tutorial

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

Authors:

Dmitry Evtyushkin,

Dmitry Ponomarev,

Nael Abu Ghazaleh,

Ryan RileyAuthors Info & Claims

MICRO-47: Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture

Pages 190 - 202

https://doi.org/10.1109/MICRO.2014.25

Published: 13 December 2014 Publication History

Abstract

We consider the problem of how to provide an execution environment where the application's secrets are safe even in the presence of malicious system software layers. We propose Iso-X --- a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Isolation in Iso-X is achieved by creating and dynamically managing compartments to host critical fragments of code and associated data. Iso-X provides fine-grained isolation at the memory-page level, flexible allocation of memory, and a low-complexity, hardware-only trusted computing base. Iso-X requires minimal additional hardware, a small number of new ISA instructions to manage compartments, and minimal changes to the operating system which need not be in the trusted computing base. The run-time performance overhead of Iso-X is negligible and even the overhead of creating and destroying compartments is modest. Iso-X offers higher memory flexibility than the recently proposed SGX design from Intel, allowing both fluid partitioning of the vailable memory space and dynamic growth of compartments. An FPGA implementation of Iso-X runtime mechanisms shows a negligible impact on the processor cycle time.

References

[1]

Aws cloudhsm, 2013. http://aws.amazon.com/cloudhsm/. Retrieved August 2013.

[2]

Marssx86: Micro-architectural and system simulator for x86-based systems, 2013. http://marss86.org. simulator source code and documentation.

[3]

Root out rootkits: An inside look at mcafee deep defender, 2013.

[4]

I. Anati, S. Gueron, S. Johnson, and V. Scarlata. Innovative technology for cpu based attestation and sealing. In Wkshp. on Hardware and Architectural Support for Security and Privacy, with ISCA'13, 2013.

[5]

Anonymous. Xbox 360 Hypervisor Privilege Escalation Vulnerability, 2007. Available online: http://www.securityfocus. com/archive/1/461489.

[6]

G. Back, W. C. Hsieh, and J. Lepreau. Processes in kaffeos: Isolation, resource management, and sharing in java. In Proceedings of the 4th Conference on Symposium on Operating System Design & Implementation (OSDI), 2000.

Digital Library

[7]

R. Boivie and P. Williams. Secureblue++: Cpu support for secure executables. 2013.

[8]

D. Champagne and R. Lee. Scalable architectural support for trusted software. In Proceedings of HPCA, 2010.

[9]

S. Checkoway and H. Shacham. Iago attacks: Why the system call api is a bad untrusted rpc interface. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 253--264. ACM, 2013.

Digital Library

[10]

X. Chen, T. Garfinkel, E. Lewis, P. Subrahmanyam, D. Boneh, J. D. Dan, and R. Ports. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proceedings of ASPLOS, 2008.

Digital Library

[11]

S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic. Secureme: A hardware-software approach to full system security. In Proc. International Conference on Supercomputing (ICS), June 2011.

Digital Library

[12]

J. Criswell, N. Dautenhahn, and V. Adve. Virtual ghost: Protecting applications from hostile operating systems. In Proc. ASPLOS, 2014.

Digital Library

[13]

CVE-2007-4993: Xen guest root can escape to domain 0 through pygrub, 2007.

[14]

CVE-2007-5497: Vulnerability in XenServer could result in privilege escalation and arbitrary code execution, 2007. Available online:http://support.citrix.com/article/CTX118766.

[15]

CVE-2008-2100: VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code in Host OS, 2008.

[16]

L. Domnitser, A. Jaleel, J. Loew, n. Abu-Ghazaleh, and D. Ponomarev. non-monopolizable caches: A low-complexity mitigation of cache side-channel attacks. In ACM Transactions on Architecture and Code Optimization, June 2012.

Digital Library

[17]

J. Dwoskin and R. Lee. Hardware-rooted trust for secure key management and transient trust. In Proceedings of CCS, 2007.

Digital Library

[18]

J. Elwell, R. Riley, N. Abu-Ghazaleh, and D. Ponomarev. A non-inclusive memory permissions architecture for protection against cross-layer attacks. In Proc. International Symposium on High Performance Computer Architecture (HPCA), feb. 2014.

[19]

A. Hodjat, D. D. Hwang, B. Lai, K. Tiri, and I. Verbauwhede. A 3.84 gbits/s aes crypto coprocessor with modes of operation in a 0.18-μm cmos technology. In Proceedings of the 15th ACM Great Lakes symposium on VLSI, pages 60--63. ACM, 2005.

Digital Library

[20]

M. Hoekstra, R. Lal, P. Pappachan, C. Rozas, and V. Phegade. Using innovative instructions to create trustworthy software solutions. In Wkshp. on Hardware and Architectural Support for Security and Privacy, with ISCA'13, 2013.

Digital Library

[21]

O. Hofmann, S. Kim, A. Dunn, M. Lee, and E. Witchel. Inktag: Secure applications on an untrusted operating system. In Proceedings of ASPLOS, 2013.

Digital Library

[22]

V. Kemerlis, G. Portokalidis, and A. Keromytis. kguard: lightweight kernel protection against return-to-user attacks. In Proceedings of the 21st USENIX conference on Security symposium, pages 39--39. USENIX Association, 2012.

Digital Library

[23]

C. King and C. Beal. Csi kernel: finding a needle in a multiterabyte haystack. Software, IEEE, 29(6):9--12, 2012.

Digital Library

[24]

K. Kortchinsky. Hacking 3D (and Breaking out of VMWare). In BlackHat USA, 2009.

[25]

D. Lampret, C.-M. Chen, M. Mlinar, J. Rydberg, M. Ziv-Av, C. Ziomkowski, G. McGary, B. Gardner, R. Mathur, and M. Bolado. Openrisc 1000 architecture manual. Description of assembler mnemonics and other for OR1200, 2003.

[26]

R. B. Lee, P. C. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for protecting critical secrets in microprocessors. In Computer Architecture, 2005. ISCA'05. Proceedings. 32nd International Symposium on, pages 2--13. IEEE, 2005.

Digital Library

[27]

D. Lie, M. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Proceedings of ASPLOS, 2000.

Digital Library

[28]

Y. Lu, T. Lo, G. Watson, and R. Minnich. Using cache as ram in linux bios, 2012. http://rere.gmgm.pl/mirq.

[29]

J. Mccune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. flicker: An Execution Infrastructure for TCB Minimization. In Proc. ACM Eurosys, 2008.

Digital Library

[30]

F. McKeen, I. Alexandrovich, A. Berenzon, C.Rozas, H. Shafi, V. Shanbhogue, and U. Svagaonkar. Innovative instructions and software model for isolated execution. In Wkshp. on Hardware and Architectural Support for Security and Privacy, with ISCA'13, 2013.

Digital Library

[31]

R. Merkle. Secure communications over insecure channels. Communications of the ACM, 21(4):294--299, Apr. 1978.

Digital Library

[32]

H. E. Michail, G. S. Athanasiou, V. Kelefouras, G. Theodoridis, and C. E. Goutis. On the exploitation of a high-throughput sha-256 fpga design for hmac. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 5(1):2, 2012.

Digital Library

[33]

K. Onarlioglu, C. Mulliner, W. Robertson, and E. Kirda. Privexec: Private execution as an operating system service. In IEEE Symposium on Security and Privacy, May 2013.

Digital Library

[34]

E. Owusu, J. Guajardo, J. McCune, J. Newsome, A. Perrig, and A. Vadudevan. Oasis: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In Proceedings of CCS, 2013.

Digital Library

[35]

D. Perez-Botero, J. Szefer, and R. Lee. Characterizing hypervisor vulnerabilities in cloud computing servers. In Proceedings of the Workshop on Security in Cloud Computing (SCC), 2013.

Digital Library

[36]

polarssl, 2014. Accessed May 2014 at https://polarssl.org/.

[37]

R. Riley, X. Jiang, and D. Xu. Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In Recent Advances in Intrusion Detection (RAID), pages 1--20, 2008.

Digital Library

[38]

J. Rutkowska. Introducing the Blue Pill, 2006. Available Online: http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html.

[39]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proc. of the 13th Usenix Security Symposium, Aug. 2004.

Digital Library

[40]

R. Sanchez-Reillo, C. Sanchez-Avila, C. Lopez-Ongil, and L. Entrena-Arrontes. Improving security in information technology using cryptographic hardware modules. In Security Technology, 2002. Proceedings. 36th Annual 2002 International Carnahan Conference on, pages 120--123. IEEE, 2002.

[41]

Cve details: The ultimate security vulnerability datasource, 2013. Accessed Nov. 2013 at http://cvedetails.com.

[42]

S.Jin, J.Ahn, S.Cha, and J.Huh. Architectural support for secure virtualization under a vulnerable hypervisor. In Proceedings of MICRO, 2011.

Digital Library

[43]

C. D. Spradling. Spec cpu2006 benchmark tools. SIGARCH Comput. Archit. News, 35(1):130--134, 2007.

Digital Library

[44]

G. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of ICS, 2003.

Digital Library

[45]

G. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Efficient memory integrity verification and encryption for secure processors. In Proceedings of MICRO, 2003.

Digital Library

[46]

G. Suh, C. O'Donnell, I. Sachdev, and S. Devadas. Design and implementation of the aegis single-chip secure processor using physical random functions. In Proceedings of ISCA, 2003.

Digital Library

[47]

J. Szefer and R. Lee. Architectural support for hypervisor-secure virtualization. In Proceedings of ASPLOS, 2012.

Digital Library

[48]

A. Vasudevan, J. McCune, J. Newsome, A. Perrig, and L. van Doorn. Carma: A hardware tamper-resistant isolated execution environment on commodity x86 platforms. In Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2012.

Digital Library

[49]

Z. Wang and R. Lee. A novel cache architecture with enhanced performance and security. In Proc. International Symposium on Microarchitecture (MICRO), Dec. 2008.

Digital Library

[50]

R. Wojtczuk. Subverting the Xen hypervisor. In BlackHat USA, 2008.

[51]

Y. Xia, Y. Lin, and H. Chen. Architecture support for guest-transparent vm protection from untrusted hypervisor and physical attacks. In Proceedings of HPCA, 2013.

Digital Library

[52]

F. Zhang, J. Chen, H. Chen, and B.Zang. Cloudvisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of SOSP, 2011.

Digital Library

[53]

Z. Zhou, V. Gligor, J. Newsome, and J. McCune. Building verifiable trusted path on commodity x86 computers. In IEEE Symposium on Security and Privacy, 2012.

Digital Library

[54]

D. Zovi. Hardware Virtualization Based Rootkits. In BlackHat USA, 2006, 2006. Available Online: http://blackhat.com/presentations/bh-usa-06/BH-US-06-Zovi.pdf.

Cited By

Johnson MVolos SGordon KAllen SWintersteiger CClebsch SStarks JCosta M(2024)Confidential Container GroupsQueue10.1145/366429322:2(57-86)Online publication date: 23-May-2024
https://dl.acm.org/doi/10.1145/3664293
Maeng KLucia BRodríguez GSadayappan PSukumaran-Rajam A(2024)Compiler-Based Memory Encryption for Machine Learning on Commodity Low-Power DevicesProceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction10.1145/3640537.3641564(198-211)Online publication date: 17-Feb-2024
https://dl.acm.org/doi/10.1145/3640537.3641564
Constable SVan Bulck JCheng XXiao YXing CAlexandrovich IKim TPiessens FVij MSilberstein MCalandrino JTroncoso C(2023)AEX-NotifyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620464(4051-4068)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620464
Show More Cited By

Index Terms

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution
1. Hardware
  1. Electronic design automation
    1. Physical design (EDA)
  2. Integrated circuits
    1. Semiconductor memory

Recommendations

A secure virtual execution environment for untrusted code
ICISC'07: Proceedings of the 10th international conference on Information security and cryptology

This paper proposes a Secure Virtual Execution Environment called Pollux for untrusted code. Pollux achieves both the OS isolation and the functionality benefits provided by the isolated untrusted applications. It accomplishes the OS isolation by ...
A Secure Virtual Execution Environment for Untrusted Code
Information Security and Cryptology - ICISC 2007
Abstract
This paper proposes a Secure Virtual Execution Environment called Pollux for untrusted code. Pollux achieves both the OS isolation and the functionality benefits provided by the isolated untrusted applications. It accomplishes the OS isolation by ...
A novel approach for untrusted code execution
ICICS'07: Proceedings of the 9th international conference on Information and communications security

In this paper, we present a new approach called Secure Virtual Execution Environment (SVEE) which enables users to "try out" untrusted software without the fear of damaging the system in any manner. A key feature of SVEE is that it implements the OS ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO-47: Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture

December 2014

697 pages

ISBN:9781479969982

General Chair:
Krisztian Flautner
ARM
,
Program Chairs:
Thomas F. Wenisch
University of Michigan
,
Emre Ozer
ARM
,
Publications Chair:
Michael Ferdman
Stony Brook University

Sponsors

Publisher

IEEE Computer Society

United States

Publication History

Published: 13 December 2014

Check for updates

Author Tags

Qualifiers

Tutorial
Research
Refereed limited

Conference

MICRO-47

Sponsor:

SIGMICRO

MICRO-47: The 47th Annual IEEE/ACM International Symposium of Microarchitecture

December 13 - 17, 2014

Cambridge, United Kingdom

Acceptance Rates

MICRO-47 Paper Acceptance Rate 53 of 279 submissions, 19%;

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Upcoming Conference

MICRO '24

Sponsor:
sigmicro

57th Annual IEEE/ACM International Symposium on Microarchitecture

November 2 - 6, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
218
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Johnson MVolos SGordon KAllen SWintersteiger CClebsch SStarks JCosta M(2024)Confidential Container GroupsQueue10.1145/366429322:2(57-86)Online publication date: 23-May-2024
https://dl.acm.org/doi/10.1145/3664293
Maeng KLucia BRodríguez GSadayappan PSukumaran-Rajam A(2024)Compiler-Based Memory Encryption for Machine Learning on Commodity Low-Power DevicesProceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction10.1145/3640537.3641564(198-211)Online publication date: 17-Feb-2024
https://dl.acm.org/doi/10.1145/3640537.3641564
Constable SVan Bulck JCheng XXiao YXing CAlexandrovich IKim TPiessens FVij MSilberstein MCalandrino JTroncoso C(2023)AEX-NotifyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620464(4051-4068)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620464
Ghaniyoun MBarber KXiao YZhang YTeodorescu RSolihin YHeinrich M(2023)TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution EnvironmentsProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589070(1-15)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589070
Zhao MGao MKozyrakis CFalsafi BFerdman MLu SWenisch T(2022)ShEF: shielded enclaves for cloud FPGAsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507733(1070-1085)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507733
Roy NBansal NTakhar GMittal NSubramanyan PYarom YZennou S(2020)When oblivious is notProceedings of the 14th USENIX Conference on Offensive Technologies10.5555/3488877.3488880(3-3)Online publication date: 11-Aug-2020
https://dl.acm.org/doi/10.5555/3488877.3488880
Zhao SZhang QQin YFeng WFeng DCavallaro LKinder JWang XKatz J(2019)SecTEEProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3363205(1723-1740)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3363205
Patil RModi C(2019)An Exhaustive Survey on Security Concerns and Solutions at Different Components of VirtualizationACM Computing Surveys10.1145/328730652:1(1-38)Online publication date: 13-Feb-2019
https://dl.acm.org/doi/10.1145/3287306
Volos SVaswani KBruno RArpaci-Dusseau AVoelker G(2018)GravitonProceedings of the 13th USENIX conference on Operating Systems Design and Implementation10.5555/3291168.3291219(681-696)Online publication date: 8-Oct-2018
https://dl.acm.org/doi/10.5555/3291168.3291219
Evtyushkin DRiley RAbu-Ghazaleh NPonomarev D(2018)BranchScopeACM SIGPLAN Notices10.1145/3296957.317320453:2(693-707)Online publication date: 19-Mar-2018
https://dl.acm.org/doi/10.1145/3296957.3173204
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents