Tobias Cloosters, Sebastian Surminski, Gerrit Sangel, Lucas Davi
{"title":"Salsa: SGX直播应用认证","authors":"Tobias Cloosters, Sebastian Surminski, Gerrit Sangel, Lucas Davi","doi":"10.1109/SecDev53368.2022.00019","DOIUrl":null,"url":null,"abstract":"Intel SGX is a hardware-based security feature that allows executing software in enclaves that are strongly isolated from the operating system and applications. Even if an attacker gains full control over the system, it is not possible to inspect these enclaves. This makes SGX enclaves an adequate solution for storing and processing highly sensitive data, such as encryption keys. However, recent research demonstrates that enclaves are still highly vulnerable to standard software exploitation attacks. While SGX features static attestation, i.e., allowing validation of the integrity of the program code and data in the enclave, static attestation cannot cope with run-time attacks such as return-oriented programming. We present Salsa, the first solution to allow control-flow attestation of SGX enclaves. To show its applicability, we leverage Salsa to implement a video streaming service that uses an SGX enclave to decode the video stream. When a compromise of the SGX enclave is detected, the streaming of the video stops instantly. In the evaluation, we demonstrate that the performance of this setup is sufficiently efficient to attest a live video streaming service.","PeriodicalId":407946,"journal":{"name":"2022 IEEE Secure Development Conference (SecDev)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Salsa: SGX Attestation for Live Streaming Applications\",\"authors\":\"Tobias Cloosters, Sebastian Surminski, Gerrit Sangel, Lucas Davi\",\"doi\":\"10.1109/SecDev53368.2022.00019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intel SGX is a hardware-based security feature that allows executing software in enclaves that are strongly isolated from the operating system and applications. Even if an attacker gains full control over the system, it is not possible to inspect these enclaves. This makes SGX enclaves an adequate solution for storing and processing highly sensitive data, such as encryption keys. However, recent research demonstrates that enclaves are still highly vulnerable to standard software exploitation attacks. While SGX features static attestation, i.e., allowing validation of the integrity of the program code and data in the enclave, static attestation cannot cope with run-time attacks such as return-oriented programming. We present Salsa, the first solution to allow control-flow attestation of SGX enclaves. To show its applicability, we leverage Salsa to implement a video streaming service that uses an SGX enclave to decode the video stream. When a compromise of the SGX enclave is detected, the streaming of the video stops instantly. In the evaluation, we demonstrate that the performance of this setup is sufficiently efficient to attest a live video streaming service.\",\"PeriodicalId\":407946,\"journal\":{\"name\":\"2022 IEEE Secure Development Conference (SecDev)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Secure Development Conference (SecDev)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SecDev53368.2022.00019\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Secure Development Conference (SecDev)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SecDev53368.2022.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Salsa: SGX Attestation for Live Streaming Applications
Intel SGX is a hardware-based security feature that allows executing software in enclaves that are strongly isolated from the operating system and applications. Even if an attacker gains full control over the system, it is not possible to inspect these enclaves. This makes SGX enclaves an adequate solution for storing and processing highly sensitive data, such as encryption keys. However, recent research demonstrates that enclaves are still highly vulnerable to standard software exploitation attacks. While SGX features static attestation, i.e., allowing validation of the integrity of the program code and data in the enclave, static attestation cannot cope with run-time attacks such as return-oriented programming. We present Salsa, the first solution to allow control-flow attestation of SGX enclaves. To show its applicability, we leverage Salsa to implement a video streaming service that uses an SGX enclave to decode the video stream. When a compromise of the SGX enclave is detected, the streaming of the video stops instantly. In the evaluation, we demonstrate that the performance of this setup is sufficiently efficient to attest a live video streaming service.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
