From April 8th to 9th, 2023, "InForSec", Sfakis Institute of Trusted and Autonomous Systems of Southern University of Science and Technology, Institute of Network Science and Cyberspace of Tsinghua University, System Software and Security Laboratory of School of Software, Fudan University, National Key Laboratory of Processor Chips, Institute of Computing Technology, Chinese Academy of Sciences, Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, National Center for Computer Network Intrusion Prevention, University of Chinese Academy of Sciences, NESA Lab of Zhejiang University, School of Cyberspace Security of Shandong University, Baidu Security, Qi Anxin Group, Ant Group, Ali Security and other units jointly sponsored " InForSec 2023 Cyberspace Security International Academic Research Achievement Sharing and Young Scholars Forum” was successfully held at Southern University of Science and Technology. More than 230 people from 66 universities and research institutes including Tsinghua University, Fudan University, Zhejiang University, Beijing University of Posts and Telecommunications, and University of Chinese Academy of Sciences attended the meeting, and more than 900 people participated in the forum through the video conference system and live broadcast system.
We will review the content of the wonderful report of the conference. This article shares the report of Professor Zhang Yinqian from Southern University of Science and Technology - "Building a Secure Base for Confidential Computing".
Professor Zhang Yinqian, as the director of the Information Security Research Center of Sifakis Institute of Trusted Autonomous Systems, Southern University of Science and Technology, has conducted in-depth research in the fields of architecture security, system and software security, confidential computing, cloud computing, blockchain, Internet of Things/mobile terminals, etc. Professor Zhang first introduced his main research directions and research results over the years, and the main content of this report is Professor Zhang's series of research results in the field of confidential computing in recent years-"Building a secure foundation for confidential computing".
Focusing on confidential computing, Professor Zhang first introduced what is confidential computing and why confidential computing should be studied. Trusted Execution Environment (TEE) is a security isolation mechanism supported by CPU hardware proposed in recent years. It can isolate the computing environment and encrypt memory and external storage on a general-purpose CPU through software and hardware collaboration to prevent malicious system software from reading and tampering with confidential data. Its security principles include: logical isolation, memory encryption, remote authentication and encrypted storage. Confidential computing is a computing method that uses TEE to protect data in computing. It uses the encrypted and isolated execution environment provided by TEE to protect data in computing and prevent malicious software from illegally accessing and tampering with data in computing, enabling computing service providers to manage confidential data in a more secure and credible manner.
After understanding the research background and research significance of confidential computing, Professor Zhang introduced the common applications of confidential computing, and summarized the security base of confidential computing into a four-layer security architecture, which is respectively from bottom to top: micro-architecture security, architecture security, system software security, and application protocol security. Subsequently, Professor Zhang introduced the content of the above-mentioned four-layer security base and introduced the progress of related research in turn.
First of all, at the level of micro-architecture security, Professor Zhang introduced transient execution vulnerabilities and a number of fuzzing studies on transient execution vulnerabilities. Transient execution vulnerability is a security vulnerability in the design and implementation of CPU microarchitecture. In order to increase the concurrency of CPU instructions, the modern CPU micro-architecture has been deeply optimized to implement predictive execution and out-of-order execution of instructions, resulting in a difference between the logical execution order of CPU instructions and the actual execution order. This difference in program execution between the CPU architecture level and the microarchitecture level creates a transient execution vulnerability. The transient execution vulnerability allows an attacker with basic program execution rights on the CPU to execute the attack code transiently, read the memory across the security isolation boundary of the operating system, and use the cache side channel to encode the memory content and read it after the transient execution.
At this level, Professor Zhang introduced his related research on fuzz testing for transient execution vulnerabilities, mainly including:
1.SpeechMiner uses side channels to analyze the microarchitecture state of Intel commercial processors, and realizes automatic detection of transient execution vulnerabilities. (Black-box fuzzing for microarchitectural security vulnerabilities)
2. Introspecter uses RTL simulation execution and fuzz testing to discover transient execution vulnerabilities in RISC-V BOOM processors. (White-box fuzzing for microarchitectural security vulnerabilities)
3. TEESec uses RTL simulation execution and fuzz testing to automatically discover microarchitecture vulnerabilities of Keystone and Penglai trusted execution environments based on BOOM and Xiangshan processors.
Secondly, at the level of architectural security, Professor Zhang introduced a series of architectural security issues of the AMD SEV trusted execution environment and various targeted solutions proposed by Professor Zhang.
Next, at the level of system software security, Professor Zhang introduced the current security risks from the aspects of side channel attacks, memory security vulnerabilities, concurrency vulnerabilities and interface vulnerabilities. First of all, in terms of side channel attacks, shared CPU microarchitecture resources can be used to build side channels, such as caches, branch prediction components, and various internal buffers. Resource sharing causes the execution time of some specific instructions to be associated with resource conflicts, allowing attackers with the authority to execute instructions on the CPU to speculate on the memory access, branch prediction, and other characteristics of TEE trusted software, and then speculate on the secret information of TEE trusted software. The side-channel vulnerability of TEE is more serious. Attackers use control system software to conduct side-channel attacks on TEE trusted software by means of exception handling, interrupt handling, and hardware error injection. The forms are more diverse and more difficult to defend.
In terms of memory security, Professor Zhang pointed out that TEE's trusted software also faces the memory security threats of traditional software. Attackers can use maliciously constructed input, use trusted software to mishandle the input, hijack the control flow of trusted software, and achieve the purpose of executing arbitrary code. The attacker can further use the ROP attack method to execute the code of TEE trusted software and bypass the DEP defense mechanism. To make matters worse, the attackers faced by the TEE have the highest authority of the system software, and can use side-channel attacks to infer the internal secrets of the TEE software, including the memory layout of the ASLR. Defense mechanisms based on randomness in memory layout, such as SGX-Shield, are difficult to achieve.
Regarding thread concurrency vulnerabilities, Professor Zhang pointed out that the thread concurrency vulnerabilities of TEE software are easier to be exploited, while the concurrency vulnerabilities of traditional multi-threaded software may cause concurrent threads to violate the atomicity of access, violate the order of access, or cause race conditions. The triggering of concurrent vulnerabilities needs to meet certain conditions, such as a relatively long concurrent attack window. In the TEE environment, since the attacker has system authority and can control thread mobilization and interrupt processing, the thread concurrency vulnerability of TEE software is easier to be exploited. In addition, Professor Zhang also introduced some related attacks in terms of interface vulnerabilities. Some TEE (such as Intel SGX) trusted software needs to communicate with external software through calling interfaces to realize system functions. For example, in SGX, the external call of TEE is called OCall, and the call from external software to the inside of TEE is called Ecall. Iago attack tampers the execution logic of TEE trusted software by modifying the return value of TEE OCall interface. The COIN attack triggers the Use-after-free vulnerability by adjusting the calling sequence of SGX Ecall. The threat level of calling interface vulnerabilities depends on the requirements of TEE software to interact with the outside world. Since most TEE software needs to access system resources through an external operating system, most TEEs face call interface vulnerabilities.
Furthermore, Professor Zhang introduced his related research work on system software security from three aspects: side channel defense, automatic vulnerability detection and trusted execution environment virtualization. In terms of side channel defense, several active defense strategies against side channel attacks are proposed. The LLVM compiler is used to automatically insert the detection logic, and the side channel attack events are dynamically monitored at runtime. In terms of automated vulnerability detection, program static analysis and dynamic analysis techniques are used to detect side channel vulnerabilities and concurrency vulnerabilities of trusted execution environment software. In the direction of feasible execution environment virtualization, a SEV-based SGX virtualization scheme is proposed, which directly runs the unmodified Intel SGX binary program on the AMD machine to achieve compatibility between AMD SEV and Intel SGX applications.
At the level of application protocol security, Professor Zhang introduced the problems of state continuation vulnerabilities and centralized remote verification protocols. The state continuation vulnerability of TEE means that the execution state of TEE can be replayed and reused, leading to rollback attacks and fork attacks. The rollback attack makes the execution state of the TEE roll back to a past state, causing the TEE trusted software to execute repeatedly from the same state; the fork attack makes the TEE execute multiple instances of the trusted software from the same state. The remote verification process of the centralized remote verification protocol is overly dependent on hardware manufacturers, and the autonomous system of confidential computing lacks a mutual verification mechanism.
In response to these problems, Professor Zhang studied the formal proof of the state continuity of TEE software; proposed a distributed confidential computing protocol, using a distributed trust model to solve the security problems faced by confidential computing; and a decentralized remote verification scheme.
Finally, Professor Zhang shared some thoughts on confidential computing security research. Microarchitecture security is a security shortcoming of confidential computing, and hardware vulnerabilities of TEE will become a normal risk in the future. Architecture security is the security foundation of confidential computing, and it is not a simple matter to design a secure trusted execution environment. System software security is the core of confidential computing, but building a secure TEE operating system and runtime still faces many challenges. Application protocol security is the future of confidential computing, and distributed confidential computing may be a viable approach. In addition, the security foundation of confidential computing can also become the security foundation of traditional computing. There are certain commonalities in the theoretical methods, and the related security tools also have certain scalability.
Speaker Profile
Zhang Yinqian, a professor at Southern University of Science and Technology, was a tenured associate professor at Ohio State University. The main research directions are computer system security, architecture security and blockchain security. In the past ten years, he has been engaged in research work in the fields of side channel security and trusted execution environment security. He has published more than 40 papers in the top international security conferences ACM CCS, IEEE S&P, Usenix Security and NDSS. He has won the National Science Foundation Young Scientist Award, the Ohio State University Lumley Research Achievement Award, the Rising Star Award issued by the North American Association of Chinese Scholars in Computing, and was nominated by AMiner as the world's most influential security and privacy scholar, and was selected as the top 2% of the world's top scientists.