skip to main content
research-article
Public Access

Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services

Published:25 March 2016Publication History
Skip Abstract Section

Abstract

Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of replacing them. By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents. We extensively evaluate Sego's performance on real workloads and implement a kernel fault injector to validate Sego's file system-agnostic crash consistency and recovery protocol.

References

  1. DokuWiki. https://www.dokuwiki.org/.Google ScholarGoogle Scholar
  2. HPC Graph Analysis. http://www.graphanalysis.org/benchmark/.Google ScholarGoogle Scholar
  3. Intel Trusted Execution Technology. http://www.intel.com/technology/security/.Google ScholarGoogle Scholar
  4. OpenLDAP. http://www.openldap.org/.Google ScholarGoogle Scholar
  5. Intel SHA Extensions, 2013. https://software.intel.com/en-us/articles/intel-sha-extensions.Google ScholarGoogle Scholar
  6. AES-GCM Encryption Performance on Intel Xeon E5 v3 Processors, 2015. https://software.intel.com/en-us/articles/aes-gcm-encryption-performance-on-intel-xeon-e5-v3-processors.Google ScholarGoogle Scholar
  7. AES-NI SSL performance, 2015. https://calomel.org/aesni_ssl_performance.html.Google ScholarGoogle Scholar
  8. FlashArray//m Technical Specs, 2015. http://www.purestorage.com/products/technical-specifications/.Google ScholarGoogle Scholar
  9. Samsung V-NAND SSD, 2015. http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/ssd850pro/specifications.html.Google ScholarGoogle Scholar
  10. Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, and Daniel Starin. Persona: an online social network with user-defined privacy. In SIGCOMM, 2009.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Andrew Baumann, Marcus Peinado, and Galen Hunt. Shielding applications from an untrusted cloud with haven. In OSDI, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Stephen Checkoway and Hovav Shacham. Iago attacks: Why the system call API is a bad untrusted RPC interface. In ASPLOS, March 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Peter M. Chen, Wee Teck Ng, Subhachandra Chandra, Christopher Aycock, and David Rajamani, Gurushankarand Lowell. The rio file cache: Surviving operating system crashes. In ASPLOS, pages 74--83, 1996.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffery Dwoskin, and Dan R. K. Ports. Overshadow: A virtualization- based approach to retrofitting protection in commodity operating systems. In ASPLOS, May 2008.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Andy Chou, Junfeng Yang, Benjamin Chelf, Seth Hallem, and Dawson Engler. An empirical study of operating systems errors. In SOSP, pages 73--88, 2001.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. John Criswell. Secure virtual architecture: security for commodity software systems. PhD thesis, University of Illinois at Urbana-Champaign, 2014.Google ScholarGoogle Scholar
  17. John Criswell, Nathan Dautenhahn, and Vikram Adve. Virtual Ghost: Protecting Applications from Hostile Operating Systems. In ASPLOS, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Tim Dierks and Eric Rescorla. RFC 5246: The Transport Layer Security (TLS) Protocol: Version 1.2. http://tools.ietf.org/html/rfc5246, 2008.Google ScholarGoogle Scholar
  19. Jaeyoung Do, Yang-Suk Kee, Jignesh M. Patel, Chanik Park, Kwanghyun Park, and David J. DeWitt. Query processing on smart ssds: Opportunities and challenges. In ACM International Conference on Management of Data (SIGMOD), 2013.Google ScholarGoogle Scholar
  20. Morris Dworkin. NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf, 2007.Google ScholarGoogle Scholar
  21. Frank Ch. Eigler. Problem solving with systemtap. In The Ottawa Linux Symposium, pages 261--268, 2006.Google ScholarGoogle Scholar
  22. Ariel J Feldman, Aaron Blankstein, Michael J Freedman, and Edward W Felten. Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider. In USENIX Security, 2012.Google ScholarGoogle Scholar
  23. Owen S. Hofmann, Sangman Kim, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel. InkTag: Secure Applications on an Untrusted Operating System. In ASPLOS, 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Intel Corporation. Software Guard Extensions Programming Reference, 2015. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf.Google ScholarGoogle Scholar
  25. Yanlin Li, Adrian Perrig, Jonathan McCune, James Newsome, Brandon Baker, and Will Drewry. MiniBox: A two-way sandbox for x86 native code. Technical Report CMU-CyLab-14-001, CyLab, Carnegia Mellon University, 2014.Google ScholarGoogle Scholar
  26. Lanyue Lu, Andrea C Arpaci-Dusseau, Remzi H Arpaci-Dusseau, and Shan Lu. A study of linux file system evolution. In FAST, pages 31--44, 2013.Google ScholarGoogle Scholar
  27. Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE S&P, May 2010.Google ScholarGoogle Scholar
  28. Gil Neiger, Amy Santoni, Felix Leung, Dion Rodgers, and Rich Uhlig. Intel virtualization technology: Hardware support for efficient processor virtualization. In Intel Technology Journal, volume 10, 2006.Google ScholarGoogle ScholarCross RefCross Ref
  29. Nicolas Palix, Gael Thomas, Suman Saha, Christophe Calves, Julia Lawall, and Gilles Muller. Faults in linux: Ten years later. In ASPLOS, pages 305--318, 2011.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Jianbao Ren, Yong Qi, Yuehua Dai, Xiaoguang Wang, and Yi Shi. Appsec: A safe execution environment for security sensitive applications. In VEE, 2015.Google ScholarGoogle Scholar
  31. Mendel Rosenblum and John K. Ousterhout. The design and implementation of a log-structured file system. ACM Trans. Comput. Syst., 10(1), February 1992.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. Using ARM trustzone to build a trusted language run- time for mobile applications. In ASPLOS, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Adam Sweeney, Doug Doucette, Wei Hu, Curtis Anderson, Mike Nishimoto, and Geoff Peck. Scalability in the xfs file system. In USENIX ATC, 1996.Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Michael M. Swift, Brian N. Bershad, and Henry M. Levy. Improving the reliability of commodity operating systems. In SOSP, pages 207--222, 2003.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Xiaoguang Wang, Yue Chen, Zhi Wang, Yong Qi, and Yajin Zhou. Secpod: a framework for virtualization-based security systems. In USENIX ATC, 2015.Google ScholarGoogle Scholar
  36. Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE S&P, 2015.Google ScholarGoogle Scholar
  37. Jisoo Yang and Kang G. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In VEE, pages 71--80, 2008.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Takeshi Yoshimura, Hiroshi Yamada, and Kenji Kono. Is linux kernel oops useful or not. In HotDep, 2012.Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Kim Zetter. Hacking team leak shows how secretive zero-day exploit sales work. Wired, 2015.Google ScholarGoogle Scholar

Index Terms

  1. Sego: Pervasive Trusted Metadata for Efficiently Verified Untrusted System Services

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 51, Issue 4
        ASPLOS '16
        April 2016
        774 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/2954679
        • Editor:
        • Andy Gill
        Issue’s Table of Contents
        • cover image ACM Conferences
          ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems
          March 2016
          824 pages
          ISBN:9781450340915
          DOI:10.1145/2872362
          • General Chair:
          • Tom Conte,
          • Program Chair:
          • Yuanyuan Zhou

        Copyright © 2016 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 25 March 2016

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!