The most important principle in engineering any complex system is abstraction. In software engineering this is a very widely used mechanism. Programmers think in terms of services that are provided to them from a lower layer and services that they provide to a higher layer. Take the operating system as an example. It provides an abstraction of the hardware used. A browser running on top is oblivious to whether it runs on an Intel or AMD processor. Its only concern is rendering web pages correctly. These kinds of abstractions enable us to build extraordinarily complex systems. Unfortunately, imperfections in these abstractions often result in security vulnerabilities. A problem in a lower layer will impact all layers built on top. To build truly trustworthy systems, we need to be able to reason about software at its own abstraction layer without losing generality. To achieve this, a more secure architecture is needed.
Confidential Computing Platforms
Confidential computing platforms such as Intel® Software Guard Extensions (SGX) can be used to build software modules called enclaves with extraordinarily strong security properties. All attempts to access an enclave are verified directly by the hardware to guarantee isolation. There needs to be zero trust in any other software component of the platform. Only the processor and the developer of the enclave need to be trusted.
Enclaves operate at software layers above the operating system. This means they can use services provided by the operating system, but they should not trust them. For example, if an enclave wishes to connect to a network service it can do so, however, it is up to the enclave developer to ensure that network packets are properly protected (e.g., by setting up a TLS connection) when passed to/received from operating system services. SGX’s isolation guarantees reduce the power of an in-kernel attacker to that of an attacker at the network level. Packages can be rearranged, duplicated, or dropped, but their contents will remain confidential and integrity protected.
Enclave Development Platform
Intel® SGX enables us to redefine the hierarchical trust model in typical software architecture to a zero trust model. To achieve this, SGX enclaves must be written meticulously. Fortanix developed the Enclave Development Platform (EDP) specifically for this purpose. EDP enables software engineers to build trustworthy enclaves by taking care of three requirements:
- a secure development environment,
- a secure API that software engineers can program against, and
- proper state sanitization upon entry and exit of enclaves.
EDP enables software engineers to write enclaves in Rust. This modern type and memory-safe language prevents many of the security issues that software written in languages such as C/C++ faces. Issues like buffer overflows, use after free, and race conditions, are caught at compile-time, avoiding memory and performance costs of garbage collectors used by other languages such as Go, C#, and Java. Rust also supports high-level programming constructs that can significantly simplify source code, reduce complexity and minimize chances of logical errors.
Intel® SGX enforces that enclaves can only be accessed through entry points specified at compile time. Once an enclave is called, the processor needs to be put in a secure state. Similarly, when execution control returns from the enclave, sensitive data needs to be completely erased from the processor state; failure to do so may leak sensitive data. EDP guarantees processor state sanitation upon enclave entry/exit. This will be detailed in a future blog post.
Finally, EDP provides a limited, secure interface to untrusted parts of the system which allow SGX enclaves to expand their limited abilities. Enclaves live in the same userspace as their surrounding operating system process. Data can be read from and written to this address space directly from the enclave. Enclave developers can use this mechanism to define their own interface with untrusted parts of the process. Passing data in or out of the enclave is security sensitive. Without proper checks, an attacker may learn sensitive information or even take control of the enclave. EDP prevents such attacks by offering a limited, properly vetted interface for communication between enclaves and the outside world.
EDP provides a thin layer of abstraction over security guarantees provided by Intel® SGX. But how can we ensure that this abstraction is complete and cannot be broken? This is the subject of an extensive line of academic research. An important theoretical construct here is full abstraction: Confidential computing platforms that provide full abstraction over assembly code, guarantee that for any remaining assembly-level attack against an enclave, there is a related attack at the source code level. In other words, fully abstract computing platforms allow us to reason about our enclaves at the source code level, without losing generality. EDP has been built on the principles learned in this academic research. In a subsequent blogpost, we will discuss our efforts to provide formal guarantees for EDP.
Systems are getting ever more complex; building layer upon layer. Every component risks introducing flaws that can cascade through entire systems and involuntarily expose data. Intel® SGX and EDP enable a new security architecture where engineers can reason about enclaves at the Rust-code level. Privileged software such as the operating system and hypervisor does not need to be trusted. Even in untrusted environments such as the cloud, unprecedented security properties can be guaranteed.
Secure compilation to modern processors, Pieter Agten, Raoul Strackx, Bart Jacobs, Frank Piessens, IEEE 25th Computer Security Foundations, 2012