基于代理内核架构的机密虚拟机操作系统设计与实现

可信执行环境通过内存加密和隔离机制为应用程序提供了一个隔离的运行环境，在保护应用程序机密性和完整性以及防止恶意系统软件攻击方面具有巨大的应用前景。随着可信执行环境技术的发展，机密虚拟机已经取代飞地成为可信执行环境的主流架构。机密虚拟机需要在内部运行一个安全的操作系统来作为可信计算基的一部分。目前，在机密虚拟机中运行Linux内核是普遍采用的一种机密计算解决方案，但Linux内核并不是专门为机密虚拟机场景所设计，存在使用无内存安全机制的C语言开发，代码量大，难以进行安全审计，没有针对机密虚拟机安全模型设计等问题。为此，本文提出了一种专门针对机密虚拟机场景的操作系统设计方案。

本文提出了机密虚拟机中操作系统设计的四条原则，并设计了一种基于代理内核架构的操作系统RipOS。RipOS将内存管理和进程管理等必要模块保留在机密虚拟机中，把文件系统，设备驱动和网络协议栈排除在可信计算基之外，并通过代理系统调用的方式借助宿主机或者另一虚拟机中的操作系统完成对应功能。本文分析了代理系统调用存在的安全问题，在RipOS中增加了代理系统调用的转换、验证和状态机模块来保护代理系统调用的机密性和完整性。RipOS使用Rust编程语言进行开发，最大程度降低了内存安全问题和数据竞争问题出现的可能。通过代理内核的设计，RipOS减小了可信计算基和接口攻击面，提高了系统的整体安全性。本文在RISC-V指令集和x86指令集上分别实现了RipOS系统原型，并在Genesys2开发板上和SEV机密虚拟机中进行了性能测试。

[1] SABELFELD A, MYERS A C. Language-based information-flow security[J]. IEEE Journalon selected areas in communications, 2003, 21(1): 5-19.
[2] Confidential Computing Consortium. What is Confidential Computing?[EB/OL]. 2024. https://confidentialcomputing.io/.
[3] SABT M, ACHEMLAL M, BOUABDALLAH A. Trusted execution environment: What it is,and what it is not[C]//2015 IEEE Trustcom/BigDataSE/Ispa: volume 1. IEEE, 2015: 57-64.
[4] COSTAN V, DEVADAS S. Intel SGX explained[J]. Cryptology ePrint Archive, 2016.
[5] INTEL. Intel Trust Domain Extensions[J]. White paper, 2023, 9.
[6] KAPLAN D, POWELL J, WOLLER T. AMD memory encryption[J]. White paper, 2016, 13.
[7] SEV-SNP A. Strengthening VM isolation with integrity protection and more[J]. White Paper,January, 2020, 53: 1450-1465.
[8] LI X, LI X, DALL C, et al. Design and verification of the arm confidential compute architecture[C]//16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22).2022: 465-484.
[9] 海光 CSV：海光安全虚拟化技术[EB/OL]. 2023. https://github.com/inclavare-containers/cncc-sig-white-paper/blob/master/cc_platform/hygon_csv.md.
[10] RUSHBY J, et al. A trusted computing base for embedded systems[C]//Proceedings of the 7thDoD/NBS Computer Security Conference. 1984: 294-311.
[11] CHECKOWAY S, SHACHAM H. Iago attacks: Why the system call API is a bad untrustedRPC interface[J]. ACM SIGARCH Computer Architecture News, 2013, 41(1): 253-264.
[12] LI M, ZHANG Y, WANG H, et al. CIPHERLEAKS: Breaking Constant-time Cryptography onAMD SEV via the Ciphertext Side Channel[C]//30th USENIX Security Symposium (USENIXSecurity 21). 2021: 717-732.
[13] NGABONZIZA B, MARTIN D, BAILEY A, et al. Trustzone explained: Architectural features and use cases[C]//2016 IEEE 2nd International Conference on Collaboration and InternetComputing (CIC). IEEE, 2016: 445-451.
[14] INTEL. Intel Software Guard Extensions SDK for Linux OS[EB/OL]. 2024. https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html.
[15] WANG H, WANG P, DING Y, et al. Towards memory safe enclave programming with rust-sgx[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and CommunicationsSecurity. 2019: 2333-2350.
[16] TSAI C C, PORTER D E, VIJ M. Graphene-SGX: A practical library OS for unmodified applications on SGX[C]//2017 USENIX Annual Technical Conference (USENIX ATC 17). 2017:645-658.
[17] BAUMANN A, PEINADO M, HUNT G. Shielding applications from an untrusted cloud withhaven[J]. ACM Transactions on Computer Systems (TOCS), 2015, 33(3): 1-26.
[18] PORTER D E, BOYD-WICKIZER S, HOWELL J, et al. Rethinking the library OS from thetop down[C]//Proceedings of the sixteenth international conference on Architectural support forprogramming languages and operating systems. 2011: 291-304.
[19] ARNAUTOV S, TRACH B, GREGOR F, et al. SCONE: Secure linux containers with intelSGX[C]//12th USENIX Symposium on Operating Systems Design and Implementation (OSDI16). 2016: 689-703.
[20] SHINDE S, LE TIEN D, TOPLE S, et al. Panoply: Low-TCB Linux Applications With SGXEnclaves.[C]//NDSS. 2017.
[21] SHEN Y, TIAN H, CHEN Y, et al. Occlum: Secure and efficient multitasking inside a singleenclave of intel sgx[C]//Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 2020: 955-970.
[22] WAHBE R, LUCCO S, ANDERSON T E, et al. Efficient software-based fault isolation[C]//Proceedings of the fourteenth ACM symposium on Operating systems principles. 1993: 203-216.
[23] TIAN H, ZHANG Y, XING C, et al. SGXKernel: A library operating system optimized forIntel SGX[C]//Proceedings of the Computing Frontiers Conference. 2017: 35-44.
[24] TIAN H, ZHANG Q, YAN S, et al. Switchless calls made practical in intel SGX[C]//Proceedings of the 3rd Workshop on System Software for Trusted Execution. 2018: 22-27.
[25] WEISSE O, BERTACCO V, AUSTIN T. Regaining lost cycles with HotCalls: A fast interfacefor SGX secure enclaves[J]. ACM SIGARCH Computer Architecture News, 2017, 45(2): 81-93.
[26] ORENBACH M, LIFSHITS P, MINKIN M, et al. Eleos: ExitLess OS services for SGX enclaves[C]//Proceedings of the Twelfth European Conference on Computer Systems. 2017: 238-253.
[27] OP-TEE[EB/OL]. 2024. https://optee.readthedocs.io/en/latest/general/about.html.
[28] SHINDE S, WANG S, YUAN P, et al. BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof[C]//29th USENIX Security Symposium (USENIX Security 20). 2020:523-540.
[29] PAULIN-MOHRING C. Inductive definitions in the system Coq rules and properties[C]//International Conference on Typed Lambda Calculi and Applications. Springer, 1993: 328-345.
[30] ELENA R, TAMAS L, SEBASTIAN O, et al. Intel Trust Domain Extension Guest Linux KernelHardening Strategy[EB/OL]. 2024. https://intel.github.io/ccc-linux-guest-hardening-docs/tdx-guest-hardening.html.
[31] cloc[EB/OL]. 2024. https://github.com/AlDanial/cloc.
[32] DINH-TRONG T T, BIEMAN J M. The FreeBSD project: A replication case study of opensource development[J]. IEEE Transactions on Software Engineering, 2005, 31(6): 481-494.
[33] LEVIN J. Mac OS X and iOS internals: to the apple’s core[M]. John Wiley & Sons, 2012.
[34] ACCETTA M, BARON R, BOLOSKY W, et al. Mach: A new kernel foundation for UNIXdevelopment[Z]. 1986.
[35] HEISER G, ELPHINSTONE K. L4 microkernels: The lessons from 20 years of research anddeployment[J]. ACM Transactions on Computer Systems (TOCS), 2016, 34(1): 1-29.
[36] KLEIN G, ELPHINSTONE K, HEISER G, et al. seL4: Formal verification of an OS kernel[C]//Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. 2009:207-220.
[37] System Architecture Group. The L4Ka::Pistachio microkernel.[J]. White paper, KarlsruheUniversity (TH), May, 2003.
[38] LIEDTKE J. On micro-kernel construction[J]. ACM SIGOPS Operating Systems Review,1995, 29(5): 237-250.
[39] SHAPIRO J S, SMITH J M, FARBER D J. EROS: a fast capability system[C]//Proceedings ofthe seventeenth ACM symposium on Operating systems principles. 1999: 170-185.
[40] ENGLER D R, KAASHOEK M F, O’TOOLE JR J. Exokernel: An operating system architecture for application-level resource management[J]. ACM SIGOPS Operating Systems Review,1995, 29(5): 251-266.
[41] 陈海波, 夏虞斌. 操作系统：原理与实现[M]. 2 版. 北京: 机械工业出版社, 2023: 17-23.
[42] MADHAVAPEDDY A, MORTIER R, ROTSOS C, et al. Unikernels: Library operating systemsfor the cloud[J]. ACM SIGARCH Computer Architecture News, 2013, 41(1): 461-472.
[43] BARHAM P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[J]. ACMSIGOPS operating systems review, 2003, 37(5): 164-177.
[44] TA-MIN R, LITTY L, LIE D. Splitting interfaces: Making trust between applications andoperating systems configurable[C]//Proceedings of the 7th symposium on Operating systemsdesign and implementation. 2006: 279-292.
[45] AMMONS G, APPAVOO J, BUTRICO M, et al. Libra: a library operating system for a jvmin a virtualized execution environment[C]//Proceedings of the 3rd international conference onVirtual execution environments. 2007: 44-54.
[46] RISC-V Software. RISC-V Proxy Kernel and Boot Loader[EB/OL]. 2024. https://github.com/riscv-software-src/riscv-pk.
[47] IBM. IBM J9 JVM[EB/OL]. 2024. https://www.ibm.com/docs/en/configurepricequote/10.0?topic=machines-j9-jvm.
[48] RISC-V Software. Spike RISC-V ISA Simulator[EB/OL]. 2024. https://github.com/riscv-software-src/riscv-isa-sim.
[49] CHEN X, GARFINKEL T, LEWIS E C, et al. Overshadow: a virtualization-based approach toretrofitting protection in commodity operating systems[J]. ACM SIGOPS Operating SystemsReview, 2008, 42(2): 2-13.
[50] PORTS D R, GARFINKEL T. Towards Application Security on Untrusted Operating Systems.[C]//HotSec. 2008.
[51] CUI R, ZHAO L, LIE D. Emilia: Catching Iago in Legacy Code.[C]//NDSS. 2021.
[52] 张汉东. Rust 编程之道[M]. 北京: 电子工业出版社, 2019.
[53] STEVE K, CAROL N. The Rust Programming Language[EB/OL]. 2024. https://doc.rust-lang.org/stable/book/ch19-01-unsafe-rust.html.
[54] rCore-Tutorial-v3[EB/OL]. 2024. https://github.com/rcore-os/rCore-Tutorial-v3.
[55] Titanix[EB/OL]. 2023. https://github.com/greenhandzpx/Titanix.
[56] Redox[EB/OL]. 2024. https://www.redox-os.org/.
[57] LANKES S, KLIMT J, BREITBART J, et al. RustyHermit: a scalable, rust-based virtual execution environment[C]//High Performance Computing: ISC High Performance 2020 InternationalWorkshops, Frankfurt, Germany, June 21–25, 2020, Revised Selected Papers 35. Springer,2020: 331-342.
[58] LANKES S, PICKARTZ S, BREITBART J. HermitCore: a unikernel for extreme scale computing[C]//Proceedings of the 6th International Workshop on Runtime and Operating Systemsfor Supercomputers. 2016: 1-8.
[59] NARAYANAN V, HUANG T, DETWEILER D, et al. RedLeaf: isolation and communicationin a safe operating system[C]//14th USENIX Symposium on Operating Systems Design andImplementation (OSDI 20). 2020: 21-39.
[60] BOOS K, LIYANAGE N, IJAZ R, et al. Theseus: an experiment in operating system structure and state management[C]//14th USENIX Symposium on Operating Systems Design andImplementation (OSDI 20). 2020: 1-19.
[61] Asterinas[EB/OL]. 2024. https://github.com/asterinas/asterinas.
[62] BALASUBRAMANIAN A, BARANOWSKI M S, BURTSEV A, et al. System programmingin rust: Beyond safety[C]//Proceedings of the 16th workshop on hot topics in operating systems.2017: 156-161.
[63] CONSTABLE S, VAN BULCK J, CHENG X, et al. AEX-Notify: Thwarting Precise SingleStepping Attacks through Interrupt Awareness for Intel SGX Enclaves[C]//32nd USENIX Security Symposium (USENIX Security 23). 2023: 4051-4068.
[64] XU Y, CUI W, PEINADO M. Controlled-channel attacks: Deterministic side channels foruntrusted operating systems[C]//2015 IEEE Symposium on Security and Privacy. IEEE, 2015:640-656.
[65] KOCHER P, HORN J, FOGH A, et al. Spectre attacks: Exploiting speculative execution[J].Communications of the ACM, 2020, 63(7): 93-101.
[66] CHEN G, LI M, ZHANG F, et al. Defeating speculative-execution attacks on SGX with HyperRace[C]//2019 IEEE Conference on Dependable and Secure Computing (DSC). IEEE, 2019:1-8.
[67] CHEN G, ZHANG Y. Securing TEEs With Verifiable Execution Contracts[J]. IEEE Transactions on Dependable and Secure Computing, 2022.
[68] LI D, MI Z, XIA Y, et al. Twinvisor: Hardware-isolated confidential virtual machines forarm[C]//Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles.2021: 638-654.
[69] TANENBAUM A S, HERDER J N, BOS H. Can we make operating systems reliable andsecure?[J]. Computer, 2006, 39(5): 44-51.
[70] OpenCVE[EB/OL]. 2024. https://www.opencve.io/cve.
[71] MICHAEL M M, SCOTT M L. Simple, fast, and practical non-blocking and blocking concurrent queue algorithms[C]//Proceedings of the fifteenth annual ACM symposium on Principlesof distributed computing. 1996: 267-275.
[72] WALLI S R. The POSIX family of standards[J]. StandardView, 1995, 3(1): 11-17.
[73] Marketsandmarkets: Encryption software market, global forecast to 2025.[EB/OL]. 2022. https://www.marketsandmarkets.com/Market-Reports/encryption-software-market-227254588.html.
[74] OPPLIGER R. SSL and TLS: Theory and Practice[M]. Artech House, 2023.
[75] RAJGARHIA A, GEHANI A. Performance and extension of user space file systems[C]//Proceedings of the 2010 ACM Symposium on Applied Computing. 2010: 206-213.
[76] WERNER J, MASON J, ANTONAKAKIS M, et al. The severest of them all: Inference attacks against secure virtual enclaves[C]//Proceedings of the 2019 ACM Asia Conference onComputer and Communications Security. 2019: 73-85.
[77] ASANOVIC K, AVIZIENIS R, BACHRACH J, et al. The rocket chip generator[J]. EECSDepartment, University of California, Berkeley, Tech. Rep. UCB/EECS-2016-17, 2016, 4: 6-2.
[78] BELLARD F. QEMU, a fast and portable dynamic translator.[C]//USENIX annual technicalconference, FREENIX Track: volume 41. California, USA, 2005: 10-5555.
[79] Inter-VM Shared Memory device[EB/OL]. 2024. https://www.qemu.org/docs/master/system/devices/ivshmem.html.
[80] rv8-bench[EB/OL]. 2024. https://github.com/michaeljclark/rv8-bench.
[81] lmbench[EB/OL]. 2024. https://lmbench.sourceforge.net/.
[82] IOzone Filesystem Benchmark[EB/OL]. 2024. http://iozone.org/.
[83] byte-unixbench[EB/OL]. 2024. https://github.com/kdlucas/byte-unixbench.