pith. sign in

arxiv: 1802.03530 · v1 · pith:FIMZB3W6new · submitted 2018-02-10 · 💻 cs.CR

Aurora: Providing Trusted System Services for Enclaves On an Untrusted System

classification 💻 cs.CR
keywords systemauroraclockenclavesnetworktrustedend-to-endopenssl
0
0 comments X
read the original abstract

Intel SGX provisions shielded executions for security-sensitive computation, but lacks support for trusted system services (TSS), such as clock, network and filesystem. This makes \textit{enclaves} vulnerable to Iago attacks~\cite{DBLP:conf/asplos/CheckowayS13} in the face of a powerful malicious system. To mitigate this problem, we present Aurora, a novel architecture that provides TSSes via a secure channel between enclaves and devices on top of an untrusted system, and implement two types of TSSes, i.e. clock and end-to-end network. We evaluate our solution by porting SQLite and OpenSSL into Aurora, experimental results show that SQLite benefits from a \textit{microsecond} accuracy trusted clock and OpenSSL gains end-to-end secure network with about 1ms overhead.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.