WashU Bear Shell Daily

SCONE Secure Linux Containers Environments with Intel SGX   From the provider’s perspective , they don’t trust their users so they use virtual machines to isolate users from each other as well as from the host infrastructure. One thing to note though is that virtual machines only provide a one way isolation they protect the provider from the users but they do little to protect users from potentially malicious administrators that log on to the machines and do some memory dump for example. From the perspective of the users . The applications are trusted but if I run my application on someone else's computer or someone else's cloud I currently have no choice but to also implicitly trust the cloud provider To address this issue we can use intel sgx What sgx gives you is the ability to construct a trusted environment on top of the untrusted cloud that is enforced by hardware. As we already known from lecture, the contents inside enclave are protected and unable...

SGX Basics: Intel SGX is designed to let software run on untrusted systems while keeping its secrets safe. It does so by having having untrusted environments for general use by the host applications and trusted enclaves that handle sensitive operations for the host applications. In SGX, the Intel hardware prevents any outside access to the enclave code and data. However, a potential concern for this system is whether or not an attacker could use the enclave to hide malware from the rest of the system. General Idea/Threat Model: A general threat model for SGX-based malware is as follows: Attacker: Controls enclave used by host application and puts their malware inside it so it cannot be seen by the outside world Victim: Uses malicious third party enclave with benign arbitrary host application Potential scenarios where this might occur: An attacker advertises their enclave as doing an interesting decryption or other security operation needed by an app...

Combining TEE and Blockchain This blog post will discuss the latest development in improving blockchain - using Trusted Execution Environments (TEE) to increase scalability and confidentiality. Blockchain Background For those who aren’t familiar with blockchain, here is a quick rundown of what is blockchain.  Blockchain decentralizes and distributes data across a network of computers, functioning as distributed ledgers. Each participant, or node on the network, has a copy of the stored data in a secure, distributed, and shared database which eliminates the need for a centralized authority. Any changes or additions to the database must be validated by the collective members before the entire network is updated. This provides an unchangeable record and ensures data quality and integrity.  Users are able to submit transactions, which are collected as a block and the network then distributes and verifies the blocks and appends them to an irreversible ch...

ARM TrustZone, its Applications, and the MCU Xpresso55S69 Overview: The creation of ARM TrustZone stems from a simple question: how can high-value code and data be protected (primarily in IoT devices and systems) without significantly slowing development?  The core idea put forth by the developers of ARM TrustZone is that the objective above can be accomplished by isolating critical firmware and private information. TrustZone’s isolation is hardware-enforced, with a “Secure” and a “Non-Secure”/”Normal” world (shown as “Trusted view” and “None-trusted view” in Figure 1 below). Present on ARM’s Cortex-M and Cortex-A processors, TrustZone is a “SoC (System-on-Chip) and CPU system-wide security solution”, per Pinto and Santos [4]. By restricting access to “secure” (“trusted”) memory and I/O, ARM TrustZone reduces the attack surface of critical components.    Figure 1: An Overview of TrustZone Being implemented at the hardware level gives TrustZone s...