N. Asokan
Abstract:
Outsourced computing is widely used today. However, current approaches for protecting client data in outsourced computing fall short: use of cryptographic techniques like fully-homomorphic encryption incurs substantial costs, whereas use of hardware-assisted trusted execution environments has been shown to be vulnerable to run-time and side-channel attacks.
We present Blinded Memory (BliMe), an…
▽ More
Outsourced computing is widely used today. However, current approaches for protecting client data in outsourced computing fall short: use of cryptographic techniques like fully-homomorphic encryption incurs substantial costs, whereas use of hardware-assisted trusted execution environments has been shown to be vulnerable to run-time and side-channel attacks.
We present Blinded Memory (BliMe), an architecture to realize efficient and secure outsourced computation. BliMe consists of a novel and minimal set of instruction set architecture (ISA) extensions implementing a taint-tracking policy to ensure the confidentiality of client data even in the presence of server vulnerabilities. To secure outsourced computation, the BliMe extensions can be used together with an attestable, fixed-function hardware security module (HSM) and an encryption engine that provides atomic decrypt-and-taint and encrypt-and-untaint operations. Clients rely on remote attestation and key agreement with the HSM to ensure that their data can be transferred securely to and from the encryption engine and will always be protected by BliMe's taint-tracking policy while at the server.
We provide an RTL implementation BliMe-BOOM based on the BOOM RISC-V core. BliMe-BOOM requires no reduction in clock frequency relative to unmodified BOOM, and has minimal power ($<\!1.5\%$) and FPGA resource ($\leq\!9.0\%$) overheads. Various implementations of BliMe incur only moderate performance overhead ($8--25\%$). We also provide a machine-checked security proof of a simplified model ISA with BliMe extensions.
△ Less
Submitted 29 November, 2023; v1 submitted 20 April, 2022;
originally announced April 2022.