SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Stefan Steinegger; David Schrammel; Samuel Weiser; Pascal Nasahl; Stefan Mangard

doi:10.1007/978-3-030-88428-4_19

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Stefan Steinegger^*, David Schrammel, Samuel Weiser, Pascal Nasahl, Stefan Mangard

^*Korrespondierende/r Autor/-in für diese Arbeit

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Isolation is a long-standing security challenge. Privilege rings and virtual memory are increasingly augmented with capabilities, protection keys, and powerful enclaves. Moreover, we are facing an increased need for physical protection, e.g., via transparent memory encryption, resulting in a complex interplay of various security mechanisms. In this work, we tackle the isolation challenge with a new extensible isolation primitive called authenticryption shield that unifies various isolation policies. By using authenticated memory encryption, we streamline the security reasoning towards cryptographic guarantees. We showcase the versatility of our approach by designing and prototyping SERVAS – a novel enclave architecture for RISC-V. SERVAS facilitates a new efficient and secure enclave memory sharing mechanism. While the memory encryption constitutes the main overhead, invoking SERVAS enclave requires only 3.5x of a simple syscall instead of 71x for Intel SGX.

Originalsprache	englisch
Titel	Computer Security – ESORICS 2021
Untertitel	26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II
Redakteure/-innen	Elisa Bertino, Haya Shulman, Michael Waidner
Erscheinungsort	Cham
Herausgeber (Verlag)	Springer
Seiten	370-391
Seitenumfang	22
ISBN (Print)	978-3-030-88427-7
DOIs	https://doi.org/10.1007/978-3-030-88428-4_19
Publikationsstatus	Veröffentlicht - 2 Okt. 2021
Veranstaltung	26th European Symposium on Research in Computer Security: ESORICS 2021 - Darmstadt Dauer: 4 Okt. 2021 → 8 Okt. 2021

Publikationsreihe

Name	Lecture Notes in Computer Science
Band	12973

Konferenz

Konferenz	26th European Symposium on Research in Computer Security
Kurztitel	ESORICS 2021
Ort	Darmstadt
Zeitraum	4/10/21 → 8/10/21

ASJC Scopus subject areas

Theoretische Informatik
Informatik (insg.)

Zugriff auf Dokument

10.1007/978-3-030-88428-4_19

Steinegger2021_Chapter_SERVASSecureEnclavesViaRISC-VA

Andere Dateien und Links

http://www.scopus.com/inward/record.url?scp=85117082918&partnerID=8YFLogxK

Espresso - Skalierbare hardware-gesicherte authentifizierung und Personalisierung intelligenter Sensorknoten
Mangard, S.
1/05/18 → 31/10/20
Projekt: Forschungsprojekt
Data Security - KC - KD-07 Skalierbare Knowledge-Discovery-Komponenten
Mangard, S.
1/07/17 → 30/11/20
Projekt: Forschungsprojekt
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
Mangard, S.
1/09/16 → 31/08/21
Projekt: Forschungsprojekt

Dieses zitieren

Steinegger, S., Schrammel, D., Weiser, S., Nasahl, P., & Mangard, S. (2021). SERVAS! Secure Enclaves via RISC-V Authenticryption Shield. in E. Bertino, H. Shulman, & M. Waidner (Hrsg.), Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II (S. 370-391). (Lecture Notes in Computer Science; Band 12973). Springer. https://doi.org/10.1007/978-3-030-88428-4_19

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield. / Steinegger, Stefan; Schrammel, David; Weiser, Samuel et al.
Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Hrsg. / Elisa Bertino; Haya Shulman; Michael Waidner. Cham: Springer, 2021. S. 370-391 (Lecture Notes in Computer Science; Band 12973).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Steinegger, S, Schrammel, D, Weiser, S, Nasahl, P & Mangard, S 2021, SERVAS! Secure Enclaves via RISC-V Authenticryption Shield. in E Bertino, H Shulman & M Waidner (Hrsg.), Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Lecture Notes in Computer Science, Bd. 12973, Springer, Cham, S. 370-391, 26th European Symposium on Research in Computer Security, Darmstadt, 4/10/21. https://doi.org/10.1007/978-3-030-88428-4_19

Steinegger S, Schrammel D, Weiser S, Nasahl P, Mangard S. SERVAS! Secure Enclaves via RISC-V Authenticryption Shield. in Bertino E, Shulman H, Waidner M, Hrsg., Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Cham: Springer. 2021. S. 370-391. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-88428-4_19

Steinegger, Stefan ; Schrammel, David ; Weiser, Samuel et al. / SERVAS! Secure Enclaves via RISC-V Authenticryption Shield. Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Hrsg. / Elisa Bertino ; Haya Shulman ; Michael Waidner. Cham : Springer, 2021. S. 370-391 (Lecture Notes in Computer Science).

@inproceedings{b056dc1b91aa45e68a260b40f8345c60,

title = "SERVAS! Secure Enclaves via RISC-V Authenticryption Shield",

abstract = "Isolation is a long-standing security challenge. Privilege rings and virtual memory are increasingly augmented with capabilities, protection keys, and powerful enclaves. Moreover, we are facing an increased need for physical protection, e.g., via transparent memory encryption, resulting in a complex interplay of various security mechanisms. In this work, we tackle the isolation challenge with a new extensible isolation primitive called authenticryption shield that unifies various isolation policies. By using authenticated memory encryption, we streamline the security reasoning towards cryptographic guarantees. We showcase the versatility of our approach by designing and prototyping SERVAS – a novel enclave architecture for RISC-V. SERVAS facilitates a new efficient and secure enclave memory sharing mechanism. While the memory encryption constitutes the main overhead, invoking SERVAS enclave requires only 3.5x of a simple syscall instead of 71x for Intel SGX.",

author = "Stefan Steinegger and David Schrammel and Samuel Weiser and Pascal Nasahl and Stefan Mangard",

year = "2021",

month = oct,

day = "2",

doi = "10.1007/978-3-030-88428-4_19",

language = "English",

isbn = "978-3-030-88427-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "370--391",

editor = "Elisa Bertino and Haya Shulman and Michael Waidner",

booktitle = "Computer Security – ESORICS 2021",

note = "26th European Symposium on Research in Computer Security : ESORICS 2021, ESORICS 2021 ; Conference date: 04-10-2021 Through 08-10-2021",

}

TY - GEN

T1 - SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

AU - Steinegger, Stefan

AU - Schrammel, David

AU - Weiser, Samuel

AU - Nasahl, Pascal

AU - Mangard, Stefan

PY - 2021/10/2

Y1 - 2021/10/2

N2 - Isolation is a long-standing security challenge. Privilege rings and virtual memory are increasingly augmented with capabilities, protection keys, and powerful enclaves. Moreover, we are facing an increased need for physical protection, e.g., via transparent memory encryption, resulting in a complex interplay of various security mechanisms. In this work, we tackle the isolation challenge with a new extensible isolation primitive called authenticryption shield that unifies various isolation policies. By using authenticated memory encryption, we streamline the security reasoning towards cryptographic guarantees. We showcase the versatility of our approach by designing and prototyping SERVAS – a novel enclave architecture for RISC-V. SERVAS facilitates a new efficient and secure enclave memory sharing mechanism. While the memory encryption constitutes the main overhead, invoking SERVAS enclave requires only 3.5x of a simple syscall instead of 71x for Intel SGX.

AB - Isolation is a long-standing security challenge. Privilege rings and virtual memory are increasingly augmented with capabilities, protection keys, and powerful enclaves. Moreover, we are facing an increased need for physical protection, e.g., via transparent memory encryption, resulting in a complex interplay of various security mechanisms. In this work, we tackle the isolation challenge with a new extensible isolation primitive called authenticryption shield that unifies various isolation policies. By using authenticated memory encryption, we streamline the security reasoning towards cryptographic guarantees. We showcase the versatility of our approach by designing and prototyping SERVAS – a novel enclave architecture for RISC-V. SERVAS facilitates a new efficient and secure enclave memory sharing mechanism. While the memory encryption constitutes the main overhead, invoking SERVAS enclave requires only 3.5x of a simple syscall instead of 71x for Intel SGX.

UR - http://www.scopus.com/inward/record.url?scp=85117082918&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-88428-4_19

DO - 10.1007/978-3-030-88428-4_19

M3 - Conference paper

SN - 978-3-030-88427-7

T3 - Lecture Notes in Computer Science

SP - 370

EP - 391

BT - Computer Security – ESORICS 2021

A2 - Bertino, Elisa

A2 - Shulman, Haya

A2 - Waidner, Michael

PB - Springer

CY - Cham

T2 - 26th European Symposium on Research in Computer Security

Y2 - 4 October 2021 through 8 October 2021

ER -

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Abstract

Publikationsreihe

Konferenz

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Projekte

Espresso - Skalierbare hardware-gesicherte authentifizierung und Personalisierung intelligenter Sensorknoten

Data Security - KC - KD-07 Skalierbare Knowledge-Discovery-Komponenten

EU - SOPHIA - Absicherung von Software gegen Physische Angriffe

Dieses zitieren