CHORS: hardening high-assurance security systems with trusted computing

  title={CHORS: hardening high-assurance security systems with trusted computing},
  author={Wojciech Ożga and Rasha Faqeh and Do Le Quoc and Franz Gregor and Silvio Dragone and Christof Fetzer},
  journal={Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing},
  • W. OżgaRasha Faqeh C. Fetzer
  • Published 25 April 2022
  • Computer Science
  • Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing
High-assurance security systems require strong isolation from the untrusted world to protect the security-sensitive or privacy-sensitive data they process. Existing regulations impose that such systems must execute in a trustworthy operating system (OS) to ensure they are not collocated with untrusted software that might negatively impact their availability or security. However, the existing techniques to attest to the OS integrity fall short due to the cuckoo attack. We present and formally… 

Figures and Tables from this paper

MATEE: multimodal attestation for trusted execution environments

MATEE is introduced, a novel remote attestation mechanism for TEEs that creates a second chain of trust to a Trusted Platform Module (TPM), adding diverse redundancy into the existing attestation process.




TrustVisor: Efficient TCB Reduction and Attestation

TrustVisor is presented, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application that has a very small code base that makes verification feasible.

A practical approach for updating an integrity-enforced operating system

This work proposes a trusted software repository (TSR), a secure proxy that overcomes the shortcomings of previous approaches by sanitizing software packages, and leverages shielded execution, i.e., Intel SGX, to achieve confidentiality and integrity guarantees of the sanitization process.

Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders

  • Franz GregorW. Ożga C. Fetzer
  • Computer Science
    2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
  • 2020
PALÆMON addresses in a secure, efficient and cost-effective way five main challenges faced when developing trusted networked applications and services.

A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping

Two sorts of Trusted Platform Module (TPM) attacks regarding power management are reported, one exploiting a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM) and the other exploiting an implementation flaw in tboot, the most popular measured launched environment used with Intel's Trusted Execution Technology.

Establishing Software Root of Trust Unconditionally

A RoT establishment protocol based on a new computation primitive with concrete (non-asymptotic) optimal space-time bounds in adversarial evaluation on the cWRAM is introduced, which is a randomized polynomial, which has kindependent uniform coefficients in a prime order field.

Design and Implementation of a TCG-based Integrity Measurement Architecture

This work shows that many of the Microsoft NGSCB guarantees can be obtained on today's hardware and today's software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent trusted entity, a TPM for example.

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution

This work presents Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations and develops a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache.

Integrating Remote Attestation with Transport Layer Security

This work seamlessly combine Intel SGX remote attestation with the establishment of a standard Transport Layer Security (TLS) connection, and has prototype implementations for three widely used open-source TLS libraries: OpenSSL, wolfSSL and mbedTLS.

Origin-sensitive Control Flow Integrity

This paper proposes a new context for CFI, origin sensitivity, that can effectively break down large ECs and reduce the average and largest EC size and demonstrates that OS-CFI can substantially reduce the largest and average EC sizes and has strong performance.

SGAxe: How SGX Fails in Practice

It is shown how CacheOut can be leveraged to compromise the confidentiality and the integrity of a victim enclave’s long-term storage and the impact of the attack on two proposed SGX applications, the Signal communication app and Town Crier, an SGX-based blockchain application.