Citadel: Enclaves with Microarchitectural Isolation and Secure Shared Memory on a Speculative Out-of-Order Processor
CoRR(2023)
摘要
Enclaves or Trusted Execution Environments are trusted-hardware primitives
that make it possible to isolate and protect a sensitive program from an
untrusted operating system. Unfortunately, almost all existing enclave
platforms are vulnerable to microarchitectural side channels and transient
execution attacks, and the one academic proposal that is not does not allow
programs to interact with the outside world. We present Citadel, to our
knowledge, the first enclave platform with microarchitectural isolation to run
realistic secure programs on a speculative out-of-order multicore processor. We
show how to leverage hardware/software co-design to enable shared memory
between an enclave and an untrusted operating system while preventing
speculative transmitters between the enclave and a potential adversary. We then
evaluate our secure baseline and present further mechanisms to achieve
reasonable performance for out-of-the-box programs. Our multicore processor
runs on an FPGA and boots untrusted Linux from which users can securely launch
and interact with enclaves. To demonstrate our platform capabilities, we run a
private inference enclave that embed a small neural network trained on MNIST. A
remote user can remotely attest the enclave integrity, perform key exchange and
send encrypted input for secure evaluation. We open-source our end-to-end
hardware and software infrastructure, hoping to spark more research and bridge
the gap between conceptual proposals and FPGA prototypes.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要