Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia
Citation
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. "A Formal Foundation for Secure Remote Execution of Enclaves". Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2435-2450, October, 2017.
Abstract
Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, offer compelling security features but lack formal guarantees. We introduce a verification methodology based on a trusted abstract platform (TAP), a formalization of idealized enclave platforms along with a parameterized adversary. We also formalize the notion of secure remote execution and present machine-checked proofs showing that the TAP satisfies the three key security properties that entail secure remote execution: integrity, confidentiality and secure measurement. We then present machine-checked proofs showing that SGX and Sanctum are refinements of the TAP under certain parameterizations of the adversary, demonstrating that these systems implement secure enclaves for the stated adversary models.
Electronic downloads
Internal. This publication has been marked by the author for TerraSwarm-only distribution, so electronic downloads are not available without logging in.
| Citation formats |
- HTML
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. <a href="http://www.terraswarm.org/pubs/1021.html" >A Formal Foundation for Secure Remote Execution of Enclaves</a>, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2435-2450, October, 2017.
- Plain text
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. "A Formal Foundation for Secure Remote Execution of Enclaves". Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2435-2450, October, 2017.
- BibTeX
@inproceedings{SubramanyanSinhaLebedevDevadasSeshia17_FormalFoundationForSecureRemoteExecutionOfEnclaves, author = {Pramod Subramanyan and Rohit Sinha and Ilia Lebedev and Srinivas Devadas and Sanjit Seshia}, title = {A Formal Foundation for Secure Remote Execution of Enclaves}, booktitle = { Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security}, organization = {ACM}, pages = {2435-2450}, month = {October}, year = {2017}, abstract = {Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, offer compelling security features but lack formal guarantees. We introduce a verification methodology based on a trusted abstract platform (TAP), a formalization of idealized enclave platforms along with a parameterized adversary. We also formalize the notion of secure remote execution and present machine-checked proofs showing that the TAP satisfies the three key security properties that entail secure remote execution: integrity, confidentiality and secure measurement. We then present machine-checked proofs showing that SGX and Sanctum are refinements of the TAP under certain parameterizations of the adversary, demonstrating that these systems implement secure enclaves for the stated adversary models. }, URL = {http://terraswarm.org/pubs/1021.html} }
Posted by Pramod Subramanyan on 14 Nov 2017.
Groups: tools
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.