Veil: A Protected Services Framework for Confidential Virtual Machines
Pages 378 - 393
Abstract
Confidential virtual machines (CVMs) enabled by AMD SEV provide a protected environment for sensitive computations on an untrusted cloud. Unfortunately, CVMs are typically deployed with huge and vulnerable operating system kernels, exposing the CVMs to attacks that exploit kernel vulnerabilities. Veil is a versatile CVM framework that efficiently protects critical system services like shielding sensitive programs, which cannot be entrusted to the buggy kernel. Veil leverages a new hardware primitive, virtual machine privilege levels (VMPL), to install a privileged security monitor inside the CVM. We overcome several challenges in designing Veil, including (a) creating unlimited secure domains with a limited number of VMPLs, (b) establishing resource-efficient domain switches, and (c) maintaining commodity kernel backwards-compatibility with only minor changes. Our evaluation shows that Veil incurs no discernible performance slowdown during normal CVM execution while incurring a modest overhead (2 -- 64%) when running its protected services across real-world use cases.
References
[1]
AMDESE/AMDSEV: AMD Secure Encrypted Virtualization. https://github.com/AMDESE/AMDSEV.
[2]
auditctl(8) - Linux Manpage. https://linux.die.net/man/8/auditctl/.
[3]
Gzip - GNU Project Free Software Foundation. https://www.gnu.org/software/gzip/.
[4]
Linux Kernel CVEs | All CVEs. https://www.linuxkernelcves.com/cves.
[5]
Linux Test Project. https://github.com/linux-test-project/ltp.
[6]
Linux Test Project: ltp/testcases/kernel. https://github.com/linux-test-project/ltp/tree/master/testcases/kernel.
[7]
Linux TestProject: ltp/testcases/kernel/device-drivers. https://github.com/linux-test-project/ltp/tree/master/testcases/kernel/device-drivers.
[8]
Linux Test Project: ltp/testcases/kernel/syscalls. https://github.com/linux-test-project/ltp/tree/master/testcases/kernel/syscalls.
[9]
Linux Test Project: ltp/testcases/kernel/tracing. https://github.com/linux-test-project/ltp/tree/master/testcases/kernel/tracing.
[10]
mbedtls. https://tls.mbed.org.
[11]
Memcached - A Distributed Memory Object Caching System. https://memcached.org/.
[12]
UnQLite - An Embedded NoSQL Database Engine. https://unqlite.org/.
[13]
Virtio - KVM. https://www.linux-kvm.org/page/Virtio.
[14]
01org. Intel(R) Software Guard Extensions for Linux* OS (source code). https://github.com/01org/linux-sgx.
[15]
Abubakar, M., Ahmad, A., Fonseca, P., and Xu, D. SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In Proceedings of the 30th USENIX Security Symposium (Security) (Virtual Event, Aug. 2021).
[16]
Accetta, M. J., Baron, R. V., Bolosky, W. J., Golub, D. B., Rashid, R. F., Tevanian, A., and Young, M. Mach: A New Kernel Foundation for UNIX Development. In Proceedings of the 2010 USENIX Annual Technical Conference (ATC) (Boston, MA, June 2010).
[17]
Ahmad, A., Joe, B., Xiao, Y., Zhang, Y., Shin, I., and Lee, B. Obfuscuro: A Commodity Obfuscation Engine for Intel SGX. In Proceedings of the 2019 Annual Network and Distributed System Security Symposium (NDSS) (San Diego, CA, Feb. 2019).
[18]
Ahmad, A., Kim, J., Seo, J., Shin, I., Fonseca, P., and Lee, B. Chancel: Efficient Multi-client Isolation Under Adversarial Programs. In Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS) (2021).
[19]
Ahmad, A., Kim, K., Sarfaraz, M. I., and Lee, B. OBLIVIATE: A Data Oblivious File System for Intel SGX. In Proceedings of the 2018 Annual Network and Distributed System Security Symposium (NDSS) (February 2018).
[20]
Ahmad, A., Lee, S., Fonseca, P., and Lee, B. Kard: Lightweight Data Race Detection with Per-thread Memory Protection. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (Virtual Event, Apr. 2021).
[21]
Ahmad, A., Lee, S., and Peinado, M. Hardlog: Practical Tamper-Proof System Auditing Using a Novel Audit Device. In Proceedings of the 43rd IEEE Symposium on Security and Privacy (Oakland) (May 2022).
[22]
Ahmad, A., Schultz, A., Lee, B., and Fonseca, P. An Extensible Orchestration and Protection Framework for Confidential Cloud Computing. In Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI) (Jul 2023).
[23]
AMD. AMD SEV-SNP: Strengthening SEV with Integrity Protections and More. https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf.
[24]
AMD. AMDESE/linux-svsm. https://github.com/AMDESE/linux-svsm.
[25]
AMD. SEV-ES Guest-Hypervisor Communication Block Standardization. https://developer.amd.com/wp-content/resources/56421.pdf.
[26]
AMD. SEV Secure Nested Paging Firmware ABI Specification. https://www.amd.com/system/files/TechDocs/56860.pdf.
[27]
AnandTech. AMD to Launch 3rd Generation EPYC on March 15: Milan with Zen 3. https://www.anandtech.com/show/16537/amd-to-launch-3rd-generation-epyc-on-march-15th-milan-with-zen-3.
[28]
ARM. Arm confidential compute architecture. https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture, 2022.
[29]
Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O'Keeffe, D., Stillwell, M., et al. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI) (Savannah, GA, November 2016).
[30]
Azab, A. M., Ning, P., Shah, J., Chen, Q., Bhutkar, R., Ganesh, G., Ma, J., and Shen, W. Hypervision Across Worlds: Real-Time Kernel Protection from the ARM TrustZone Secure World. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS) (Scottsdale, Arizona, Nov. 2014).
[31]
Azure, M. DCasv5 and ECasv5 Series Confidential VMs. https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview.
[32]
Baumann, A., Peinado, M., and Hunt, G. Shielding Applications from an Untrusted Cloud with Haven. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI) (Broomfield, CO, Oct. 2014).
[33]
Buhren, R., Jacob, H.-N., Krachenfels, T., and Seifert, J.-P. One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization. In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS) (Virtual Event, Nov. 2021).
[34]
Bulck, J. V., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T. F., Yarom, Y., and Strackx, R. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the 27th USENIX Security Symposium (Security) (August 2018).
[35]
Cerdeira, D., Santos, N., Fonseca, P., and Pinto, S. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland) (San Francisco, CA, May 2020).
[36]
che Tsai, C., Porter, D. E., and Vij, M. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC) (Santa Clara, CA, July 2017).
[37]
Checkoway, S., and Shacham, H. Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface. In Proceedings of the 18th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (March 2013).
[38]
Chen, H., Zhang, F., Chen, C., Yang, Z., Chen, R., Zang, B., and Mao, W. Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor, 2007.
[39]
Chen, S., Zhang, X., Reiter, M. K., and Zhang, Y. Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjá Vu. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS) (Dallas, TX, Oct.-Nov. 2017).
[40]
Chen, X., Garfinkel, T., Lewis, E. C., Subrahmanyam, P., Waldspurger, C. A., Boneh, D., Dwoskin, J., and Ports, D. R. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In Proceedings of the 13th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (Seattle, WA, Mar. 2008).
[41]
Costan, V., Lebedev, I., and Devadas, S. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In Proceedings of the 25th USENIX Security Symposium (Security) (Austin, TX, August 2016).
[42]
Criswell, J., Dautenhahn, N., and Adve, V. Virtual Ghost: Protecting Applications from Hostile Operating Systems. In Proceedings of the 19th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (Salt Lake City, UT, Mar. 2014).
[43]
Criswell, J., Lenharth, A., Dhurjati, D., and Adve, V. Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP) (Stevenson, WA, Oct. 2007).
[44]
Cui, R., Zhao, L., and Lie, D. Emilia: Catching Iago in Legacy Code. In Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS) (Feb. 2021).
[45]
Dautenhahn, N., Kasampalis, T., Dietz, W., Criswell, J., and Adve, V. Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation. In Proceedings of the 20th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (Istanbul, Turkey, Mar. 2015).
[46]
Dong, X., Shen, Z., Criswell, J., Cox, A. L., and Dwarkadas, S. Shielding Software from Privileged Side-Channel Attacks. In Proceedings of the 27th USENIX Security Symposium (Security) (Baltimore, MD, Aug 2018).
[47]
Enarx. AMD SEV Remote Attestation Protocol. https://enarx.dev/docs/technical/amd-sev-attestation.
[48]
Feng, E., Lu, X., Du, D., Yang, B., Jiang, X., Xia, Y., Zang, B., and Chen, H. Scalable Memory Protection in the PENGLAI Enclave. In Proceedings of the 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI) (Jul 2021).
[49]
Ferraiuolo, A., Baumann, A., Hawblitzel, C., and Parno, B. Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software. In Proceedings of the 26th ACM Symposium on Operating Systems Principles (SOSP) (Shanghai, China, Oct. 2017).
[50]
Fonseca, P., Wang, X., and Krishnamurthy, A. MultiNyx: A Multi-Level Abstraction Framework for Systematic Analysis of Hypervisors. In Proceedings of the 13th European Conference on Computer Systems (EuroSys) (Porto, Portugal, Apr. 2018).
[51]
Fonseca, P., Zhang, K., Wang, X., and Krishnamurthy, A. An Empirical Study on the Correctness of Formally Verified Distributed Systems. In Proceedings of the 12th European Conference on Computer Systems (EuroSys) (Belgrade, Serbia, Apr. 2017).
[52]
Gandhi, V., Banerjee, S., Agrawal, A., Ahmad, A., Lee, S., and Peinado, M. Rethinking System Audit Architectures for High Event Coverage and Synchronous Log Availability. In Proceedings of the 32nd USENIX Security Symposium (Security) (Anaheim, CA, Aug 2023).
[53]
Ge, X., Kuo, H.-C., and Cui, W. Hecate: Lifting and Shifting On-Premises Workloads to an Untrusted Cloud. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (Los Angeles, CA, USA, 2022).
[54]
Godfrey, M., and Zulkernine, M. Preventing Cache-Based Side-Channel Attacks in a Cloud Environment. IEEE Transactions on Cloud Computing (2014).
[55]
Gong, S., Altinbüken, D., Fonseca, P., and Maniatis, P. Snowboard: Finding Kernel Concurrency Bugs through Systematic Inter-Thread Communication Analysis. In Proceedings of the 28th ACM Symposium on Operating Systems Principles (SOSP) (Virtual Event, Oct. 2021).
[56]
Gong, S., Peng, D., Altinbüken, D., Fonseca, P., and Maniatis, P. Snowcat: Efficient Kernel Concurrency Testing using a Learned Coverage Predictor. In Proceedings of the 29th ACM Symposium on Operating Systems Principles (SOSP) (Koblenz, Germany, Oct. 2023).
[57]
Google. google/syzkaller: syzkaller is an unsupervised coverage-guided kernel fuzzer. https://github.com/google/syzkaller.
[58]
Google. Introducing Google cloud confidential computing with confidential VMs. https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms.
[59]
Google Cloud. Confidential computing concepts | Google Cloud. https://cloud.google.com/confidential-computing/confidential-vm/docs/about-cvm.
[60]
Gravani, S., Hedayati, M., Criswell, J., and Scott, M. L. Fast Intra-Kernel Isolation and Security with IskiOS. In Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID) (2021).
[61]
Gruss, D., Lettner, J., Schuster, F., Ourimenko, O., Haller, I., and Costa, M. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In Proceedings of the 27th USENIX Security Symposium (Security) (Vancouver, BC, 2017).
[62]
Guan, L., Liu, P., Xing, X., Ge, X., Zhang, S., Yu, M., and Jaeger, T. Trust-Shadow: Secure Execution of Unmodified Applications with Arm TrustZone. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys) (Niagara Falls, NY, 2017).
[63]
Hassan, W. U., Bates, A., and Marino, D. Tactical Provenance Analysis for Endpoint Detection and Response Systems. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland) (San Francisco, CA, May 2020).
[64]
Hetzelt, F., and Buhren, R. Security Analysis of Encrypted Virtual Machines. ACM SIGPLAN Notices (2017).
[65]
Hof, A. V., and Nieh, J. BlackBox: A Container Security Monitor for Protecting Containers on Untrusted Operating Systems. In Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI) (Carlsbad, CA, July 2022).
[66]
Hofmann, O. S., Kim, S., Dunn, A. M., Lee, M. Z., and Witchel, E. InkTag: Secure Applications on an Untrusted Operating System. In Proceedings of the 18th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (Houston, TX, Mar. 2013).
[67]
Hua, Z., Gu, J., Xia, Y., Chen, H., Zang, B., and Guan, H. vTZ: Virtualizing ARM TrustZone. In USENIX security symposium (2017).
[68]
Intel. Intel 64 and ia-32 architectures software developer's manual. Volume 3A: System Programming Guide (2016).
[69]
Karande, V., Bauman, E., Lin, Z., and Khan, L. SGX-Log: Securing System Logs with SGX. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS) (2017).
[70]
Kim, T., Peinado, M., and Mainar-Ruiz, G. STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud. In Proceedings of the 21st USENIX Security Symposium (Security) (Bellevue, WA, Aug. 2012).
[71]
Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., and Winwood, S. seL4: Formal Verification of an OS Kernel. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP) (Big Sky, MT, Oct. 2009).
[72]
Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., and Yarom, Y. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland) (May 2019).
[73]
Kuenzer, S., Badoiu, V.-A., Lefeuvre, H., Santhanam, S., Jung, A., Gain, G., Soldani, C., Lupu, C., Teodorescu, S., Raducanu, C., Banu, C., Mathy, L., Deaconescu, R., Raiciu, C., and Huici, F. Unikraft: Fast, Specialized Unikernels the Easy Way. Proceedings of the Sixteenth European Conference on Computer Systems (2021).
[74]
Le, D. V., Hurtado, L. T., Ahmad, A., Minaei, M., Lee, B., and Kate, A. A Tale of Two Trees: One Writes, and Other Reads. Optimized Oblivious Accesses to Large-Scale Blockchains. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS) (2020).
[75]
Lea, D. Dlmalloc, 2010.
[76]
Lee, D., Jung, D., Fang, I. T., Tsai, C.-C., and Popa, R. A. An Off-Chip Attack on Hardware Enclaves via the Memory Bus. In Proceedings of the 29th USENIX Security Symposium (Security) (Boston, MA, Aug 2020).
[77]
Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., and Song, D. Keystone: An Open Framework for Architecting Trusted Execution Environments. In Proceedings of the 15th ACM European Conference on Computer Systems (EuroSys) (2020).
[78]
Lee, H., Song, C., and Kang, B. B. Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (2018).
[79]
Lee, S., Shih, M., Gera, P., Kim, T., Kim, H., and Peinado, M. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In Proceedings of the 26th USENIX Security Symposium (Security) (Vancouver, BC, Aug 2017).
[80]
Li, M., Wilke, L., Wichelmann, J., Eisenbarth, T., Teodorescu, R., and Zhang, Y. A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP. In 2022 IEEE Symposium on Security and Privacy (SP) (2022).
[81]
Li, M., Zhang, Y., and Lin, Z. Crossline: Breaking "Security-by-crash" based Memory Isolation in AMD SEV. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (2021).
[82]
Li, M., Zhang, Y., Lin, Z., and Solihin, Y. Exploiting Unprotected I/O Operations in AMD's Secure Encrypted Virtualization. In 28th USENIX Security Symposium (USENIX Security) (2019).
[83]
Li, M., Zhang, Y., Wang, H., Li, K., and Cheng, Y. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In 30th USENIX Security Symposium (USENIX Security 21) (2021).
[84]
Li, M., Zhang, Y., Wang, H., Li, K., and Cheng, Y. TLB Poisoning Attacks on AMD Secure Encrypted Virtualization. In Annual Computer Security Applications Conference (2021).
[85]
Li, S.-W., Koh, J. S., and Nieh, J. Protecting Cloud Virtual Machines from Hypervisor and Host Operating System Exploits. In Proceedings of the 28th USENIX Security Symposium (2019).
[86]
Lighttpd. Lighttpd - fly light. https://www.lightttpd.net/.
[87]
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., and Hamburg, M. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Security Symposium (Security) (July 2018).
[88]
Liu, C., Gong, S., and Fonseca, P. KIT: Testing OS-Level Virtualization for Functional Interference Bugs. In Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (Vancouver, BC, Apr. 2023).
[89]
Liu, F., Yarom, Y., Ge, Q., Heiser, G., and Lee, R. B. Last-Level Cache Side-Channel Attacks Are Practical. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland) (May 2015).
[90]
Ma, S., Zhai, J., Kwon, Y., Lee, K. H., Zhang, X., Ciocarlie, G., Gehani, A., Yegneswaran, V., Xu, D., and Jha, S. Kernel-Supported Cost-Effective Audit Logging for Causality Tracking. In Proceedings of the 2018 USENIX Annual Technical Conference (ATC) (Boston, MA, July 2018).
[91]
Martin, R., Demme, J., and Sethumadhavan, S. Timewarp: Rethinking Time-keeping and Performance Monitoring Mechanisms to Mitigate Side-Channel Attacks. In 2012 39th Annual International Symposium on Computer Architecture (ISCA) (2012).
[92]
McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C. V., Shafi, H., Shanbhogue, V., and Savagaonkar, U. R. Innovative Instructions and Software Model For Isolated Execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) (June 2013).
[93]
Microsoft. Azure Confidential VMs Using SEV-SNP (DCasv5/ECasv5) are Now Generally Available. https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747.
[94]
Microsoft Docs. Virtualization-Based Security (VBS). htttps://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs.
[95]
Morbitzer, M., Huber, M., and Horsch, J. Extracting Secrets from Encrypted Virtual Machines. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy (2019).
[96]
Morbitzer, M., Huber, M., Horsch, J., and Wessel, S. Severed: Subverting AMD's Virtual Machine Encryption. In Proceedings of the 11th European Workshop on Systems Security (2018).
[97]
Murdock, K., Oswald, D., Garcia, F. D., Van Bulck, J., Gruss, D., and Piessens, F. Plundervolt: Software-based Fault Injection Attacks against Intel SGX. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland) (May 2020).
[98]
Musl-Libc. musl-libc, 2017. https://www.musl-libc.org.
[99]
Narayanan, V., Huang, Y., Tan, G., Jaeger, T., and Burtsev, A. Lightweight Kernel Isolation with Virtualization and VM Functions. In Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE) (2020).
[100]
NGINX Inc. NGINX High Performance Load Balancer, Web Server, & Reverse Proxy. https://www.nginx.com.
[101]
Orenbach, M., Lifshits, P., Minkin, M., and Silberstein, M. Eleos: ExitLess OS Services for SGX Enclaves. In Proceedings of the 12th European Conference on Computer Systems (EuroSys) (Belgrade, Serbia, Apr. 2017).
[102]
Osvik, D. A., Shamir, A., and Tromer, E. Cache Attacks and Countermeasures: the Case of AES. In Cryptographers' Track at the RSA Conference (2006).
[103]
Paccagnella, R., Datta, P., Hassan, W. U., Bates, A., Fletcher, C., Miller, A., and Tian, D. CUSTOS: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution. In Proceedings of the 2020 Annual Network and Distributed System Security Symposium (NDSS) (San Diego, CA, Feb. 2020).
[104]
Paccagnella, R., Liao, K., Tian, D., and Bates, A. Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks. In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS) (Nov. 2020).
[105]
Page, D. Partitioned Cache Architecture as a Side-Channel Defence Mechanism. Cryptology ePrint Archive (2005).
[106]
Peng, D., Liu, C., Palit, T., Fonseca, P., Vahldiek-Oberwagner, A., and Vij, M. uSWITCH: Fast Kernel Context Isolation with Implicit Context Switches. In 2023 IEEE Symposium on Security and Privacy (Oakland) (San Francisco, CA, 2023).
[107]
Phoronix. 7-Zip Compression. https://openbenchmarking.org/test/pts/compress-7zip-1.9.0.
[108]
Phoronix. OpenSSL Benchmark. https://openbenchmarking.org/test/pts/openssl.
[109]
Phoronix. SQLite SpeedTest Benchmark. https://openbenchmarking.org/test/pts/sqlite-speedtest.
[110]
Rane, A., Lin, C., and Tiwari, M. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In Proceedings of the 24th USENIX Security Symposium (Security) (Washington, DC, Aug. 2015).
[111]
Riley, R., Jiang, X., and Xu, D. Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing. In Recent Advances in Intrusion Detection: 11th International Symposium (RAID) (2008).
[112]
Seshadri, A., Luk, M., Qu, N., and Perrig, A. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP) (Stevenson, WA, Oct. 2007).
[113]
Shi, J., Song, X., Chen, H., and Zang, B. Limiting Cache-Based Side-Channel in Multi-Tenant Cloud using Dynamic Page Coloring. In 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSNW) (2011).
[114]
Shi, L., Wu, Y., Xia, Y., Dautenhahn, N., Chen, H., Zang, B., and Li, J. Deconstructing Xen. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS) (San Diego, CA, Feb. 2017).
[115]
Shih, M.-W., Lee, S., Kim, T., and Peinado, M. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS) (San Diego, CA, Feb. 2017).
[116]
Soares, L., and Stumm, M. FlexSC: Flexible System Call Scheduling with Exception-Less System Calls. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI) (Vancouver, Canada, Oct. 2010).
[117]
SPEC. SPEC CPU 2006. https://www.spec.org/cpu2006/.
[118]
SQLite Consortium. SQLite home page.
[119]
SUSE. Understanding Linux Audit. https://documentation.suse.com/sles/12-SP4/html/SLES-all/cha-audit-comp.html.
[120]
Swift, M. M., Bershad, B. N., and Levy, H. M. Improving the Reliability of Commodity Operating Systems. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP) (Bolton Landing, NY, Oct. 2003).
[121]
The Apache Software Foundation. ab - Apache HTTP Server Benchmark Tool. https://httpd.apache.org/docs/2.4/programs/ab.html.
[122]
Tsai, C.-C., Arora, K. S., Bandi, N., Jain, B., Jannen, W., John, J., Kalodner, H. A., Kulkarni, V., Oliveira, D., and Porter, D. E. Cooperation and Security Isolation of Library OSes for Multi-Process Applications. In Proceedings of the 9th European Conference on Computer Systems (EuroSys) (Amsterdam, The Netherlands, Apr. 2014).
[123]
Tsai, C.-C., Jain, B., Abdul, N. A., and Porter, D. E. A Study of Modern Linux API Usage and Compatibility: What to Support When You're Supporting. In Proceedings of the 11th European Conference on Computer Systems (EuroSys) (London, UK, Apr. 2016).
[124]
Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., and Strackx, R. Telling your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In Proceedings of the 26th USENIX Security Symposium (Security) (August 2017).
[125]
Werner, J., Mason, J., Antonakakis, M., Polychronakis, M., and Monrose, F. The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (AsiaCCS) (2019).
[126]
Wilke, L., Wichelmann, J., Morbitzer, M., and Eisenbarth, T. Sevurity: No Security without Integrity: Breaking Integrity-Free Memory Encryption with Minimal Assumptions. In IEEE Symposium on Security and Privacy (Oakland) (2020).
[127]
Xiao, Y., Zhang, X., Zhang, Y., and Teodorescu, R. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In Proceedings of the 25th USENIX Security Symposium (Security) (August 2016).
[128]
Xiong, X., and Liu, P. SILVER: Fine-Grained and Transparent Protection Domain Primitives in Commodity OS Kernel. In Proceedings of the 16th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID) (2013).
[129]
Xu, M., Jiang, X., Sandhu, R., and Zhang, X. Towards a VMM-Based Usage Control Framework for OS Kernel Integrity Protection. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (SACMAT) (2007).
[130]
Xu, Y., Cui, W., and Peinado, M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland) (San Jose, CA, May 2015).
[131]
Zhao, K., Gong, S., and Fonseca, P. On-demand-fork: A microsecond fork for memory-intensive and latency-sensitive applications. In Proceedings of the USENIX European Conference on Computer Systems (EuroSys) (2021).
[132]
Zhao, S., Li, M., Zhang, Y., and Lin, Z. vSGX: Virtualizing SGX Enclaves on AMD SEV. In 2022 IEEE Symposium on Security and Privacy (SP) (2022), IEEE.
[133]
Zhou, Z., Reiter, M. K., and Zhang, Y. A Software Approach to Defeating Side Channels in Last-Level Caches. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS) (Vienna, Austria, Oct. 2016).
[134]
Zhuang, M., and Aker, B. memaslap - Load Testing and Benchmarking a Server. http://docs.libmemcached.org/bin/memaslap.html.
Index Terms
- Veil: A Protected Services Framework for Confidential Virtual Machines
Recommendations
Serverless Confidential Containers: Challenges and Opportunities
SESAME '24: Proceedings of the 2nd Workshop on SErverless Systems, Applications and MEthodologiesServerless computing allows users to execute pieces of code (so called functions) on-demand in the cloud without having to provision any hardware resources. However, by executing in the cloud and delegating control over hardware resources, the integrity ...
Traffic-sensitive live migration of virtual machines
CCGRID '15: Proceedings of the 15th IEEE/ACM International Symposium on Cluster, Cloud, and Grid ComputingIn this paper we address the problem of network contention between the migration traffic and the Virtual Machine (VM) application traffic for the live migration of co-located Virtual Machines. When VMs are migrated with pre-copy, they run at the source ...
Live gang migration of virtual machines
HPDC '11: Proceedings of the 20th international symposium on High performance distributed computingThis paper addresses the problem of simultaneously migrating a group of co-located and live virtual machines (VMs), i.e, VMs executing on the same physical machine. We refer to such a mass simultaneous migration of active VMs as "live gang migration". ...
Comments
Information & Contributors
Information
Published In
March 2023
430 pages
ISBN:9798400703942
DOI:10.1145/3623278
- Chair:
- Tor Aamodt,
- Program Chair:
- Michael M Swift,
- Program Co-chair:
- Natalie Enright Jerger
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 February 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
ASPLOS '23: 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4
March 25 - 29, 2023
BC, Vancouver, Canada
Acceptance Rates
Overall Acceptance Rate 535 of 2,713 submissions, 20%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 443Total Downloads
- Downloads (Last 12 months)443
- Downloads (Last 6 weeks)57
Reflects downloads up to 27 Jul 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in