N. C. Will, Tiago Heinrich, Amanda B. Viescinski, C. Maziero
{"title":"使用硬件包的可信进程间通信","authors":"N. C. Will, Tiago Heinrich, Amanda B. Viescinski, C. Maziero","doi":"10.1109/SysCon48628.2021.9447066","DOIUrl":null,"url":null,"abstract":"Inter-Process Communication (IPC) enables applications to share information in a local or distributed environment, allowing them to communicate with each other in a coordinated manner. In modern systems this mechanism is extremely important, as even local applications can run parallel tasks in multiple processes in the machine, needing to exchange information to coordinate their execution, and optimizing the exchange of data in a more efficient way. The security in IPC relies on the integrity and confidentiality of the messages exchanged in such an environment, as messages exchanged between different processes can be targeted by attacks that seek to obtain sensitive data or to manipulate the application behavior. A Trusted Execution Environment (TEE) can be used to enable an isolated execution of the IPC mechanism to mitigate such attacks. In this paper we propose the adoption of the Intel Software Guard Extensions (SGX) architecture to provide data confidentiality and integrity in message exchange between processes, by using hardware instructions and primitives to encrypt and authenticate the messages. Our approach highlights a threat model and compares the solution proposed with two other scenarios, showing a feasible solution for security and an approach that can be applied to standard IPC mechanisms with small processing overhead.","PeriodicalId":384949,"journal":{"name":"2021 IEEE International Systems Conference (SysCon)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Trusted Inter-Process Communication Using Hardware Enclaves\",\"authors\":\"N. C. Will, Tiago Heinrich, Amanda B. Viescinski, C. Maziero\",\"doi\":\"10.1109/SysCon48628.2021.9447066\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Inter-Process Communication (IPC) enables applications to share information in a local or distributed environment, allowing them to communicate with each other in a coordinated manner. In modern systems this mechanism is extremely important, as even local applications can run parallel tasks in multiple processes in the machine, needing to exchange information to coordinate their execution, and optimizing the exchange of data in a more efficient way. The security in IPC relies on the integrity and confidentiality of the messages exchanged in such an environment, as messages exchanged between different processes can be targeted by attacks that seek to obtain sensitive data or to manipulate the application behavior. A Trusted Execution Environment (TEE) can be used to enable an isolated execution of the IPC mechanism to mitigate such attacks. In this paper we propose the adoption of the Intel Software Guard Extensions (SGX) architecture to provide data confidentiality and integrity in message exchange between processes, by using hardware instructions and primitives to encrypt and authenticate the messages. Our approach highlights a threat model and compares the solution proposed with two other scenarios, showing a feasible solution for security and an approach that can be applied to standard IPC mechanisms with small processing overhead.\",\"PeriodicalId\":384949,\"journal\":{\"name\":\"2021 IEEE International Systems Conference (SysCon)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-04-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Systems Conference (SysCon)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SysCon48628.2021.9447066\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Systems Conference (SysCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SysCon48628.2021.9447066","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Trusted Inter-Process Communication Using Hardware Enclaves
Inter-Process Communication (IPC) enables applications to share information in a local or distributed environment, allowing them to communicate with each other in a coordinated manner. In modern systems this mechanism is extremely important, as even local applications can run parallel tasks in multiple processes in the machine, needing to exchange information to coordinate their execution, and optimizing the exchange of data in a more efficient way. The security in IPC relies on the integrity and confidentiality of the messages exchanged in such an environment, as messages exchanged between different processes can be targeted by attacks that seek to obtain sensitive data or to manipulate the application behavior. A Trusted Execution Environment (TEE) can be used to enable an isolated execution of the IPC mechanism to mitigate such attacks. In this paper we propose the adoption of the Intel Software Guard Extensions (SGX) architecture to provide data confidentiality and integrity in message exchange between processes, by using hardware instructions and primitives to encrypt and authenticate the messages. Our approach highlights a threat model and compares the solution proposed with two other scenarios, showing a feasible solution for security and an approach that can be applied to standard IPC mechanisms with small processing overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
