基于Arm机密计算架构的用户态隔离执行环境方案

近年来，随着科技的不断发展，移动设备深刻地改变了人们的生活方式，并已经成为了人们日常生活中不可缺少的一部分。移动设备上承载了大量的隐私数据，因此也成为了攻击者的瞄准目标。目前，针对移动设备的攻击层出不穷，移动设备的安全问题日益严峻。在最新的Arm v9架构中，Arm公司引入了机密计算架构，旨在为用户提供机密计算功能。在机密计算架构的设计中，用户可以创建受保护的虚拟机隔离执行环境，机密领域。机密计算架构基于底层硬件特性为机密领域提供安全保护，机密领域中运行的虚拟机可以不用相信包括虚拟机管理器在内的特权软件的安全性。然而，机密计算架构尚未提供用户态进程的隔离执行环境。为此，本文基于机密计算架构提出了一种用户态隔离执行环境方案，以此扩展机密计算架构的应用场景。

本文基于机密计算架构的硬件特性，设计了用户态隔离执行环境的隔离机制和管理方案。本文支持创建多个用户态隔离执行环境，并允许多个隔离执行环境同时执行，受保护的用户态进程可以不用相信外界不可信软件的安全性。本文实现了用户态隔离执行环境方案的系统原型，并在其上进行了功能测试和性能测试。实验结果表明，为保证应用程序的安全性，用户态隔离执行环境会为测试程序引入不超过15%的额外执行开销。

In recent years, with the increasing advancement of technology, mobile devices have greatly changed people's lifestyles and have become an important part of their daily lives. Mobile devices hold a large amount of private information and thus become the target of attackers. Currently, there are numerous attacks against mobile devices, and the security of mobile devices is becoming increasingly serious. In the latest Arm v9 architecture, Arm introduces Confidential Compute Architecture, which is designed to provide users with confidential computing capabilities. The Confidential Compute Architecture is designed to allow users to create a protected isolated execution environment for a virtual machine, Realm. The Confidential Compute Architecture provides security for the Realm based on underlying hardware features, and the Realm virtual machine can be protected from trusting the security of privileged software, including the Hypervisor. However, the current version of Confidential Compute Architecture cannot directly create isolated execution environments for user mode processes. For this reason, this thesis proposes a new user mode isolated execution environment scheme based on the Confidential Compute Architecture to extend the application scenarios of Confidential Compute Architecture.

This thesis designs an isolation and management scheme for user mode isolated execution environments based on the hardware features of the Confidential Compute Architecture. This thesis supports the creation and execution of multiple user mode isolated execution environments simultaneously, and the protected user mode processes will be protected from trusting the outside untrusted software. A system prototype of the user mode isolated execution environment scheme is implemented, and functional validation and performance evaluation are performed on the prototype. The performance results show that the user mode isolated execution environment incurs no more than 15% additional overhead for the measured applications in order to ensure the security of the applications.

[1] ARM. Arm TrustZone Technology[EB/OL]. 2021. https://developer.arm.com/ip-­products/security-­ip/trustzone.
[2] LI X, LI X, DALL C, et al. Design and Verification of the Arm Confidential Compute Architecture[C]//16th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 2022.
[3] INTEL. Intel software guard extensions[EB/OL]. 2021. https://www.intel.com/content/www/us/en/architecture­and­technology/software-­guard­-extensions/supporting­-sgx-­on-­multi-­socket­-platforms.html.
[4] RAJ H, SAROIU S, WOLMAN A, et al. fTPM: A Software-­Only Implementation of a TPM Chip[C]//25th USENIX Security Symposium (USENIX Security). 2016.
[5] SANTOS N, RAJ H, SAROIU S, et al. Using ARM TrustZone to build a trusted language runtime for mobile applications[C]//19th International Conference on Architectural Support for Programming Languages and Operating Systems (PLOS). 2014: 67­80.
[6] WAN S, SUN M, SUN K, et al. RusTEE: developing memory­-safe ARM TrustZone applications[C]//36th Annual Computer Security Applications Conference (ACSAC). 2020: 442­453.
[7] CICERO G, BIONDI A, BUTTAZZO G, et al. Reconciling security with virtualization: A dual-hypervisor design for ARM TrustZone[C]//19th IEEE International Conference on Industrial Technology (ICIT). IEEE, 2018: 1628­1633.
[8] VAN’T HOF A, NIEH J. {BlackBox}: A Container Security Monitor for Protecting Containers on Untrusted Operating Systems[C]//16th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 2022.
[9] KWON D, SEO J, CHO Y, et al. Pros: Light­weight privatized se cure oses in arm trustzone[J]. IEEE Transactions on Mobile Computing, 2019, 19(6): 1434­1447.
[10] LI W, XIA Y, LU L, et al. TEEv: virtualizing trusted execution environments on mobile plat forms[C]//15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE). 2019.
[11] Apple. Secure Enclave[EB/OL]. 2021. https://support.apple.com/guide/security/secure­enclave­sec59b0b31ff/web.
[12] Samsung. An Overview of Samsung KNOX[EB/OL]. 2013. https://imageus.samsung.com/SamsungUS/samsungbusiness/solutions/topic.
[13] ROSENBERG D. Qsee trustzone kernel integer over flow vulnerability[C]//Black Hat Conference: volume 26. 2014.
[14] SARDAR M U, MUSAEV S, FETZER C. Demystifying attestation in intel trust domain extensions via formal verification[J]. IEEE access, 2021, 9: 83067­83079.
[15] AMD Secure Encrypted Virtualization (SEV)[EB/OL]. 2021. https://developer.amd.com/sev/.
[16] COSTAN V, LEBEDEV I, DEVADAS S. Sanctum: Minimal hardware extensions for strong software isolation[C]//25th USENIX Security Symposium (USENIX Security). 2016.
[17] LEE D, KOHLBRENNER D, SHINDE S, et al. Keystone: An open framework for architecting trusted execution environments[C]//15th European Conference on Computer Systems (EuroSys). 2020.
[18] BAHMANI R, BRASSER F, DESSOUKY G, et al. CURE: A Security Architecture with CUs tomizable and Resilient Enclaves[C]//30th USENIX Security Symposium (USENIX Security). 2021.
[19] FENG E, LU X, DU D, et al. Scalable Memory Protection in the PENGLAI Enclave[C]//15th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 2021.
[20] FERRAIUOLO A, BAUMANN A, HAWBLITZEL C, et al. Komodo: Using verification to disentangle secure­enclave hardware from software[C]//26th ACM Symposium on Operating Systems Principles (SOSP). 2017.
[21] ZHAO S, ZHANG Q, QIN Y, et al. Sectee: A software­based approach to secure enclave architecture using tee[C]//26th ACM SIGSAC Conference on Computer and Communications Security (CCS). 2019.
[22] YUN M H, ZHONG L. Ginseng: Keeping Secrets in Registers When You Distrust the Operating System[C]//26th Annual Network and Distributed System Security Symposium (NDSS). 2019.
[23] GUAN L, LIU P, XING X, et al. Trustshadow: Secure execution of unmodified applications with arm trustzone[C]//15th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys). 2017.
[24] CERDEIRA D, MARTINS J, SANTOS N, et al. ReZone: Disarming TrustZone with TEE Privilege Reduction[C]//31st USENIX Security Symposium (USENIX Security). 2022.
[25] BRASSER F, GENS D, JAUERNIG P, et al. SANCTUARY: ARMing TrustZone withUser­space Enclaves[C]//26th Annual Network and Distributed System Security Symposium (NDSS). 2019.
[26] ARM. ARM CoreLink TZC­400 TrustZone Address Space Controller Technical Reference Manual[EB/OL]. 2021. https://developer.arm.com/documentation/ddi0504/latest/.
[27] JANG J, CHOI C, LEE J, et al. Privatezone: Providing a private execution environment using arm trustzone[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 15(5): 797­-810.
[28] LI D, MI Z, XIA Y, et al. TwinVisor: Hardware­isolated Confidential Virtual Machines for ARM[C]//28th ACM Symposium on Operating Systems Principles (SOSP). 2021.
[29] Arm Isolation using virtualization in the Secure world: Secure world software architecture on Armv8.4[EB/OL]. 2021. https://community.arm.com/arm­community­blogs/b/architectures­and­processors­blog/posts/architecting­more­secure­world­with­isolation­and­virtualization.
[30] ARM. A­profile overview[EB/OL]. 2021. https://developer.arm.com/architectures/cpu­architecture/a­profile.
[31] TF­RMM, released date 2022/11/09[EB/OL]. 2022. https://git.trustedfirmware.org/TF­RMM/tf­rmm.git/.
[32] ARM. Arm Realm Management Extension (RME) System Architecture[EB/OL]. 2022. https://developer.arm.com/documentation/den0129/ad.
[33] CHEN Z, VASILAKIS G, MURDOCK K, et al. VoltPillager: Hardware­based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface.[C]//30th USENIX Security Symposium. 2021: 699­716.
[34] CUI A, HOUSLEY R. BADFET: Defeating Modern Secure Boot Using Second­Order Pulsed Electromagnetic Fault Injection.[C]//11st Workshop On Offensive Technologies (WOOT). 2017.
[35] YITBAREK S F, AGA M T, DAS R, et al. Cold boot attacks are still hot: Security analysis of memory scramblers in modern processors[C]//23rd IEEE International Symposium on High Performance Computer Architecture (HPCA). 2017.
[36] LEE D, JUNG D, FANG I T, et al. An off­chip attack on hardware enclaves via the memory bus[C]//29th USENIX Conference on Security Symposium. 2020: 487­504.
[37] LIU F, YAROM Y, GE Q, et al. Last­level cache side­channel attacks are practical[C]//36th IEEE Symposium on security and privacy (SP). 2015.
[38] YAN M, SPRABERY R, GOPIREDDY B, et al. Attack directories, not caches: Side channel attacks in a non­inclusive world[C]//40th IEEE Symposium on Security and Privacy (SP). 2019.
[39] YAROM Y, FALKNER K. FLUSH+ RELOAD: A High Resolution, Low Noise, L3 CacheSide­Channel Attack[C]//23rd USENIX Security Symposium (USENIX Security). 2014.
[40] KOCHER P, HORN J, FOGH A, et al. Spectre attacks: Exploiting speculative execution[C]//40th IEEE Symposium on Security and Privacy (SP). 2019.
[41] VAN BULCK J, MINKIN M, WEISSE O, et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out­of­Order Execution[C]//27th USENIX Security Symposium (USENIX Security). 2018.
[42] GE Q, YAROM Y, COCK D, et al. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware[M]//Journal of Cryptographic Engineering. 2018.
[43] KIRIANSKY V, LEBEDEV I, AMARASINGHE S, et al. DAWG: A defense against cache timing attacks in speculative execution processors[C]//51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 2018.
[44] ORENBACH M, BAUMANN A, SILBERSTEIN M. Autarky: Closing controlled channels with self­paging enclaves[C]//15th European Conference on Computer Systems (EuroSys). 2020.
[45] SHIH M W, LEE S, KIM T, et al. T­SGX: Eradicating Controlled­Channel Attacks Against Enclave Programs[C]//24th Annual Network and Distributed System Security Symposium (NDSS). 2017.
[46] BOURGEAT T, LEBEDEV I, WRIGHT A, et al. Mi6: Secure enclaves in a speculative out­ of order processor[C]//52nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 2019.
[47] YAN M, CHOI J, SKARLATOS D, et al. Invisispec: Making speculative execution invisible in the cache hierarchy[C]//51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 2018.
[48] Deep dive into cma[EB/OL]. 2021. https://lwn.net/Articles/486301/.
[49] CHECKOWAY S, SHACHAM H. Iago attacks: Why the system call API is a bad untrusted RPC interface[J]. ACM SIGARCH Computer Architecture News, 2013, 41(1): 253­264.
[50] Arm Architecture Reference Manual for A­profile architecture[EB/OL]. 2021. https://developer.arm.com/documentation/ddi0487/latest.
[51] ARM. Learn the architecture ­ Realm Management Extension[EB/OL]. 2021. https://developer.arm.com/documentation/den0126/latest.
[52] The Realm Management Extension (RME) for Armv9­A[EB/OL]. 2021. https://developer.arm.com/documentation/ddi0615/latest.
[53] Arm A­profile A64 Instruction Set Architecture[EB/OL]. 2021. https://developer.arm.com/documentation/ddi0602/latest.
[54] Arm fixed virtual platforms[EB/OL]. 2021. https://developer.arm.com/tools­and­software/simulation­models/fixed­virtual­platforms.
[55] cloc: Count lines of code[EB/OL]. 2021. https://github.com/AlDanial/cloc.
[56] The Realm Management Extension (RME), for SMMUv3[EB/OL]. 2021. https://developer.arm.com/documentation/ihi0094/latest/.
[57] AES algorithm implementation[EB/OL]. 2020. https://github.com/dhuertas/AES.
[58] DigisparkHOTP[EB/OL]. 2016. https://github.com/Akasurde/DigisparkHOTP.
[59] LeNet­5[EB/OL]. 2017. https://github.com/fan­wenjie/LeNet­5.
[60] SqueezeNet[EB/OL]. 2019. https://github.com/royliuyu/squeezenet.git.
[61] Apache http server[EB/OL]. 2022. https://www.apache.org/.
[62] The Apache Software Foundation[EB/OL]. 2015. https://httpd.apache.org/docs/2.4/programs/ab.html.
[63] Memcached[EB/OL]. 2022. https://github.com/memcached/memcached.
[64] twemperf[EB/OL]. 2022. https://github.com/twitter­archive/twemperf.
[65] Nginx[EB/OL]. 2022. https://github.com/nginx/nginx.
[66] WANG J, SUN K, LEI L, et al. Cache­in­the­Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Environments[C]//27th ACM SIGSAC Conference on Computer and Communications Security (CCS). 2020.