alibi: attested instruction tracing as a secure thin intermediate layer (stil) primitive
DESCRIPTION
Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive. Amit Vasudevan , Chen Chen , Adrian Perrig CyLab , Carnegie Mellon University. Vyas Sekar, Petros Maniatis ISTC for Secure Computing. Ubiquity of Outsourcing Computation. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/1.jpg)
1
Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL)
Primitive
Vyas Sekar, Petros ManiatisISTC for Secure
Computing
Amit Vasudevan, Chen Chen, Adrian PerrigCyLab, Carnegie Mellon
University
![Page 2: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/2.jpg)
Ubiquity of Outsourcing Computation
• Fundamental advantage of cloud paradigm is computation outsourcing
• Trend shows we are increasingly placing trust on remote parties for computation
• To be sustainable we need stronger assurances
2
![Page 3: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/3.jpg)
State of cloud computing today ..
3
It's that dreaded time of the month again, the time of the month that we, the 400,000+ Amazon Web Service consumers await with great anticipation / horror. What I'm talking about is the Amazon Web Services Billing Statement sent at beginning of each month.
As it turns out, Microsoft's doesn't disclose revenues related to its cloud services. And on that matter, it's not alone. Neither do Amazon, Google, or IBM.
Need stronger, verifiable resource accounting!
![Page 4: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/4.jpg)
What capabilities do we want?
4
Provider (P)Task (T)
Attribution Model (A)
Report (R)
Witness (W)
Verifier T,R,W,A
Trusted Layer
1. Did I use the resources billed?e.g., T did physically consume X cyclesIs P double counting or overcharging?
2. Should I have used these resources?e.g., Was it because of poor scheduling by P?Did T consume more due to “contention” with T’ on same CPU?
![Page 5: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/5.jpg)
Epoch Resource1 Resource2
1 T1=5, T2=0 T1=1,T2=2
2 T1=1, T2=10
T1=0,T2=10
….
Did-I/Should-I Clean Slate Solution
DecisionsAllocatorTemplate
RequestsInterrupts
AllocatorTemplate
Decisions
PrivatePolicy
Hidden Log of
Requests, interrupts
Log of Decisions
VerifierCustomerProvider
Resource 1
Resource 2
“Trusted”
Task1 Task2
![Page 6: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/6.jpg)
• Lack of suitable h/w accounting primitives– Most resources have “allocators” within the OS (or
VMM). E.g., memory, scheduler, disk etc. – Use a s/w monitoring layer that can deliver
required measurements• How does the provider justify what it did?
6
Challenges
Attested Instruction Tracing
![Page 7: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/7.jpg)
Attested Instruction Trace
• Atomic component of any program is an instruction
• Enables precise reasoning of what the program did during runtime
• What You See Is What Executed (WYSIWE) if the collection mechanism is robust to tampering 7
void alibi(int p, int v, int a){ if( (p+v) >= a) printf("\nGreater/Equal"); else printf("\nLesser");}
Program
…leal (%edx,%eax), %eaxcmpl 16(%ebp), %eaxjle .L2movl $.LC0, (%esp)call printfjmp .L4
.L2:movl $.LC1, (%esp)call printf
.L4:leaveret
Instruction Trace…leal (%edx,%eax), %eaxcmpl 16(%ebp), %eaxjle .L2movl $.LC0, (%esp)call printfjmp .L4
.L2:movl $.LC1, (%esp)call printf
.L4:leaveret
Instruction Trace
![Page 8: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/8.jpg)
Why the resource accounting problem is not solved by * ?
• Client-side sanity checks– Useful, but can’t really use it to justify anything
• Launch-time Attestation– E.g., TPM++, Flickr++– Need run time, not just load time
• Deterministic replay– E.g., AVM– Too much to trust, might give away too much info
• Control Flow Integrity++– Want actual run time accounting, not plausible flows!
8
![Page 9: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/9.jpg)
Operating System
Process
Callback
Alibi: Architectural Overview
9
2. Register
3. Entry/Exit
5. Reporting1. Trusted Launch
Alibi Hypervisor
Customer
Provider
Verifier
Repo
rt
Alibi Hypervisor
Process
Callback
4. Instruction TraceCollection
![Page 10: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/10.jpg)
Attested Instruction Tracing Benefits and Applications
• A strong general primitive– Attesting actual execution vs. launch-time attestation
• Benefits– fine-grained and accurate– minimal-TCB approach -> robust to tampering– can be used on commodity x86 platforms today!
• Applications– Attested Read from an input port– Attested accesses to disk – Attested CPU cycle counter read– Malware detection– …
10
![Page 11: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/11.jpg)
Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL)
Primitive
• Introduction and Motivation• Attested Instruction Tracing• Machinery• Summary and Discussion
11
![Page 12: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/12.jpg)
Prior work from CMU: XTRec
12
Shaded = Trusted
Leverage Branch Trace Message (BTM) feature
![Page 13: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/13.jpg)
Branch Trace Messages
1313
• Emitted by the CPU for all branch instructions decoded at the Instruction Pointer
• Available on commodity x86 class CPUs; primarily used for debugging purposes
• Generated irrespective of the code privilege level (Ring 0-3, SMM and even the hypervisor!)
• Usually sent out on the system bus, BUT can be stored to system memory
![Page 14: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/14.jpg)
Dynamic Code Capture
• BTMs record only control-flow instructions– What about other instructions?
• Hardware managed physical memory page tables– W XOR X policy on physical memory pages – Record contents of page prior to converting it to
executable status– Superimpose BTMs over corresponding code page
contents
14
![Page 15: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/15.jpg)
Alibi: Current status• Port XTRec primitives to IA-32• Addressing performance issues– Selective logging, BTM cache, LBA-style offload
• Using Alibi for Did-I verifiability– e.g., challenges with dynamic libraries, sys-calls
• Using Alibi for Should-I verifiability– Guarantee privacy (code + data)– API for selective logging
15
![Page 16: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/16.jpg)
Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL)
Primitive
• Introduction and Motivation• Attested Instruction Tracing• Machinery• Summary and Discussion
16
![Page 17: Alibi: Attested Instruction Tracing as a Secure Thin Intermediate Layer (STIL) Primitive](https://reader036.vdocument.in/reader036/viewer/2022062813/568164da550346895dd72a63/html5/thumbnails/17.jpg)
Summary and Discussion• Attested Instruction tracing– A strong general primitive• Attesting actual execution vs. launch-time attestation
– fine-grained, accurate, minimal-TCB approach, robust to tampering and applicable to commodity x86 platforms!
• Verifiable Resource Accounting– Did-I and Should-I properties– Provider incentives• Adoption to avoid underutilization, less conservative in
accounting, prevent customers from gaming the system
17