Cloosters, Tobias ; Surminski, Sebastian ; Sangel, Gerrit ; Davi, Lucas (2022)
Salsa: SGX Attestation for Live Streaming Applications.
2022 IEEE Secure Development Conference. Atlanta, USA (18.10.2022-20.10.2022)
doi: 10.1109/SecDev53368.2022.00019
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Intel SGX is a hardware-based security feature that allows executing software in enclaves that are strongly isolated from the operating system and applications. Even if an attacker gains full control over the system, it is not possible to inspect these enclaves. This makes SGX enclaves an adequate solution for storing and processing highly sensitive data, such as encryption keys. However, recent research demonstrates that enclaves are still highly vulnerable to standard software exploitation attacks. While SGX features static attestation, i.e., allowing validation of the integrity of the program code and data in the enclave, static attestation cannot cope with run-time attacks such as return-oriented programming. We present Salsa, the first solution to allow control-flow attestation of SGX enclaves. To show its applicability, we leverage Salsa to implement a video streaming service that uses an SGX enclave to decode the video stream. When a compromise of the SGX enclave is detected, the streaming of the video stops instantly. In the evaluation, we demonstrate that the performance of this setup is sufficiently efficient to attest a live video streaming service.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2022 |
| Autor(en): | Cloosters, Tobias ; Surminski, Sebastian ; Sangel, Gerrit ; Davi, Lucas |
| Art des Eintrags: | Bibliographie |
| Titel: | Salsa: SGX Attestation for Live Streaming Applications |
| Sprache: | Englisch |
| Publikationsjahr: | 14 Dezember 2022 |
| Verlag: | IEEE |
| Buchtitel: | Proceedings: 2022 IEEE Secure Development Conference |
| Veranstaltungstitel: | 2022 IEEE Secure Development Conference |
| Veranstaltungsort: | Atlanta, USA |
| Veranstaltungsdatum: | 18.10.2022-20.10.2022 |
| DOI: | 10.1109/SecDev53368.2022.00019 |
| URL / URN: | https://ieeexplore.ieee.org/document/9973040 |
| Kurzbeschreibung (Abstract): | Intel SGX is a hardware-based security feature that allows executing software in enclaves that are strongly isolated from the operating system and applications. Even if an attacker gains full control over the system, it is not possible to inspect these enclaves. This makes SGX enclaves an adequate solution for storing and processing highly sensitive data, such as encryption keys. However, recent research demonstrates that enclaves are still highly vulnerable to standard software exploitation attacks. While SGX features static attestation, i.e., allowing validation of the integrity of the program code and data in the enclave, static attestation cannot cope with run-time attacks such as return-oriented programming. We present Salsa, the first solution to allow control-flow attestation of SGX enclaves. To show its applicability, we leverage Salsa to implement a video streaming service that uses an SGX enclave to decode the video stream. When a compromise of the SGX enclave is detected, the streaming of the video stops instantly. In the evaluation, we demonstrate that the performance of this setup is sufficiently efficient to attest a live video streaming service. |
| Freie Schlagworte: | Solutions, S2, Control-Flow Attestation, Trusted Execution, SGX |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 28 Mär 2023 14:00 |
| Letzte Änderung: | 28 Mär 2023 14:00 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum