SCONE:SecureLinuxContainerswithIntelSGXSergeiArnautov1,BohdanTrach1,FranzGregor1,ThomasKnauth1,AndreMarGn1,ChrisGanPriebe2,JoshuaLind2,DivyaMuthukumaran2,DanO’Keeffe2,MarkLSGllwell2,DavidGoltzsche3,DavidEyers4,R¨udigerKapitza3,PeterPietzuch2,andChristofFetzer11Fakult¨atInformaGk,TUDresden,christof.fetzer@tu-dresden.de2Dept.ofCompuGng,ImperialCollegeLondon,prp@imperial.ac.uk3InformaGk,TUBraunschweig,rrkapitz@ibr.cs.tu-bs.de4Dept.ofComputerScience,UniversityofOtago,dme@cs.otago.ac.nz

SaeidMofrad

1-INTRODUCTION:LinuxContainers:ContainersuseOS-levelvirtualizaGonandtheyarepopularforpackaging,deployingandmanagingservicessuchaskey/valuestoresandwebservers.UnlikeVMs,theydonotrequirehypervisorsoradedicatedOSkernel.Instead,theyusekernelfeaturestoisolateprocesses,andthusdonotneedtotrapsystemcallsoremulatehardwaredevices.•  Containerprocesscanrunasnormalsystemprocess.Theyarelightweight(theyusethehostOSforI/OoperaGons,resourcemanagement,etc.)fasterI/OthroughputandlatencythanVMsIsolaGonisweaksinceitisusingso`warekernelmechanisms,makeiteasierforaaackerstocompromisetheconfidenGalityandintegrityofapplicaGondatawithincontainers.•  DockerandLXCareusingforthepackagingofthecontainers.•  DockerSwarmorKubernetesareusingfortheirdeployment.

WhatisSCONE?SCONEisaSecureContainerEnvironmentforDockerthatusesSGXtorunLinuxapplicaGonsinsecurecontainers.GoalofSCONE:1.  RununmodifiedLinuxapplicaGons2.  Incontainers3.  Inanuntrustedcloud4.  SecurelywithacceptableperformanceSCONEProper7es:1.  SecurecontainershaveasmallTCB.2.  Securecontainershavealowoverhead.3.  SecurecontainersaretransparenttoDocker.

Designtrade-offs:whatsystemsupportshouldbeplacedinsideanenclavetoenablethesecureexecuGonofLinuxprocessesinacontainer?Challenges:SecuritydecisionaboutthesizeoftheTCBandtheexposedinterfacetotheoutsideworldandperformanceimpactbecauseoftheSGXlimitaGon).TCBSIZE:BiggerTCBLargerAaacksurfaceExternalcontainerinterface:Toexecuteunmodifiedprocessesinsidesecurecontainers,thecontainermustsupportaCstandardlibrary(libc)interface.SinceanylibcimplementaGonmustusesystemcalls,whichcannotbeexecutedinsideofanenclave,asecurecontainermustalsoexposeanexternalinterfacetothehostOS.AsthehostOSisuntrusted,theexternalinterfacebecomesanaaackvector.

TojusGfythedesignofSCONE,Theyexploredalternatedesignchoices.

Figure1ashowsapriordesignpoint,asdemonstratedbyHaven,whichminimizestheexternalinterfacebyplacinganenGreWindowslibraryOSinsidetheenclave.Abenefitofthisapproachisthatitexposesonlyasmallexternalinterfacewith22callsbecausealargeporGonofaprocess’systemsupportcanbeprovidedbythelibraryOS.ThelibraryOS,however,increasestheTCBsizeinsideoftheenclave.

TojusGfythedesignofSCONE,Theyexplorealternatedesignchoices.(cont.) Figure1bshowstheopposite,extremedesign

point:theexternalinterfaceisusedtoperformalllibclibrarycallsmadebytheapplicaGon.ThisraisesthechallengeofprotecGngtheconfidenGalityandintegrityofapplicaGondatawhilstexposingawideinterface.Forexample,I/Ocallssuchasreadandwritecouldbeusedtocompromisedatawithintheenclave,andcodeinsidethesecurecontainercannottrustreturneddata.AbenefitofthisapproachisthatithasminimalTCBinsidetheenclave—onlyasmallshimClibraryneedstorelaylibccallstothehostlibclibraryoutsideoftheenclave.

TojusGfythedesignofSCONE,Theyexploredalternatedesignchoices.(Cont.)

Figure1cshowsamiddlegroundbydefiningtheexternalinterfaceatthelevelofsystemcallsexecutedbythelibcimplementaGon.•  shieldlibrariescanbeusedtoprotectasecurity-sensiGvesetofsystemcalls:filedescriptorbasedI/Ocalls,suchasread,write,send,andrecv,areshieldedbytransparentlyencrypGnganddecrypGngtheuserdata.

Table1ShowstheperformanceandresourcemetricsforeachserviceusingtheLinuxlibraryOScomparedtoanaGveglibcdeployment.Onaverage,thelibraryOSincreasestheTCBsizeby5x,theservicelatencyby4xandhalvestheservicethroughput.

Observation: System call overhead and Memory Access Overhead. A micro-benchmarkonanIntelXeonCPUE3-1230v5at3.4GHzmeasuringthemaximumrateatwhichpwritesystemcallscanbeexecutedwithandwithoutanenclave.

Endofpresenta7on

3.2Externalinterfaceshielding:SCONEsupportsasetofshields.Shieldsfocuson:(1)PrevenGnglow-levelaaacks,suchastheOSkernelcontrollingpointersandbuffersizespassedtotheservice(2)ensuringtheconfidenGalityandintegrityoftheapplicaGondatapassedthroughtheOS.SCONEsupportsshieldsfor:(1) thetransparentencrypGonoffiles(2)thetransparentencrypGonofcommunicaGonchannelsviaTLS(3)thetransparentencrypGonofconsolestreams.AshieldalsohasconfiguraGonparameters,whichareencryptedandcanbeaccessedonlya`ertheenclavehasbeeniniGalized.

Filesystemshield:ThefilesystemshieldprotectstheconfidenGalityandintegrityoffiles.Containerimagecreatormustdefinethreedisjointsetsoffilepathprefixes:(1) Unprotectedfiles,(2) encryptedandauthenGcatedfiles,(3) authenGcatedfiles.-ProcessesinasecurecontainerhaveaccesstothestandardDockertmpfs,butitiscostlyaslightweightalternaGveSCONEsupportsasecureephemeralfilesystemthroughitsfilesystemshield.theephemeralfilesystemmaintainsthestateofmodifiedfilesinnon-enclavememoryanditisfasterthantmpfs.Theephemeralfilesystemisresilientagainstrollbackaaack:a`errestarGngthecontainerprocess,thefilesystemreturnstoapreconfiguredstartupstatethatisvalidatedbythefilesystemshield,andthereforeitisnotpossibleforanaaackertorollbackthefilesystemtoanintermediatestate.ThisisalsotrueduringrunGme,sincethemetadataforfiles’blocksresideswithintheenclave.

Networkshield:SCONEpermitsclientstoestablishsecuretunnelstoitandwrapsallsocketoperaGonsandredirectsthemtoanetworkshield.Thenetworkshield,uponestablishinganewconnecGon,performsaTLShandshakeandencrypts/decryptsanydatatransmiaedthroughthesocket.TheprivatekeyandcerGficatearereadfromthecontainer’sfilesystem.Thus,theyareprotectedbythefilesystemshield.Consoleshield:Containerpermitauthorizedprocessestoaaachtothestdin,stdout,andstderr.SCONEsupportstransparentencrypGonforthem.ThesymmetricencrypGonkeyisexchangedbetweenthesecurecontainerandtheSCONEclientduringthestartupprocedure.Aconsoleshieldencryptsastreambysplijngitintovariable-sizedblocks.AstreamisprotectedagainstreplayandreorderingaaacksbyassigningeachblockauniqueidenGfier,whichischeckedbytheauthorizedSCONEclient.

3.3Threadingmodel:SCONEsupportsanM:NthreadingmodelinwhichMapplicaGonthreadsinsidetheenclavearemappedtoNOSthreads.->fewerenclavetransiGons.

-MulGpleOSthreadsinSCONEcanenteranenclave.Eachthreadexecutesthescheduler.Schedulerchecksif:(1)anapplicaGonthreadneedstobewokenduetoanexpiredGmeoutorthearrivalofasystemcallresponse;or(2)anapplicaGonthreadiswaiGngtobescheduled.Inbothcases,theschedulerexecutestheassociatedthread.-ThenumberofOSthreadsinsidetheenclaveistypicallyboundbythenumberofCPUcores.-Thesystemcallthreadsresideinthekernelindefinitelytoeliminatetheoverheadofkernelmodeswitches.-Whentherearenopendingsystemcalls,thethreadsback-offtoreduceCPUload.

3.4 Asynchronous system calls: Thisinterfaceconsistsoftwolock-free,mulG-producer,mulG-consumerqueues:arequestqueueandaresponsequeue.

1.  When system call happens copies memory-based

arguments outside of the enclave 2.  addsadescripGonofthesystemcalltoasyscallslotdatastructurecontainingthesystemcallnumberandarguments.Thesyscallslotandtheargumentsusethread-localstorage.3.  NexttheapplicaGonthreadyieldstothescheduler,which

willexecuteotherapplicaGonthreadsunGlthereplytothesystemcallisreceivedintheresponsequeue.

4.  Thesystemcallisissuedbyplacingareferencetothesyscallslotintotherequestqueue.

5.Whentheresultisavailableintheresponsequeue,buffersarecopiedtotheinsideoftheenclave,andallpointersareupdatedtopointtoenclavememorybuffers.6.TheassociatedapplicaGonthreadisscheduledagain.

3.5Dockerintegra7on:TheintegraGonofsecurecontainerswithDockerrequireschangestothebuildprocessofsecureimage,andchangetoclient-sideextensions.SCONEdoesnotrequiremodificaGonstotheDockerEngineoritsAPI.

Containerstartup:EachsecurecontainerrequiresastartupconfiguraGonfile(SCF).TheSCFcontainskeystoencryptstandardI/Ostreams,ahashoftheFSprotecGonfileanditsencrypGonkey.SinceSGXdoesnotprotecttheconfidenGalityofenclavecode,pujngthestartupconfiguraGonintheenclaveitselfisnotanopGon.Instead,a`ertheexecutablehasiniGalizedtheenclave,theSCFisreceivedthroughaTLSprotectednetworkconnecGon,duringenclavestartup.

Evalua7on:TheyUsedTwowebservers,Apache,andNGINX,Memcached;Redis;andSQLite.TheapplicaGonsincludeamixofcompute(e.g.,SQLite)andI/Ointensive(e.g.,ApacheandMemcached)workloads.Threevariantsforeachapplica7on:1-onebuiltwiththeGNUClibrary(glibc);2-onebuiltwiththemuslClibraryadaptedtoruninsideSGXenclaveswithsynchronoussystemcalls(SCONE-sync);3-onebuiltwiththesamemuslClibrarybutwithasynchronoussystemcalls(SCONE-async).ForapplicaGonsthatdonotsupportencrypGon(e.g.,MemcachedandRedis),theyuseStunneltoencrypttheircommunicaGonintheglibcvariant.

FIGURE 14 SHOWS HOW MANY PWRITE() CALLS CAN BE EXECUTED BY SCONE-ASYNC, SCONE-SYNC AND NATIVELY.

CONCLUSION

•  SCONEincreasestheconfidenGalityandintegrityofcontainerizedservicesusingIntelSGX.

•  TCBisbetween0.6–2theapplicaGoncodesizeandarecompaGblewithDocker.

•  asynchronoussystemcallsandakernelmodulemakeSGXoverheadless.

•  Forallevaluatedservices,theyachievedatleast60%ofthenaGvethroughput;

REFERENCE:

•  haps://www.ibr.cs.tu-bs.de/users/goltzsch/papers/osdi2016scone-preprint.pdf

•  haps://www.usenix.org/sites/default/files/conference/protected-files/osdi16_slides_knauth.pdf