research-article

OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms

Authors:

Emmanuel Owusu,

Jorge Guajardo,

Jonathan McCune,

Amit VasudevanAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 13 - 24

https://doi.org/10.1145/2508859.2516678

Published: 04 November 2013 Publication History

Abstract

We present OASIS, a CPU instruction set extension for externally verifiable initiation, execution, and termination of an isolated execution environment with a trusted computing base consisting solely of the CPU. OASIS leverages the hardware components available on commodity CPUs to achieve a low-cost, low-overhead design.

References

[1]

ARM Security Technology - Building a Secure System using TrustZone Technology, 2009. Available at http://infocenter.arm.com/.

[2]

The CDW 2011 Cloud Computing Tracking Poll, 2011. Available at www.cdw.com.

[3]

Intel Trusted Execution Technology (Intel TXT) - Software Development Guide, 2013. Document Number: 315168-009 Available at www.intel.com.{4} Bosch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., and Tuyls, P. Efficient Helper Data Key Extractor on FPGAs. In Cryptographic Hardware and Embedded Systems (CHES) (2008).

[4]

Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., and Smith, A. Secure Remote Authentication Using Biometric Data. In Advances in Cryptology (EUROCRYPT) (2005).

Digital Library

[5]

Brian Krebs. Coordinated ATM Heist Nets Thieves $13M, 2011. Available at http://krebsonsecurity.com.

[6]

Chen, L. Recommendation for Key Derivation Using Pseudorandom Functions (Revised). NIST Special Publication 800--108, 2009.

[7]

Chhabra, S., Rogers, B., Solihin, Y., and Prvulovic, M. SecureME: A Hardware-Software Approach to Full System Security. In ACM International conference on Supercomputing (ICS) (2011).

Digital Library

[8]

Dodis, Y., Katz, J., Reyzin, L., and Smith, A. Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In Advances in Cryptology (CRYPTO) (2006).

Digital Library

[9]

Dodis, Y., Reyzin, M., and Smith, A. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In Advances in Cryptology (EUROCRYPT) (2004).

[10]

Dolev, D., Dwork, C., and Naor, M. Non-Malleable Cryptography. In SIAM Journal on Computing (2000).

Digital Library

[11]

Dwoskin, J. S., and Lee, R. B. Hardware-rooted trust for secure key management and transient trust. In ACM conference on Computer and communications security (CCS) (2007).

Digital Library

[12]

El Defrawy, K., Francillon, A., Perito, D., and Tsudik, G. SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust. In Network and Distributed System Security Symposium (NDSS) (2012).

[13]

Gassend, B., Clarke, D., van Dijk, M., and Devadas, S. Controlled Physical Random Functions. In Proceedings of Annual Computer Security Applications Conference (ACSAC) (2002).

Digital Library

[14]

Gassend, B., Clarke, D., van Dijk, M., and Devadas, S. Silicon Physical Random Functions. In ACM conference on Computer and Communications Security (CCS) (2002).

Digital Library

[15]

Guajardo, J., Kumar, S. S., Schrijen, G.-J., and Tuyls, P. FPGA Intrinsic PUFs and Their Use for IP Protection. In Cryptographic Hardware and Embedded Systems (CHES) (2007).

Digital Library

[16]

Holcomb, D. E., Burleson, W. P., and Fu, K. Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers. IEEE Trans. Computers (2009).

Digital Library

[17]

IEEE. IEEE Standard Specifications for Public-Key Cryptography -- IEEE Std 1363TM-2000, 2000. Available at www.ieee.org.

[18]

Ittai Anati, Shay Gueron, S. P. J. Innovative Technology for CPU Attestation and Sealing. In Workshop on Hardware Architecture for Security and Privacy (2013).

[19]

Jason Kincaid. Google Confirms That It Fired Engineer For Breaking Internal Privacy Policies, 2010. Available at http://techcrunch.com.

[20]

Juels, A., and Wattenberg, M. A Fuzzy Commitment Scheme. In ACM conference on Computer and Communications Security (CCS) (1999).

Digital Library

[21]

Krawczyk, H. Cryptographic Extraction and Key Derivation: The HKDF Scheme. In Advances in Cryptology (2010), CRYPTO.

Digital Library

[22]

Kursawe, K., Sadeghi, A.-R., Schellekens, D., Skoric, B., and Tuyls, P. Reconfigurable Physical Unclonable Functions -- Enabling Technology for Tamper-Resistant Storage. In IEEE International Workshop on Hardware-Oriented Security and Trust (HOST) (2009).

Digital Library

[23]

Lee, R., Kwan, P., McGregor, J., Dwoskin, J., and Wang, Z. Architecture for Protecting Critical Secrets in Microprocessors. In Proceedings of the International Symposium on Computer Architecture (ISCA) (2005).

Digital Library

[24]

Li, J., Krohn, M., Mazi'eres, D., and Shasha, D. Secure Untrusted Data Depository (SUNDR). In USENIX Symposium on Operating Systems Design & Implementation (OSDI) (2004).

Digital Library

[25]

Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., and Horowitz, M. Architectural Support for Copy and Tamper Resistant Software. ACM SIGPLAN Notices (2000).

Digital Library

[26]

Linnartz, J.-P., and Tuyls, P. New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In International conference on Audio and Video Based Biometric Person Authentication (AVBPA) (2003).

Digital Library

[27]

Lu, Y., Lo, L.-T., Watson, G., and Minnich, R. CAR: Using Cache as RAM in LinuxBIOS, 2012. Available at http://rere.qmqm.pl/ mirq.

[28]

Lucian Constantin. One year after DigiNotar breach, Fox-IT details extent of compromise, 2012. Available at www.wired.com.

[29]

Maes, R., Tuyls, P., and Verbauwhede, I. Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs. In Cryptographic Hardware and Embedded Systems (CHES) (2009).

Digital Library

[30]

Magnusson, P., Christensson, M., Eskilson, J., Forsgren, D., Hallberg, G., Hogberg, J., Larsson, F., Moestedt, A., and Werner, B. Simics: A full system simulation platform. Computer (2002).

Digital Library

[31]

McCune, J. M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V. D., and Perrig, A. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy (S&P) (2010).

Digital Library

[32]

McCune, J. M., Parno, B., Perrig, A., Reiter, M. K., and Isozaki, H. Flicker: An Execution Infrastructure for TCB Minimization. In ACM European Conference in Computer Systems (EuroSys) (2008).

Digital Library

[33]

McCune, J. M., Parno, B., Perrig, A., Reiter, M. K., and Seshadri, A. How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution. In ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2008).

Digital Library

[34]

Pappu, R. S., Recht, B., Taylor, J., and Gershenfeld, N. Physical One-way Functions. Science (2002). Available at web.media.mit.edu.

[35]

Parno, B., Lorch, J. R., Douceur, J. R., Mickens, J. W., and McCune, J. M. Memoir: Practical state continuity for protected modules. In IEEE Symposium on Security and Privacy (S&P) (2011).

Digital Library

[36]

Schmitz, J., Loew, J., Elwell, J., Ponomarev, D., and Abu-Ghazaleh, N. B. TPM-SIM: A Framework for Performance Evaluation of Trusted Platform Modules. In ACM Design Automation Conference (DAC) (2011).

Digital Library

[37]

Shoup, V. A Proposal for an ISO Standard for Public Key Encryption. Version 2.1, 2001. Available at www.shoup.net.

[38]

Shoup, V. OAEP Reconsidered. In Advances in Cryptology (CRYPTO) (2001). Available at www.shoup.net.

Digital Library

[39]

Smith, S. W., and Weingart, S. "building a high-performance, programmable secure coprocessor". Computer Networks (1999).

Digital Library

[40]

Song, D., Shi, E., Fischer, I., and Shankar, U. Cloud data protection for the masses. IEEE Computer (2012).

Digital Library

[41]

Suh, G. E., O'Donnell, C. W., and Devadas, S. AEGIS: A Single-Chip Secure Processor. Information Security Technical Report (2005).

Digital Library

[42]

Symantec. Symantec-Sponsored Ponemon Report Finds Negligent Employees Top Cause of Data Breaches in the U.S. While Malicious Attacks Most Costly, 2012. Available at www.symantec.com.

[43]

Taylor, G., and Cox, G. Behind Intel's New Random-Number Generator. IEEE Spectrum (2011). Available at http://spectrum.ieee.org.

[44]

Tuyls, P., Schrijen, G.-J., Skoric, B., van Geloven, J., Verhaegh, N., and Wolters, R. Read-Proof Hardware from Protective Coatings. In Cryptographic Hardware and Embedded Systems (CHES) (2006).

Digital Library

[45]

Vasudevan, A., McCune, J., Newsome, J., Perrig, A., and van Doorn, L. CARMA: A Hardware Tamper-Resistant Isolated Execution Environment on Commodity x86 Platforms. In ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2012).

Digital Library

[46]

Virtutech. Simics x86--440BX Target Guide, 2010.

[47]

Wang, Y., kei Yu, W., Wu, S., Malysa, G., Suh, G. E., and Kan, E. C. Flash Memory for Ubiquitous Hardware Security Functions: True Random Number Generation and Device Fingerprints. In IEEE Symposium on Security and Privacy (S&P) (2012).

Digital Library

[48]

Williams, P., and Boivie, R. CPU Support for Secure Executables. In Trust and Trustworthy Computing (2011).

Digital Library

Cited By

Xie YBuchman A(2022)A survey for Communication security of the embedded systemCarpathian Journal of Electronic and Computer Engineering10.2478/cjece-2021-000914:2(15-19)Online publication date: 21-Jan-2022
https://doi.org/10.2478/cjece-2021-0009
Zhao MGao MKozyrakis CFalsafi BFerdman MLu SWenisch T(2022)ShEF: shielded enclaves for cloud FPGAsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507733(1070-1085)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507733
Wang JLi ALi HLu CZhang N(2022)RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833604(352-369)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833604
Show More Cited By

Index Terms

OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms

Recommendations

Oasis Digital Signature Services: Digital Signing without the Headaches

Digital signatures have yet to obtain widespread adoption--not least because key management can be burdensome and often requires the use of special smart-card devices to ensure the keys' security. To face these issues and simplify digital signature use, ...
Oasis

The network bottleneck incurred by big data process and transfer has increasingly become a severe problem in today's data center and cloud. Exploring and exploiting the advantages of both the scalable object storage architecture and intelligent active ...
Compile-time function memoization
CC 2017: Proceedings of the 26th International Conference on Compiler Construction

Memoization is the technique of saving the results of computations so that future executions can be omitted when the same inputs repeat. Recent work showed that memoization can be applied to dynamically linked pure functions using a load-time technique ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
796
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)2

Reflects downloads up to 22 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xie YBuchman A(2022)A survey for Communication security of the embedded systemCarpathian Journal of Electronic and Computer Engineering10.2478/cjece-2021-000914:2(15-19)Online publication date: 21-Jan-2022
https://doi.org/10.2478/cjece-2021-0009
Zhao MGao MKozyrakis CFalsafi BFerdman MLu SWenisch T(2022)ShEF: shielded enclaves for cloud FPGAsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507733(1070-1085)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507733
Wang JLi ALi HLu CZhang N(2022)RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833604(352-369)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833604
Bolat ACelik SOlgun AErgin OOttavi M(2022)ERIC: An Efficient and Practical Software Obfuscation Framework2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00053(466-474)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00053
Khan NNitzsche SLopez ABecker J(2021)Utilizing and Extending Trusted Execution Environment in Heterogeneous SoCs for a Pay-Per-Device IP Licensing SchemeIEEE Transactions on Information Forensics and Security10.1109/TIFS.2021.305877716(2548-2563)Online publication date: 2021
https://doi.org/10.1109/TIFS.2021.3058777
Casalicchio EGualandi G(2021)ASiMOVFuture Generation Computer Systems10.1016/j.future.2020.09.003115:C(213-235)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1016/j.future.2020.09.003
Zhao SZhang QQin YFeng WFeng DCavallaro LKinder JWang XKatz J(2019)SecTEEProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3363205(1723-1740)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3363205
Stancu FTranca DChiroiu M(2019)TIO - Secure Input/Output for Intel SGX Enclaves2019 International Workshop on Secure Internet of Things (SIOT)10.1109/SIOT48044.2019.9637105(1-9)Online publication date: 26-Sep-2019
https://doi.org/10.1109/SIOT48044.2019.9637105
Volos SVaswani KBruno RArpaci-Dusseau AVoelker G(2018)GravitonProceedings of the 13th USENIX conference on Operating Systems Design and Implementation10.5555/3291168.3291219(681-696)Online publication date: 8-Oct-2018
https://dl.acm.org/doi/10.5555/3291168.3291219
Sepulveda JWillgerodt FPehl MChen DHomayoun HTaskin B(2018)SEPUFSoCProceedings of the 2018 Great Lakes Symposium on VLSI10.1145/3194554.3194562(39-44)Online publication date: 30-May-2018
https://dl.acm.org/doi/10.1145/3194554.3194562
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten