Article

ROTE: rollback protection for trusted execution

Authors:

Sinisa Matetic,

Kari Kostiainen,

Arthur Gervais,

Srdjan CapkunAuthors Info & Claims

SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

Pages 1289 - 1306

Published: 16 August 2017 Publication History

Abstract

Security architectures such as Intel SGX need protection against rollback attacks, where the adversary violates the integrity of a protected application state by replaying old persistently stored data or by starting multiple application instances. Successful rollback attacks have serious consequences on applications such as financial services. In this paper, we propose a new approach for rollback protection on SGX. The intuition behind our approach is simple. A single platform cannot efficiently prevent rollback, but in many practical scenarios, multiple processors can be enrolled to assist each other. We design and implement a rollback protection system called ROTE that realizes integrity protection as a distributed system. We construct a model that captures adversarial ability to schedule enclave execution and show that our solution achieves a strong security property: the only way to violate integrity is to reset all participating platforms to their initial state. We implement ROTE and demonstrate that distributed rollback protection can provide significantly better performance than previously known solutions based on local non-volatile memory.

References

[1]

V. Costan et al., "Intel SGX explained," in Cryptology ePrint Archive, 2016.

[2]

R. Strackx et al., "Ariadne: A minimal approach to state continuity," in USENIX Security, 2016.

[3]

R. Strackx et al., "ICE: A passive, high-speed, state-continuity scheme," in ACSAC, 2014.

[4]

B. Parno et al., "Memoir: Practical state continuity for protected modules," in IEEE S&P, 2011.

[5]

Intel, "SGX documentation: sgx_create_monotonic_counter," 2016, https://software.intel.com/en-us/node/696638.

[6]

N. Karapanos et al., "Verena: End-to-End Integrity Protection for Web Applications," in IEEE S&P, 2016.

[7]

M. van Dijk et al., "Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks," in ACM STC, 2007.

[8]

K. Kostiainen et al., "Credential Disabling from Trusted Execution Environments," in Nordsec, 2010.

[9]

M. Castro et al., "Practical Byzantine fault tolerance," in OSDI, 1999.

[10]

D. Dolev et al., "On the security of public key protocols," IEEE Transactions on information theory, 1983.

[11]

M. Pease et al., "Reaching agreement in the presence of faults," Journal of the ACM, 1980.

[12]

L. Lamport et al., "The Byzantine Generals Problem," ACM TOPLAS, 1982.

[13]

M.-W. Shih et al., "S-NFV: Securing NFV states by using SGX," in ACM SDN-NFV, 2016.

[14]

F. Schuster et al., "VC3: trustworthy Data Analytics in the Cloud Using SGX," in IEEE S&P, 2015.

[15]

M. K. Reiter, "Secure agreement protocols: Reliable and atomic group multicast in Rampart," in ACM CCS, 1994.

[16]

C. Cachin et al., Introduction to reliable and secure distributed programming. Springer, 2011.

[17]

Y. Xu et al., "Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems," in IEEE S&P, 2015.

[18]

F. Brasser et al., "Software Grand Exposure: SGX Cache Attacks are Practical," 2017, http://arxiv.org/abs/1702.07521.

[19]

M. Schwarz et al., "Malware Guard Extension: Using SGX to Conceal Cache Attacks," 2017, http://arxiv.org/abs/1702.08719.

[20]

S. Matetic et al., "Rote: Rollback protection for trusted execution," 2017, https://eprint.iacr.org/2017/048.

[21]

Intel Support Forum, "Ensuring only a single instance of Enclave," 2017, https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/709552.

[22]

S. Skorobogatov, "The bumpy road towards iPhone 5c NAND mirroring," 2016, http://arxiv.org/abs/1609.04327.

[23]

Trusted Computing Group, "Trusted Platform Module Library, Part 1: Architecture, Family 2.0," 2014.

[24]

Intel, "SGX documentation: sgx_get_trusted_time," 2016, https://software.intel.com/en-us/node/696636.

[25]

R. Strackx et al., "Idea: State-continuous transfer of state in protected-module architectures," in ESSoS, 2015.

[26]

M. Brandenburger et al., "Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory," 2017, http://arxiv.org/abs/1701.00981.

[27]

B. Schneier et al., "Secure audit logs to support computer forensics," ACM TISSEC, 1999.

[28]

D. Ma et al., "A new approach to secure logging," ACM TOS, 2008.

[29]

S. A. Crosby et al., "Efficient data structures for tamper-evident logging," in USENIX Security, 2009.

[30]

A. Sinha et al., "Continuous tamper-proof logging using tpm 2.0," in TRUST, 2014.

[31]

A. Haeberlen et al., "PeerReview: Practical Accountability for Distributed Systems," ACM OSR, 2007.

[32]

B.-G. Chun et al., "Attested append-only memory: Making adversaries stick to their word," in ACM OSR, 2007.

[33]

D. Levin et al., "TrInc: Small Trusted Hardware for Large Distributed Systems," in NSDI, 2009.

[34]

M. Correia et al., "How to tolerate half less one Byzantine nodes in practical distributed systems," in DISC, 2004.

[35]

J. Liu et al., "Scalable Byzantine Consensus via Hardware-assisted Secret Sharing," arXiv preprint arXiv:1612.04997, 2016.

[36]

R. Kapitza et al., "CheapBFT: resource-efficient byzantine fault tolerance," in EuroSys, 2012.

[37]

F. J. Meyer et al., "Consensus with dual failure modes," IEEE TPDS, 1991.

[38]

J. A. Garay et al., "A continuum of failure models for distributed computing," in PDAA, 1992.

[39]

H.-S. Siu et al., "A note on consensus on dual failure modes," IEEE TPDS, 1996.

[40]

F. Tramer et al., "Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge," 2016, http://eprint.iacr.org/2016/635.

[41]

F. Zhang et al., "Town Crier: An Authenticated Data Feed for Smart Contracts," in CCS, 2016.

[42]

N. Weichbrodt et al., "AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves," in ESORICS, 2016.

[43]

D. Gupta et al., "Using Intel Software Guard Extensions for Efficient Two-Party Secure Function Evaluation," in WAHC, 2016.

[44]

S. Brenner et al., "SecureKeeper: Confidential ZooKeeper using Intel SGX," in Middleware, 2016.

[45]

R. Pass et al., "Formal abstractions for attested execution secure processors," in Cryptology ePrint Archive, 2016.

[46]

R. Sinha et al., "Moat: Verifying Confidentiality of Enclave Programs," in CCS, 2015.

[47]

F. McKeen et al., "Innovative instructions and software model for isolated execution," in HASP@ ISCA, 2013.

[48]

"Intel Software Guard Extensions, Reference Number: 332680-002," 2015, https://software.intel.com/sites/default/files/332680-002.pdf.

[49]

S. Johnson et al., "Intel SGX: EPID provisioning and attestation services," 2016, https://software.intel.com/enus/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services.

[50]

B. Alexander, "Introduction to Intel SGX Sealing," 2016, https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing.

[51]

Intel, "Developer Zone Forums," 2016, https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/607330.

[52]

Intel, "Developer Zone Forums," 2016, "Intel 100 Series and Intel C230 Series Chipset Family Platform Controller Hub (PCH)," 2016, http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-datasheet-vol-1.html.

[53]

Intel, "Developer Zone Forums," 2016, "Intel 9 Series Chipset Family Platform Controller Hub (PCH)," 2015, http://www.intel.com/content/www/us/en/chipsets/9-series-chipset-pch-datasheet.html.

Cited By

Arun BRavindran B(2022)Scalable byzantine fault tolerance via partial decentralizationProceedings of the VLDB Endowment10.14778/3538598.353859915:9(1739-1752)Online publication date: 27-Jul-2022
https://dl.acm.org/doi/10.14778/3538598.3538599
Asvadishirehjini AKantarcioglu MMalin BJoshi AFernandez MVerma R(2022)GINNProceedings of the Twelfth ACM Conference on Data and Application Security and Privacy10.1145/3508398.3511503(4-15)Online publication date: 14-Apr-2022
https://dl.acm.org/doi/10.1145/3508398.3511503
Matetic SWüst KSchneider MKostiainen KKarame GCapkun SHeninger NTraynor P(2019)BITEProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361393(783-800)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361393
Show More Cited By

ROTE: rollback protection for trusted execution
1. Social and professional topics
  1. Computing / technology policy
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures

Recommendations

D-ward: source-end defense against distributed denial-of-service attacks
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

August 2017

1479 pages

ISBN:9781931971409

Editors:
Engin Kirda
Northeastern University
,
Thomas Ristenpart
Cornell Tech

Sponsors

Google Inc.
IBMR: IBM Research
NSF
Facebook: Facebook
CISCO

Publisher

USENIX Association

United States

Publication History

Published: 16 August 2017

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Arun BRavindran B(2022)Scalable byzantine fault tolerance via partial decentralizationProceedings of the VLDB Endowment10.14778/3538598.353859915:9(1739-1752)Online publication date: 27-Jul-2022
https://dl.acm.org/doi/10.14778/3538598.3538599
Asvadishirehjini AKantarcioglu MMalin BJoshi AFernandez MVerma R(2022)GINNProceedings of the Twelfth ACM Conference on Data and Application Security and Privacy10.1145/3508398.3511503(4-15)Online publication date: 14-Apr-2022
https://dl.acm.org/doi/10.1145/3508398.3511503
Matetic SWüst KSchneider MKostiainen KKarame GCapkun SHeninger NTraynor P(2019)BITEProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361393(783-800)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361393
Chakraborty DHanzlik LBugiel SHeninger NTraynor P(2019)simTPMProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361376(533-550)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361376
Anwar FSrivastava MJansen RPeterson P(2019)Applications and challenges in securing timeProceedings of the 12th USENIX Conference on Cyber Security Experimentation and Test10.5555/3359012.3359026(14-14)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.5555/3359012.3359026
Bailleu MThalheim JBhatotia PFetzer CHonda MVaswani KMerchant AWeatherspoon H(2019)SpeicherProceedings of the 17th USENIX Conference on File and Storage Technologies10.5555/3323298.3323315(173-190)Online publication date: 25-Feb-2019
https://dl.acm.org/doi/10.5555/3323298.3323315
Awad AKarp B(2019)Execution integrity without implicit trust of system softwareProceedings of the 4th Workshop on System Software for Trusted Execution10.1145/3342559.3365337(1-6)Online publication date: 27-Oct-2019
https://dl.acm.org/doi/10.1145/3342559.3365337
Choi JTian DHernandez GPatton CMood BShrimpton TButler KTraynor PGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)A Hybrid Approach to Secure Function Evaluation using SGXProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329835(100-113)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329835
Chen GZhang YLai TCavallaro LKinder JWang XKatz J(2019)OPERAProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3354220(2317-2331)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3354220
Chen HFu CRouhani BZhao JKoushanfar FManne SHunter HAltman E(2019)DeepAttestProceedings of the 46th International Symposium on Computer Architecture10.1145/3307650.3322251(487-498)Online publication date: 22-Jun-2019
https://dl.acm.org/doi/10.1145/3307650.3322251
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten