Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing

Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing

Hardware enclaves rely on a disjoint memory model, which maps each physical address to an enclave to achieve strong memory isolation. However, this severely limits the performance and programmability of enclave programs. While some prior work proposes enclave memory sharing, it does not provide a fo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2022-11
Hauptverfasser: Lee, Dayeol, Cheang, Kevin, Alexander, Thomas, Lu, Catherine, Gaddamadugu, Pranav, Vahldiek-Oberwagner, Anjo, Vij, Mona, Song, Dawn, Seshia, Sanjit A, Asanović, Krste
Format: Artikel
Sprache:eng
Schlagworte:
Computer Science - Cryptography and Security
Verification
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Lee, Dayeol
Cheang, Kevin
Alexander, Thomas
Lu, Catherine
Gaddamadugu, Pranav
Vahldiek-Oberwagner, Anjo
Vij, Mona
Song, Dawn
Seshia, Sanjit A
Asanović, Krste
description Hardware enclaves rely on a disjoint memory model, which maps each physical address to an enclave to achieve strong memory isolation. However, this severely limits the performance and programmability of enclave programs. While some prior work proposes enclave memory sharing, it does not provide a formal model or verification of their designs. This paper presents Cerberus, a formal approach to secure and efficient enclave memory sharing. To reduce the burden of formal verification, we compare different sharing models and choose a simple yet powerful sharing model. Based on the sharing model, Cerberus extends an enclave platform such that enclave memory can be made immutable and shareable across multiple enclaves via additional operations. We use incremental verification starting with an existing formal model called the Trusted Abstract Platform (TAP). Using our extended TAP model, we formally verify that Cerberus does not break or weaken the security guarantees of the enclaves despite allowing memory sharing. More specifically, we prove the Secure Remote Execution (SRE) property on our formal model. Finally, the paper shows the feasibility of Cerberus by implementing it in an existing enclave platform, RISC-V Keystone.
doi_str_mv 10.48550/arxiv.2209.15253
format Article
fullrecord <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2209_15253</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2720676899</sourcerecordid><originalsourceid>FETCH-LOGICAL-a529-79a387a574767e8e6233aab78c720c7bd21bf388e09243d28f3a8ab10e01fb3e3</originalsourceid><addsrcrecordid>eNotj01Pg0AURScmJja1P8CVk7gGhzcMM7gjhFpNjYt2Tx7wsDR8OUBj_73Yurqbk3vvYezBE65vlBLPaH-qkwsgQtdToOQNW4CUnmN8gDu2GoajEAICDUrJBXuPyWZkp-GFR3zd2QZrHvW97TA_8LHjO8onSxzbgidlWeUVtSNP2rzGE_EPajp75rsD2qr9ume3JdYDrf5zyfbrZB9vnO3n61scbR1UEDo6RGk0Ku3rQJOhYD6HmGmTaxC5zgrwslIaQyIEXxZgSokGM0-Q8MpMklyyx2vtRTTtbdWgPad_wulFeCaersSs8T3RMKbHbrLt_CmFeSTQgQlD-QvRllcj</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2720676899</pqid></control><display><type>article</type><title>Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Lee, Dayeol ; Cheang, Kevin ; Alexander, Thomas ; Lu, Catherine ; Gaddamadugu, Pranav ; Vahldiek-Oberwagner, Anjo ; Vij, Mona ; Song, Dawn ; Seshia, Sanjit A ; Asanović, Krste</creator><creatorcontrib>Lee, Dayeol ; Cheang, Kevin ; Alexander, Thomas ; Lu, Catherine ; Gaddamadugu, Pranav ; Vahldiek-Oberwagner, Anjo ; Vij, Mona ; Song, Dawn ; Seshia, Sanjit A ; Asanović, Krste</creatorcontrib><description>Hardware enclaves rely on a disjoint memory model, which maps each physical address to an enclave to achieve strong memory isolation. However, this severely limits the performance and programmability of enclave programs. While some prior work proposes enclave memory sharing, it does not provide a formal model or verification of their designs. This paper presents Cerberus, a formal approach to secure and efficient enclave memory sharing. To reduce the burden of formal verification, we compare different sharing models and choose a simple yet powerful sharing model. Based on the sharing model, Cerberus extends an enclave platform such that enclave memory can be made immutable and shareable across multiple enclaves via additional operations. We use incremental verification starting with an existing formal model called the Trusted Abstract Platform (TAP). Using our extended TAP model, we formally verify that Cerberus does not break or weaken the security guarantees of the enclaves despite allowing memory sharing. More specifically, we prove the Secure Remote Execution (SRE) property on our formal model. Finally, the paper shows the feasibility of Cerberus by implementing it in an existing enclave platform, RISC-V Keystone.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2209.15253</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Computer Science - Cryptography and Security ; Verification</subject><ispartof>arXiv.org, 2022-11</ispartof><rights>2022. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,780,881,27902</link.rule.ids><backlink>$$Uhttps://doi.org/10.1145/3548606.3560595$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.48550/arXiv.2209.15253$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Lee, Dayeol</creatorcontrib><creatorcontrib>Cheang, Kevin</creatorcontrib><creatorcontrib>Alexander, Thomas</creatorcontrib><creatorcontrib>Lu, Catherine</creatorcontrib><creatorcontrib>Gaddamadugu, Pranav</creatorcontrib><creatorcontrib>Vahldiek-Oberwagner, Anjo</creatorcontrib><creatorcontrib>Vij, Mona</creatorcontrib><creatorcontrib>Song, Dawn</creatorcontrib><creatorcontrib>Seshia, Sanjit A</creatorcontrib><creatorcontrib>Asanović, Krste</creatorcontrib><title>Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing</title><title>arXiv.org</title><description>Hardware enclaves rely on a disjoint memory model, which maps each physical address to an enclave to achieve strong memory isolation. However, this severely limits the performance and programmability of enclave programs. While some prior work proposes enclave memory sharing, it does not provide a formal model or verification of their designs. This paper presents Cerberus, a formal approach to secure and efficient enclave memory sharing. To reduce the burden of formal verification, we compare different sharing models and choose a simple yet powerful sharing model. Based on the sharing model, Cerberus extends an enclave platform such that enclave memory can be made immutable and shareable across multiple enclaves via additional operations. We use incremental verification starting with an existing formal model called the Trusted Abstract Platform (TAP). Using our extended TAP model, we formally verify that Cerberus does not break or weaken the security guarantees of the enclaves despite allowing memory sharing. More specifically, we prove the Secure Remote Execution (SRE) property on our formal model. Finally, the paper shows the feasibility of Cerberus by implementing it in an existing enclave platform, RISC-V Keystone.</description><subject>Computer Science - Cryptography and Security</subject><subject>Verification</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><sourceid>GOX</sourceid><recordid>eNotj01Pg0AURScmJja1P8CVk7gGhzcMM7gjhFpNjYt2Tx7wsDR8OUBj_73Yurqbk3vvYezBE65vlBLPaH-qkwsgQtdToOQNW4CUnmN8gDu2GoajEAICDUrJBXuPyWZkp-GFR3zd2QZrHvW97TA_8LHjO8onSxzbgidlWeUVtSNP2rzGE_EPajp75rsD2qr9ume3JdYDrf5zyfbrZB9vnO3n61scbR1UEDo6RGk0Ku3rQJOhYD6HmGmTaxC5zgrwslIaQyIEXxZgSokGM0-Q8MpMklyyx2vtRTTtbdWgPad_wulFeCaersSs8T3RMKbHbrLt_CmFeSTQgQlD-QvRllcj</recordid><startdate>20221114</startdate><enddate>20221114</enddate><creator>Lee, Dayeol</creator><creator>Cheang, Kevin</creator><creator>Alexander, Thomas</creator><creator>Lu, Catherine</creator><creator>Gaddamadugu, Pranav</creator><creator>Vahldiek-Oberwagner, Anjo</creator><creator>Vij, Mona</creator><creator>Song, Dawn</creator><creator>Seshia, Sanjit A</creator><creator>Asanović, Krste</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PHGZM</scope><scope>PHGZT</scope><scope>PIMPY</scope><scope>PKEHL</scope><scope>PQEST</scope><scope>PQGLB</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20221114</creationdate><title>Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing</title><author>Lee, Dayeol ; Cheang, Kevin ; Alexander, Thomas ; Lu, Catherine ; Gaddamadugu, Pranav ; Vahldiek-Oberwagner, Anjo ; Vij, Mona ; Song, Dawn ; Seshia, Sanjit A ; Asanović, Krste</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a529-79a387a574767e8e6233aab78c720c7bd21bf388e09243d28f3a8ab10e01fb3e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Verification</topic><toplevel>online_resources</toplevel><creatorcontrib>Lee, Dayeol</creatorcontrib><creatorcontrib>Cheang, Kevin</creatorcontrib><creatorcontrib>Alexander, Thomas</creatorcontrib><creatorcontrib>Lu, Catherine</creatorcontrib><creatorcontrib>Gaddamadugu, Pranav</creatorcontrib><creatorcontrib>Vahldiek-Oberwagner, Anjo</creatorcontrib><creatorcontrib>Vij, Mona</creatorcontrib><creatorcontrib>Song, Dawn</creatorcontrib><creatorcontrib>Seshia, Sanjit A</creatorcontrib><creatorcontrib>Asanović, Krste</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>ProQuest Central (New)</collection><collection>ProQuest One Academic (New)</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Middle East (New)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Applied &amp; Life Sciences</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lee, Dayeol</au><au>Cheang, Kevin</au><au>Alexander, Thomas</au><au>Lu, Catherine</au><au>Gaddamadugu, Pranav</au><au>Vahldiek-Oberwagner, Anjo</au><au>Vij, Mona</au><au>Song, Dawn</au><au>Seshia, Sanjit A</au><au>Asanović, Krste</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing</atitle><jtitle>arXiv.org</jtitle><date>2022-11-14</date><risdate>2022</risdate><eissn>2331-8422</eissn><abstract>Hardware enclaves rely on a disjoint memory model, which maps each physical address to an enclave to achieve strong memory isolation. However, this severely limits the performance and programmability of enclave programs. While some prior work proposes enclave memory sharing, it does not provide a formal model or verification of their designs. This paper presents Cerberus, a formal approach to secure and efficient enclave memory sharing. To reduce the burden of formal verification, we compare different sharing models and choose a simple yet powerful sharing model. Based on the sharing model, Cerberus extends an enclave platform such that enclave memory can be made immutable and shareable across multiple enclaves via additional operations. We use incremental verification starting with an existing formal model called the Trusted Abstract Platform (TAP). Using our extended TAP model, we formally verify that Cerberus does not break or weaken the security guarantees of the enclaves despite allowing memory sharing. More specifically, we prove the Secure Remote Execution (SRE) property on our formal model. Finally, the paper shows the feasibility of Cerberus by implementing it in an existing enclave platform, RISC-V Keystone.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2209.15253</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2022-11
issn 2331-8422
language eng
recordid cdi_arxiv_primary_2209_15253
source arXiv.org; Free E- Journals
subjects Computer Science - Cryptography and Security
Verification
title Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-16T05%3A20%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Cerberus:%20A%20Formal%20Approach%20to%20Secure%20and%20Efficient%20Enclave%20Memory%20Sharing&rft.jtitle=arXiv.org&rft.au=Lee,%20Dayeol&rft.date=2022-11-14&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2209.15253&rft_dat=%3Cproquest_arxiv%3E2720676899%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2720676899&rft_id=info:pmid/&rfr_iscdi=true