IC Colloquium: Co-designing systems software and hardware for confidential computing
Event details
| Date | 11.02.2021 |
| Hour | 15:00 › 16:00 |
| Location | Online |
| Category | Conferences - Seminars |
By: Andrew Baumann - Microsoft Research
Abstract
General-purpose “trusted computing” platforms have largely failed to inspire trust. Rather, security for many cloud applications rests on a messy combination of cryptography, reputation, law, and blind faith. As more computation moves to the cloud, this is a serious concern: users rely on both the cloud provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.
In this talk, I'll first introduce the notion of confidential computing, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (e.g., the cloud operator's host OS, VMM and firmware), before presenting two systems that implement it in different ways. The first, Haven, leverages Intel SGX hardware and a library OS to demonstrate “shielded execution” of unmodified applications, including SQL Server and Apache, in an enclave. Insights from Haven informed the design of SGX, which is now the basis of confidential computing offerings by major cloud providers.
However, to implement SGX, Intel extended the x86 architecture with an isolation mechanism approaching the complexity of an OS microkernel, implemented by an inscrutable mix of silicon and microcode. While hardware-based security can improve performance and offer features that are difficult or impossible to achieve in pure software, hardware-only solutions are difficult to update, either to patch security flaws or introduce new features. Such updates are also dependent on the slowing deployment of new CPUs.
The second system, Komodo illustrates an alternative approach. Komodo decouples the core hardware mechanisms such as memory encryption, address-space isolation and attestation from a privileged software monitor that in turn implements enclaves. The monitor is backed by a machine-checkable proof of both functional correctness and high-level security properties of enclave integrity and confidentiality. A prototype in verified assembly code on an ARM TrustZone platform demonstrates the practicality of the approach.
Bio
Andrew Baumann is a Principal Researcher at Microsoft Research, Redmond, which he joined in 2010 after completing a post-doctorate at ETH Zurich and a PhD at The University of New South Wales. His research interests are operating systems and systems security, with a particular focus on problems driven by hardware evolution, or close to the hardware/software
boundary. His significant research projects include the Barrelfish multikernel OS, Drawbridge library OS, and Haven trusted cloud platform. Andrew has published at and served on the program committees of conferences such as SOSP, OSDI, EuroSys, NSDI, ASPLOS, and Usenix ATC, and served as program co-chair for VEE 2020. His work received best paper awards at OSDI 2014 and SOSP 2019, and the SIGOPS hall of fame award in 2020.
More information
Abstract
General-purpose “trusted computing” platforms have largely failed to inspire trust. Rather, security for many cloud applications rests on a messy combination of cryptography, reputation, law, and blind faith. As more computation moves to the cloud, this is a serious concern: users rely on both the cloud provider's staff and its globally-distributed software/hardware platform not to expose any of their private data.
In this talk, I'll first introduce the notion of confidential computing, which protects the confidentiality and integrity of a program and its data from the platform on which it runs (e.g., the cloud operator's host OS, VMM and firmware), before presenting two systems that implement it in different ways. The first, Haven, leverages Intel SGX hardware and a library OS to demonstrate “shielded execution” of unmodified applications, including SQL Server and Apache, in an enclave. Insights from Haven informed the design of SGX, which is now the basis of confidential computing offerings by major cloud providers.
However, to implement SGX, Intel extended the x86 architecture with an isolation mechanism approaching the complexity of an OS microkernel, implemented by an inscrutable mix of silicon and microcode. While hardware-based security can improve performance and offer features that are difficult or impossible to achieve in pure software, hardware-only solutions are difficult to update, either to patch security flaws or introduce new features. Such updates are also dependent on the slowing deployment of new CPUs.
The second system, Komodo illustrates an alternative approach. Komodo decouples the core hardware mechanisms such as memory encryption, address-space isolation and attestation from a privileged software monitor that in turn implements enclaves. The monitor is backed by a machine-checkable proof of both functional correctness and high-level security properties of enclave integrity and confidentiality. A prototype in verified assembly code on an ARM TrustZone platform demonstrates the practicality of the approach.
Bio
Andrew Baumann is a Principal Researcher at Microsoft Research, Redmond, which he joined in 2010 after completing a post-doctorate at ETH Zurich and a PhD at The University of New South Wales. His research interests are operating systems and systems security, with a particular focus on problems driven by hardware evolution, or close to the hardware/software
boundary. His significant research projects include the Barrelfish multikernel OS, Drawbridge library OS, and Haven trusted cloud platform. Andrew has published at and served on the program committees of conferences such as SOSP, OSDI, EuroSys, NSDI, ASPLOS, and Usenix ATC, and served as program co-chair for VEE 2020. His work received best paper awards at OSDI 2014 and SOSP 2019, and the SIGOPS hall of fame award in 2020.
More information
Practical information
- General public
- Free
- This event is internal