File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: Uranus: Simple, Efficient SGX Programming and its Applications

TitleUranus: Simple, Efficient SGX Programming and its Applications
Authors
Issue Date2020
PublisherAssociation for Computing Machinery.
Citation
Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (AsiaACCS '20), Taipei, Taiwan, 5-9 October 2020, p. 826-840 How to Cite?
AbstractApplications written in Java have strengths to tackle diverse threats in public clouds, but these applications are still prone to privileged attacks when processing plaintext data. Intel SGX is powerful to tackle these attacks, and traditional SGX systems rewrite a Java application's sensitive functions, which process plaintext data, using C/C++ SGX API. Although this code-rewrite approach achieves good efficiency and a small TCB, it requires SGX expert knowledge and can be tedious and error-prone. To tackle the limitations of rewriting Java to C/C++, recent SGX systems propose a code-reuse approach, which runs a default JVM in an SGX enclave to execute the sensitive Java functions. However, both recent study and this paper find that running a default JVM in enclaves incurs two major vulnerabilities, Iago attacks, and control flow leakage of sensitive functions, due to the usage of OS features in JVM. In this paper, Uranus creates easy-to-use Java programming abstractions for application developers to annotate sensitive functions, and Uranus automatically runs these functions in SGX at runtime. Uranus effectively tackles the two major vulnerabilities in the code-reuse approach by presenting two new protocols: 1) a Java bytecode attestation protocol for dynamically loaded functions; and 2) an OS-decoupled, efficient GC protocol optimized for data-handling applications running in enclaves. We implemented Uranus in Linux and applied it to two diverse data-handling applications: Spark and ZooKeeper. Evaluation shows that: 1) Uranus achieves the same security guarantees as two relevant SGX systems for these two applications with only a few annotations; 2) Uranus has reasonable performance overhead compared to the native, insecure applications; and 3) Uranus defends against privileged attacks. Uranus source code and evaluation results are released on https://github.com/hku-systems/uranus.
DescriptionSession 15: Hardware-based Security & Applications
Persistent Identifierhttp://hdl.handle.net/10722/290706
ISBN

 

DC FieldValueLanguage
dc.contributor.authorJiang, J-
dc.contributor.authorChen, X-
dc.contributor.authorLi, TO-
dc.contributor.authorWang, C-
dc.contributor.authorShen, T-
dc.contributor.authorZhao, S-
dc.contributor.authorCui, H-
dc.contributor.authorWang, CL-
dc.contributor.authorZhang, FW-
dc.date.accessioned2020-11-02T05:45:58Z-
dc.date.available2020-11-02T05:45:58Z-
dc.date.issued2020-
dc.identifier.citationProceedings of the 15th ACM Asia Conference on Computer and Communications Security (AsiaACCS '20), Taipei, Taiwan, 5-9 October 2020, p. 826-840-
dc.identifier.isbn9781450367509-
dc.identifier.urihttp://hdl.handle.net/10722/290706-
dc.descriptionSession 15: Hardware-based Security & Applications-
dc.description.abstractApplications written in Java have strengths to tackle diverse threats in public clouds, but these applications are still prone to privileged attacks when processing plaintext data. Intel SGX is powerful to tackle these attacks, and traditional SGX systems rewrite a Java application's sensitive functions, which process plaintext data, using C/C++ SGX API. Although this code-rewrite approach achieves good efficiency and a small TCB, it requires SGX expert knowledge and can be tedious and error-prone. To tackle the limitations of rewriting Java to C/C++, recent SGX systems propose a code-reuse approach, which runs a default JVM in an SGX enclave to execute the sensitive Java functions. However, both recent study and this paper find that running a default JVM in enclaves incurs two major vulnerabilities, Iago attacks, and control flow leakage of sensitive functions, due to the usage of OS features in JVM. In this paper, Uranus creates easy-to-use Java programming abstractions for application developers to annotate sensitive functions, and Uranus automatically runs these functions in SGX at runtime. Uranus effectively tackles the two major vulnerabilities in the code-reuse approach by presenting two new protocols: 1) a Java bytecode attestation protocol for dynamically loaded functions; and 2) an OS-decoupled, efficient GC protocol optimized for data-handling applications running in enclaves. We implemented Uranus in Linux and applied it to two diverse data-handling applications: Spark and ZooKeeper. Evaluation shows that: 1) Uranus achieves the same security guarantees as two relevant SGX systems for these two applications with only a few annotations; 2) Uranus has reasonable performance overhead compared to the native, insecure applications; and 3) Uranus defends against privileged attacks. Uranus source code and evaluation results are released on https://github.com/hku-systems/uranus.-
dc.languageeng-
dc.publisherAssociation for Computing Machinery.-
dc.relation.ispartofProceedings of the 15th ACM Asia Conference on Computer and Communications Security (AsiaACCS '20)-
dc.rightsProceedings of the 15th ACM Asia Conference on Computer and Communications Security (AsiaACCS '20). Copyright © Association for Computing Machinery.-
dc.titleUranus: Simple, Efficient SGX Programming and its Applications-
dc.typeConference_Paper-
dc.identifier.emailCui, H: heming@cs.hku.hk-
dc.identifier.emailWang, CL: clwang@cs.hku.hk-
dc.identifier.authorityCui, H=rp02008-
dc.identifier.authorityWang, CL=rp00183-
dc.description.naturelink_to_OA_fulltext-
dc.identifier.doi10.1145/3320269.3384763-
dc.identifier.hkuros318346-
dc.identifier.spage826-
dc.identifier.epage840-
dc.publisher.placeNew York, NY-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats