Sanctorum: A lightweight security monitor for secure enclaves

Lebedev, Ilia A.; Hogan, Kyle; Drean, Jules; Kohlbrenner, David; Lee, Dayeol; Asanovic, Krste; Song, Dawn; Devadas, Srinivas

Author(s)

Lebedev, Ilia A.; Hogan, Kyle; Drean, Jules; Kohlbrenner, David; Lee, Dayeol; ... Show more

DownloadAccepted version (384.8Kb)

Open Access Policy

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

Enclaves have emerged as a particularly compelling primitive to implement trusted execution environments: strongly isolated sensitive user-mode processes in a largely untrusted software environment. While the threat models employed by various enclave systems differ, the high-level guarantees they offer are essentially the same: attestation of an enclave's initial state, as well as a guarantee of enclave integrity and privacy in the presence of an adversary.This work describes Sanctorum, a small trusted code base (TCB), consisting of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intel's SGX. While enclaves may be implemented via unconditionally trusted hardware and microcode, as it is the case in SGX, we employ a smaller TCB principally consisting of authenticated, privileged software, which may be replaced or patched as needed. Sanctorum implements a formally verified specification for generic enclaves on an in-order multiprocessor system meeting baseline security requirements, e.g., the MIT Sanctum processor and the Keystone enclave framework. Sanctorum requires trustworthy hardware including a random number generator, a private cryptographic key pair derived via a secure bootstrapping protocol, and a robust isolation primitive to safeguard sensitive information. Sanctorum's threat model is informed by the threat model of the isolation primitive, and is suitable for adding enclaves to a variety of processor systems.

Date issued

2019-05

URI

https://hdl.handle.net/1721.1/129966

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory

Journal

2019 Design, Automation & Test in Europe Conference & Exhibition (DATE)

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

Lebedev, Ilia et al. "Sanctorum: A lightweight security monitor for secure enclaves." 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), March 2019, Florence, Italy, Institute of Electrical and Electronics Engineers, May 2019 © 2019 EDAA

Version: Author's final manuscript

ISBN

978-1-7281-0331-0

978-3-9819263-2-3

ISSN

1558-1101

Collections

MIT Open Access Articles