research-article

Open access

OPERA: Open Remote Attestation for Intel's Secure Enclaves

Authors:

Ten-Hwang LaiAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2317 - 2331

https://doi.org/10.1145/3319535.3354220

Published: 06 November 2019 Publication History

Abstract

Intel Software Guard Extensions (SGX) remote attestation enables enclaves to authenticate hardware inside which they run, and attest the integrity of their enclave memory to the remote party. To enforce direct control of attestation, Intel mandates attestation to be verified by Intel's attestation service. This Intel-centric attestation model, however, neither protects privacy nor performs efficiently when distributed and frequent attestation is required. This paper presents OPERA, an Open Platform for Enclave Remote Attestation. Without involving Intel's attestation service while conducting attestation, OPERA is unchained from Intel, although it relies on Intel to establish a chain of trust whose anchor point is the secret rooted in SGX hardware. OPERA is open, as the implementation of its attestation service is completely open, allowing any enclave developer to run her own OPERA service, and its execution is publicly verifiable and hence trustworthy; OPERA is privacy-preserving, as the attestation service does not learn which enclave is being attested or when the attestation takes place; OPERA is performant, as it does not rely on a single-point-of-verification and also reduces the latency of verification.

Supplementary Material

WEBM File (p2317-zhang.webm)

Download
119.95 MB

References

[1]

Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. 2018. S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX. CoRR, Vol. abs/1810.06080 (2018). arxiv: 1810.06080 http://arxiv.org/abs/1810.06080

[2]

Alicloud. 2018. ECS Bare Metal Instance. https://www.alibabacloud.com/product/ebm.

[3]

Ittai Anati, Shay Gueron, Simon P Johnson, and Vincent R Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM.

[4]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association.

[5]

Michael Backes, Matteo Maffei, and Dominique Unruh. [n.d.]. Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, USA.

[6]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding Applications from an Untrusted Cloud with Haven. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). USENIX Association, Broomfield, CO.

Digital Library

[7]

K. Bhargavan, B. Blanchet, and N. Kobeissi. 2017. Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate. In 2017 IEEE Symposium on Security and Privacy (SP) .

[8]

Bruno Blanchet. 2016. Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif. Foundations and Trends in Privacy and Security, Vol. 1, 1--2 (Oct. 2016), 1--135.

Digital Library

[9]

Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct Anonymous Attestation. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04). ACM, New York, NY, USA.

Digital Library

[10]

E. Brickell and J. Li. 2010. Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation. In IEEE Second International Conference on Social Computing. 768--775.

[11]

Chia che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17). USENIX Association, Santa Clara, CA.

Digital Library

[12]

Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. 2019. Stealing Intel Secrets from SGX Enclaves via Speculative Execution. In Proceedings of the 2019 IEEE European Symposium on Security and Privacy .

[13]

Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah M. Johnson, Ari Juels, Andrew Miller, and Dawn Song. 2019. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution. In Proceedings of the 2019 IEEE European Symposium on Security and Privacy .

[14]

D. Dolev and A. C. Yao. 1981. On the Security of Public Key Protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (SFCS '81). IEEE Computer Society, Washington, DC, USA.

[15]

Fortanix. 2018. Runtime Encryption with Intel SGX. https://fortanix.com/.

[16]

Aurélien Francillon, Quan Nguyen, Kasper B. Rasmussen, and Gene Tsudik. 2014. A Minimalist Approach to Remote Attestation. In Proceedings of the Conference on Design, Automation & Test in Europe (DATE '14). European Design and Automation Association, 3001 Leuven, Belgium, Belgium.

[17]

Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using Innovative Instructions to Create Trustworthy Software Solutions. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM.

Digital Library

[18]

Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. 2016. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association.

Digital Library

[19]

Intel. 2017. Intel 64 and IA-32 Architectures Software Developer's Manual, Combined Volumes:1,2A,2B,2C,3A,3B,3C and 3D. https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1--2abcd-3abcd.pdf .

[20]

Intel. 2018. Intel Software Guard Extensions (Intel SGX) Services. https://api.portal.trustedservices.intel.com/.

[21]

Alon Jackson. 2017. Trust is in the Keys of the Beholder : Extending SGX Autonomy and Anonymity. M.Sc. dissertation. Interdisciplinary Center, Herzliya. (2017).

[22]

Simon Johnson, Vinnie Scarlata, Carlos Rozas, Ernie Brickell, and Frank Mckeen. 2016. Intel Software Guard Extensions: EPID Provisioning and Attestation Services. Technical Report. Intel, Tech. Rep. https://software.intel.com/sites/default/files/managed/57/0e/ww10--2016-sgx-provisioning-and-attestation-final.pdf.

[23]

David Kaplan, Jeremy Powell, and Tom Woller. 2016. AMD memory encryption. White paper. https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf.

[24]

Thomas Knauth, Michael Steiner, Somnath Chakrabarti, Li Lei, Cedric Xing, and Mona Vij. 2018. Integrating Remote Attestation with Transport Layer Security. CoRR, Vol. abs/1801.05863 (2018). arxiv: 1801.05863 http://arxiv.org/abs/1801.05863

[25]

Arseny Kurnikov, Klaudia Krawiecka, Andrew Paverd, Mohammad Mannan, and N. Asokan. 2018. Using SafeKeeper to Protect Web Passwords. In Companion Proceedings of the The Web Conference 2018 (WWW '18). International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland.

[26]

Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2017. SGXBOUNDS: Memory Safety for Shielded Execution. In 12th European Conference on Computer Systems. ACM.

Digital Library

[27]

Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE: Rollback Protection for Trusted Execution. In 26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC.

Digital Library

[28]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM.

[29]

Olga Ohrimenko, Felix Schuster, Cedric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious Multi-Party Machine Learning on Trusted Processors. In 25th USENIX Security Symposium. USENIX Association.

[30]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security. ACM.

Digital Library

[31]

Mark Russinovich. 2017. Introducing Azure confidential computing. https://azure.microsoft.com/en-us/blog/introducing-azure-confidential-computing/.

[32]

Vinnie Scarlata, Simon Johnson, James Beaney, and Piotr Zmijewski. 2018. Supporting Third Party Attestation for Intel SGX with Intel Data Center Attestation Primitives. (2018). https://software.intel.com/sites/default/files/managed/f1/b8/intel-sgx-support-for-third-party-attestation.pdf

[33]

F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. 2015. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 36th IEEE Symposium on Security and Privacy .

[34]

Jaebaek Seo, Byoungyoung Lee, Seongmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In The Network and Distributed System Security Symposium .

[35]

Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB Linux Applications With SGX Enclaves. In The Network and Distributed System Security Symposium .

[36]

Rohit Sinha, Sriram Rajamani, Sanjit Seshia, and Kapil Vaswani. 2015. Moat: Verifying Confidentiality of Enclave Programs. In 22nd ACM Conference on Computer and Communications Security. ACM.

Digital Library

[37]

Claudio Soriente, Ghassan Karame, Wenting Li, and Sergey Fedorov. 2019. ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud. In Proceedings of the 2019 IEEE European Symposium on Security and Privacy .

[38]

Raoul Strackx and Frank Piessens. 2016. Ariadne: A Minimal Approach to State Continuity. In 25th USENIX Security Symposium. USENIX Association.

[39]

Yogesh Swami. 2017. SGX Remote Attestation is not Sufficient. Cryptology ePrint Archive, Report 2017/736. https://eprint.iacr.org/2017/736.

[40]

Sandeep Tamrakar, Jian Liu, Andrew Paverd, Jan-Erik Ekberg, Benny Pinkas, and N. Asokan. 2017. The Circle Game: Scalable Private Membership Test Using Trusted Hardware. In ACM on Asia Conference on Computer and Communications Security. ACM.

[41]

Florian Tramer, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, and Elaine Shi. 2017. Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy .

[42]

D. Tychalas, N. G. Tsoutsos, and M. Maniatakos. 2017. SGXCrypter: IP protection for portable executables using Intel's SGX technology. In 22nd Asia and South Pacific Design Automation Conference .

[43]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD.

Digital Library

[44]

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2019. RIDL: Rogue In-flight Data Load. In 40th IEEE Symposium on Security and Privacy .

[45]

Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, and Michael Swift. 2015. A Placement Vulnerability Study in Multi-Tenant Public Clouds. In USENIX Security Symposium .

[46]

Samuel Weiser and Mario Werner. 2017. SGXIO: Generic Trusted I/O Path for Intel SGX. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17). ACM, New York, NY, USA.

Digital Library

[47]

Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. 2016. Town Crier: An Authenticated Data Feed for Smart Contracts. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA.

Digital Library

[48]

Fan Zhang, Ittay Eyal, Robert Escriva, Ari Juels, and Robbert Van Renesse. 2017. REM: Resource-Efficient Mining for Blockchains. In 26th USENIX Security Symposium. USENIX Association.

[49]

Wenting Zheng, Ankur Dave, Jethro G. Beekman, Raluca Ada Popa, Joseph E. Gonzalez, and Ion Stoica. 2017. Opaque: An Oblivious and Encrypted Distributed Analytics Platform. In 14th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association.

[50]

Guy Zyskind, Oz Nathan, and Alex Pentland. 2015. Enigma: Decentralized Computation Platform with Guaranteed Privacy. CoRR, Vol. abs/1506.03471 (2015). arxiv: 1506.03471 http://arxiv.org/abs/1506.03471

Cited By

Mosakheil JYang KQuek TGao DZhou JCardenas A(2024)SilentProof: Anonymous Authentication with Blockchain-Backed OffloadingProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637635(1361-1377)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637635
Brossard MBryant GGaabouri BFan XFerreira AEvans EHaster CJohnson EMiller DMo FMulligan DSpinale Nvan Hensbergen EVincent HXiong S(2024)Private Delegated Computations Using Strong IsolationIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2023.328173812:1(386-398)Online publication date: Jan-2024
https://doi.org/10.1109/TETC.2023.3281738
Liu DHuang CXue LZhuang WShen XYing B(2024)Collaborative and Verifiable VNF Management for Metaverse With Efficient Modular DesignsIEEE Journal on Selected Areas in Communications10.1109/JSAC.2023.334542242:3(616-628)Online publication date: Mar-2024
https://doi.org/10.1109/JSAC.2023.3345422
Show More Cited By

Index Terms

OPERA: Open Remote Attestation for Intel's Secure Enclaves
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Trusted computing

Recommendations

Formal Foundations for Intel SGX Data Center Attestation Primitives
Formal Methods and Software Engineering
Abstract
Intel has recently offered third-party attestation services, called Data Center Attestation Primitives (DCAP), for a data center to create its own attestation infrastructure. These services address the availability concerns and improve the ...
Attestation Mechanisms for Trusted Execution Environments Demystified
Distributed Applications and Interoperable Systems
Abstract
Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees the genuineness of the code executed against powerful attackers and threats, paving ...
Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
3,389
Total Downloads

Downloads (Last 12 months)464
Downloads (Last 6 weeks)75

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mosakheil JYang KQuek TGao DZhou JCardenas A(2024)SilentProof: Anonymous Authentication with Blockchain-Backed OffloadingProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637635(1361-1377)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637635
Brossard MBryant GGaabouri BFan XFerreira AEvans EHaster CJohnson EMiller DMo FMulligan DSpinale Nvan Hensbergen EVincent HXiong S(2024)Private Delegated Computations Using Strong IsolationIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2023.328173812:1(386-398)Online publication date: Jan-2024
https://doi.org/10.1109/TETC.2023.3281738
Liu DHuang CXue LZhuang WShen XYing B(2024)Collaborative and Verifiable VNF Management for Metaverse With Efficient Modular DesignsIEEE Journal on Selected Areas in Communications10.1109/JSAC.2023.334542242:3(616-628)Online publication date: Mar-2024
https://doi.org/10.1109/JSAC.2023.3345422
D'Antonio SGiglio JMazzeo GUccello FMannarino T(2024)Enhancing Healthcare Data Confidentiality through Decentralized TEE Attestation2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679402(676-681)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679402
Feng DQin YFeng WLi WShang KMa H(2024)Survey of research on confidential computingIET Communications10.1049/cmu2.12759Online publication date: 23-Apr-2024
https://doi.org/10.1049/cmu2.12759
Qi HXu MYu DCheng X(2024)SoK: Privacy-preserving smart contractHigh-Confidence Computing10.1016/j.hcc.2023.1001834:1(100183)Online publication date: Mar-2024
https://doi.org/10.1016/j.hcc.2023.100183
Mondal AGangopadhyay SChatterjee DBoyapally HMukhopadhyay D(2023) PReFeR : Physically Related Function based Remote Attestation ProtocolACM Transactions on Embedded Computing Systems10.1145/360910422:5s(1-23)Online publication date: 31-Oct-2023
https://dl.acm.org/doi/10.1145/3609104
Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Galanou ABindlish KPreibsch LPignolet YFetzer CKapitza R(2023)Trustworthy confidential virtual machines for the massesProceedings of the 24th International Middleware Conference10.1145/3590140.3629124(316-328)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629124
Yuhala PFelber PGuiroux HLozi JTchana ASchiavoni VThomas G(2023)SecVProceedings of the 24th International Middleware Conference10.1145/3590140.3629116(207-219)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629116
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents