Building Secure Systems from Memory Enclaves
Sergey Gorbunov from University of Waterloo gave a talk at MIT on his experience building secure systems from memory enclaves. He specifically discusses two systems, ZeroTrace and StealthDB. I’ll outline the overall problem and talk about the two systems. I refer you to the individual papers for more detailed information.
The problem that they are trying to solve is the following: Suppose a user has a program and a dataset. They want to outsource the running of this program on the dataset to a malicious, untrusted, or potentially compromised infrastructure provider. Some potential use cases are outsourcing machine learning algorithms on large data sets, analyzing medical records, performing computations on genomics data, etc.
There are two main approaches that have been studied closely in research. There are cryptographic approaches and hardware solutions. For ZeroTrace and StealthDB, they use hardware solutions, specifically Intel SGX.
What is Intel SGX? It is a processor enabled with a set of encryption routines. There is an encrypted user-level memory container, but since it’s user-level, it cannot do system calls, IO, network communication, etc. There are physically encrypted pages of program code and data in memory (the container pages are encrypted and decrypted before execution), and the key is protected on the CPU and cannot be extracted.
Intel SGX provides two nice properties.
First, attestation. A party can verify that it is communicating with a program running in the encrypted container on a platform associated with a key pair. It provides local attestation (two containers running on the same node can attest each other) and remote attestation (a remote user can attest that a specific program is running inside a secure container).
Second, isolation execution. It provides confidentiality where the internal state of the program is hidden from the adversary. It also provides integrity, so an adversary cannot change execution state/data/program, and cannot modify the output of the program on a given input.
Intel SGX sounds great, but it is prone to a large number of side channel attacks mainly caused by its poor implementation, e.g. shared cache between secure enclave and untrusted CPU processes. I won’t go into detail about these problems, but you can find a comprehensive explanation in this paper.
With Intel SGX, they built a system called ZeroTrace, which provides a library of oblivious memory primitives, such as dictionaries, lists, and trees. These primitives can be instantiated in memory or disk, and the security models are flexible (semi-honest vs. malicious). The main technique that they use is oblivious RAM (ORAM).
Another system they build is StealthDB, which is an encrypted database that provides integrity and confidentiality of user data. They provide strong semantic security of encrypted data as well as allow arbitrary transactional or analytical SQL queries. It also scales to large datasets with DBMS complexity.
The main insight is to look at query execution logic as a sequence of individual operations over encrypted values, e.g. comparisons, arithmetic operations, etc. Then, the system performs only primitive operations inside the enclave on individual encrypted data type values. An overview of the system is below.
These are interesting systems that leverage Intel SGX, and they learned a lot of good lessons, such as finding the right application partitioning and that larger enclave sizes will probably not affect design choices. I would like to see more applications built using Intel SGX to better understand its capabilities.
