research-article

SecureFS: A Secure File System for Intel SGX

Authors:

Smruti R. SarangiAuthors Info & Claims

RAID '21: Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses

Pages 91 - 102

https://doi.org/10.1145/3471621.3471840

Published: 07 October 2021 Publication History

Abstract

A trusted execution environment or a TEE facilitates the secure execution of an application on a remote untrusted server. In a TEE, the confidentiality, integrity, and freshness properties for the code and data hold throughout the execution. In a TEE setting, specifically Intel SGX, even the operating system (OS) is not trusted. This results in certain limitations of a secure application’s functionality, such as no access to the file system and network – as it requires OS support.

Prior works have focused on alleviating this problem by allowing an application to access the file system securely. However, we show that they are susceptible to replay attacks, where replaying an old encrypted version of a file may remain undetected. Furthermore, they do not consider the impact of Intel SGX operations on the design of the file system.

To this end, we present SecureFS, a secure, efficient, and scalable file system for Intel SGX that ensures confidentiality, integrity, and freshness of the data stored in it. SecureFS can work with unmodified binaries. SecureFS also considers the impact of Intel SGX to ensure optimal performance. We implement a prototype of SecureFS on a real Intel SGX machine. We incur a minimal overhead () over the current state-of-the-art techniques while adding freshness to the list of security guarantees.

References

[1]

2020. The LD_PRELOAD trick – Peter Goldsborough. http://www.goldsborough.me/c/low-level/kernel/2016/08/29/16-48-53-the_-ld_preload-_trick/. (Accessed on 03/21/2020).

[2]

2021. Cumulative distribution function plot > Frequency distribution > Continuous distributions > Distribution > Statistical Reference Guide | Analyse-it® 5.65 documentation. https://analyse-it.com/docs/user-guide/distribution/continuous/cdf-plot. (Accessed on 04/02/2021).

[3]

Reto Achermann. 2020. mitosis-project/mitosis-workload-btree: The BTree workload used for evaluation.https://github.com/mitosis-project/mitosis-workload-btree. (Accessed on 10/03/2020).

[4]

Reto Achermann. 2020. mitosis-project/mitosis-workload-hashjoin: The HashJoin workload used for evaluation.https://github.com/mitosis-project/mitosis-workload-hashjoin. (Accessed on 10/03/2020).

[5]

ARM. 2019. TrustZone Arm Developer. https://developer.arm.com/ip-products/security-ip/trustzone. (Accessed on 12/14/2019).

[6]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Mark L Stillwell, David Goltzsche, David Eyers, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. Osdi, 689–704.

[7]

Remzi H. Arpaci-Dusseau. [n.d.]. single.dvi. https://pages.cs.wisc.edu/~remzi/OSTEP/file-implementation.pdf. (Accessed on 06/23/2021).

[8]

S. Beamer, K. Asanovic, and D. Patterson. 2015. The GAP Benchmark Suite. ArXiv abs/1508.03619(2015).

[9]

Andries Brouwer. 2002. The FAT filesystem. https://www.win.tue.nl/~aeb/linux/fs/fat/fat.html. (Accessed on 06/23/2021).

[10]

Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1041–1056. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck

Digital Library

[11]

Dorian Burihabwa, Pascal Felber, Hugues Mercier, and Valerio Schiavoni. 2018. 2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (2018), 67–72.

[12]

Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. Security (2015), 161–176.

[13]

Chia che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In USENIX Annual Technical Conference.

[14]

Stephen Checkoway and Hovav Shacham. 2013. Iago attacks: why the system call API is a bad untrusted RPC interface. In ASPLOS.

[15]

Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016 (2016), 86.

[16]

Briand Djoko. 2021. sporgj/nexus-code: Secure cloud access/usage control using client-side SGX. https://github.com/sporgj/nexus-code. (Accessed on 03/17/2021).

[17]

Judicael B. Djoko, Jack Lange, and Adam J. Lee. 2019. NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-Side SGX. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2019), 401–413.

[18]

R. Doomun, J. Doma, and S. Tengur. 2008. AES-CBC software execution optimization. In 2008 International Symposium on Information Technology, Vol. 1. 1–8.

[19]

Graphene. [n.d.]. Manifest syntax — Graphene documentation. https://graphene.readthedocs.io/en/latest/manifest-syntax.html. (Accessed on 06/23/2021).

[20]

Johannes Gtzfried, Moritz Eckert, Sebastian Schinzel, Tilo Mller, Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache attacks on intel SGX. Proceedings of the Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, co-located with European Conference on Computer Systems, EuroSys 2017 (2017), 1–6.

Digital Library

[21]

Marti A. Hearst. 1998. Support Vector Machines. IEEE Intelligent Systems 13, 4 (July 1998), 18–28. https://doi.org/10.1109/5254.708428

Digital Library

[22]

Intel. ). Intel Software Guard Extensions. https://software.intel.com/en-us/sgx/sdk. (Accessed on 10/25/2019).

[23]

Intel. 2019. Intel SGX for Linux*. https://github.com/intel/linux-sgx. (Accessed on 09/23/2019).

[24]

Intel. 2019. Intel Software Guard Extensions | Intel Software. https://software.intel.com/en-us/sgx. (Accessed on 12/14/2019).

[25]

Sandeep Kumar, Diksha Moolchandani, Takatsugu Ono, and Smruti R. Sarangi. 2019. F-LaaS: A Control-Flow-Attack Immune License-as-a-Service Model .

[26]

Matthew Lentz, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. 2018. SeCloak: ARM Trustzone-based Mobile Peripheral Control. MobiSys 18(2018), 13.

[27]

Ximing Liu, Wenwen Wang, Lizhi Wang, Xiaoli Gong, Ziyi Zhao, and Pen-Chung Yew. 2020. Regaining Lost Seconds: Efficient Page Preloading for SGX Enclaves. Association for Computing Machinery, New York, NY, USA, 326–340. https://doi.org/10.1145/3423211.3425673

Digital Library

[28]

Marshall Kirk McKusick, George Neville-Neil, and Robert N.M. Watson. 2014. The Design and Implementation of the FreeBSD Operating System (2nd ed.). Addison-Wesley Professional.

[29]

Saurav Mohapatra. 2019. mohaps/libcatena: a simple toy blockchain written in C++ for learning purposes. https://github.com/mohaps/libcatena. (Accessed on 09/23/2019).

[30]

U.S. Department of Commerce, National Institute of Standards, and Technology. 2012. Secure Hash Standard - SHS: Federal Information Processing Standards Publication 180-4. CreateSpace Independent Publishing Platform, USA.

[31]

Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 227–240. https://www.usenix.org/conference/atc18/presentation/oleksenko

Digital Library

[32]

OpenSSL. 2019. OpenSSL. https://www.openssl.org/. (Accessed on 12/07/2019).

[33]

Paweł Marczewski,Dmitrii Kuvaiskii,Michał Kowalczyk. 2021. Performance tuning and analysis — Graphene documentation. https://graphene.readthedocs.io/en/latest/devel/performance.html. (Accessed on 03/27/2021).

[34]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX. Proceedings - IEEE Symposium on Security and Privacy 2015-July, 38–54.

Digital Library

[35]

Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2016. Preventing Page Faults from Telling Your Secrets. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (Xi’an, China) (ASIA CCS ’16). ACM, New York, NY, USA, 317–328.

Digital Library

[36]

[36] Shweta Shinde, Shengyi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, and Prateek Saxena.2019.

[37]

J. Shun and G. Blelloch. 2013. Ligra: a lightweight graph processing framework for shared memory. In PPoPP ’13.

[38]

Julian Shun and Guy E. Blelloch. 2013. Ligra: A Lightweight Graph Processing Framework for Shared Memory. SIGPLAN Not. 48, 8 (Feb. 2013), 135–146. https://doi.org/10.1145/2517327.2442530

Digital Library

[39]

[39] Shruti Tople, Ayush Jain, and Prateek Saxena.2015.

[40]

Peter Verhas. 2019. License3j: Free Licence Management Library. https://github.com/verhas/License3j. (Accessed on 11/18/2019).

[41]

Nico Weichbrodt, Pierre Louis Aublin, and Rüdiger Kapitza. 2018. SGX-Perf: A performance analysis tool for intel SGX enclaves. Proceedings of the 19th International Middleware Conference, Middleware 2018 (2018), 201–213.

Digital Library

[42]

Nico Weichbrodt, Pierre-Louis Aublin, and Rüdiger Kapitza. 2018. sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves. In Middleware.

[43]

Ofir Weisse, Valeria Bertacco, and Todd Austin. 2017. Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves. 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA), 81–93.

Digital Library

[44]

Wikipedia contributors. 2019. Strace — Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/w/index.php?title=Strace&oldid=922720825. [Online; accessed 17-November-2019].

[45]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings - IEEE Symposium on Security and Privacy, Vol. 2015-July.

Digital Library

[46]

Ning Zhang, Kun Sun, Wenjing Lou, and Y. Thomas Hou. 2016. CaSE: Cache-Assisted Secure Execution on ARM Processors. Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016 (2016).

Cited By

Pratama Hartono ABrito AFetzer C(2024)CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing2024 IEEE 17th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD62652.2024.00026(141-152)Online publication date: 7-Jul-2024
https://doi.org/10.1109/CLOUD62652.2024.00026
Feng DQin YFeng WLi WShang KMa H(2024)Survey of research on confidential computingIET Communications10.1049/cmu2.1275918:9(535-556)Online publication date: 23-Apr-2024
https://dl.acm.org/doi/10.1049/cmu2.12759
Howard HAlder FAshton EChamayou AClebsch SCosta MDelignat-Lavaud AFournet CJeffery AKerner MKounelis FKuppe MMaffre JRussinovich MWintersteiger C(2023)Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High AvailabilityProceedings of the VLDB Endowment10.14778/3626292.362630417:2(225-240)Online publication date: 1-Oct-2023
https://dl.acm.org/doi/10.14778/3626292.3626304
Show More Cited By

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
SGX-Bomb: Locking Down the Processor via Rowhammer Attack
SysTEX'17: Proceedings of the 2nd Workshop on System Software for Trusted Execution

Intel Software Guard Extensions (SGX) provides a strongly isolated memory space, known as an enclave, for a user process, ensuring confidentiality and integrity against software and hardware attacks. Even the operating system and hypervisor cannot ...
Isolating Operating System Components with Intel SGX
SysTEX '16: Proceedings of the 1st Workshop on System Software for Trusted Execution

In this paper, we present a novel approach on isolating operating system components with Intel SGX. Although SGX has not been designed to work in kernel mode, we found a way of wrapping Linux kernel functionality within SGX enclaves by moving parts of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

RAID '21: Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses

October 2021

468 pages

ISBN:9781450390583

DOI:10.1145/3471621

Program Chairs:
Leyla Bilge,
Tudor Dumitras

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 October 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Semiconductor Research Corporation

Conference

RAID '21

RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses

October 6 - 8, 2021

San Sebastian, Spain

Acceptance Rates

Overall Acceptance Rate 43 of 173 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
600
Total Downloads

Downloads (Last 12 months)176
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pratama Hartono ABrito AFetzer C(2024)CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing2024 IEEE 17th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD62652.2024.00026(141-152)Online publication date: 7-Jul-2024
https://doi.org/10.1109/CLOUD62652.2024.00026
Feng DQin YFeng WLi WShang KMa H(2024)Survey of research on confidential computingIET Communications10.1049/cmu2.1275918:9(535-556)Online publication date: 23-Apr-2024
https://dl.acm.org/doi/10.1049/cmu2.12759
Howard HAlder FAshton EChamayou AClebsch SCosta MDelignat-Lavaud AFournet CJeffery AKerner MKounelis FKuppe MMaffre JRussinovich MWintersteiger C(2023)Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High AvailabilityProceedings of the VLDB Endowment10.14778/3626292.362630417:2(225-240)Online publication date: 1-Oct-2023
https://dl.acm.org/doi/10.14778/3626292.3626304
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Zhao SHua ZXia Y(2023)SecDFS: A Secure and Decentralized File System2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS60453.2023.00097(623-630)Online publication date: 17-Dec-2023
https://doi.org/10.1109/ICPADS60453.2023.00097
Du YSong XWang Y(2023)Romeo: SGX-Based Software Anti-piracy FrameworkSecurity and Privacy in New Computing Environments10.1007/978-3-031-30623-5_10(140-155)Online publication date: 26-Apr-2023
https://doi.org/10.1007/978-3-031-30623-5_10
Parekh SDeshpande APrasanth N(2022)Time Administration of Virtual File System Operations2022 2nd International Conference on Technological Advancements in Computational Sciences (ICTACS)10.1109/ICTACS56270.2022.9987922(555-558)Online publication date: 10-Oct-2022
https://doi.org/10.1109/ICTACS56270.2022.9987922
Kumar SMoolchandani DSarangi S(2022)Hardware-assisted mechanisms to enforce control flow integrityJournal of Systems Architecture: the EUROMICRO Journal10.1016/j.sysarc.2022.102644130:COnline publication date: 1-Sep-2022
https://dl.acm.org/doi/10.1016/j.sysarc.2022.102644

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents