Abstract
This paper addresses the need for secure storage in virtualized services in the cloud. To this purpose, we evaluate the security properties of Intel’s Software Guard Extensions (SGX) technology, which provides hardware protection for general applications, for securing virtual Hardware Security Modules (vHSM). In order for the analysis to be comparable with analyses of physical HSMs, the evaluation proceeds from the FIPS 140–3 standard, the successor to FIPS 140–2, which is commonly used to assess security properties of HSMs.
Our contribution is twofold. First, we provide a detailed security evaluation of vHSMs using the FIPS 140–3 standard. Second, after concluding that the standard is designed for stand-alone rather than virtual systems, we propose a supplementary threat model, which considers threats from different actors separately. This model allows for different levels of trust in actors with different capabilities and can thus be used to assess which parts of FIPS 140–3 that should be considered for a specific attacker.
Using FIPS 140–3 in combination with the threat model, we find that SGX enclaves provide sufficient protection against a large part of the potential actors in the cloud. Thus, depending on the threat model, SGX can be a helpful tool for providing secure storage for virtualized services.
This work was partially supported by the Wallenberg AI, Autonomous Systems and Software Program (WASP) and the Swedish Foundation for Strategic Research, grant RIT17-0035.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
For some cache-based attacks the mitigation must be implemented in the software implementation since Intel has not considered such attacks as in-scope for SGX.
- 2.
These attacks can leak secrets from VM and SGX boundaries. What is not clear however, is whether the combination of the two technologies would be a significant hindrance for an attacker. We have elected to use the most pessimistic interpretation.
References
Arnautov, S., et al.: SCONE: secure Linux Containers with Intel SGX. In: OSDI, pp. 689–704 (2016)
Braz, F.A., Fernandez, E.B., VanHilst, M.: Eliciting security requirements through misuse activities. In: 2008 19th International Workshop on Database and Expert Systems Applications, pp. 328–333. IEEE (2008)
Callan, R., Popovic, N., Daruna, A., Pollmann, E., Zajic, A., Prvulovic, M.: Comparison of electromagnetic side-channel energy available to the attacker from different computer systems. In: IEEE International Symposium on Electromagnetic Compatibility, vol. 2015, pp. 219–223. IEEE, September 2015
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016 086, 1–118 (2016)
Genkin, D., Pipman, I., Tromer, E.: Get your hands off my laptop: physical side-channel key-extraction attacks on PCs: extended version. J. Cryptogr. Eng. 5(2), 95–112 (2015)
Huo, T., et al.: BlueThunder: a 2-level directional predictor based side-channel attack against SGX. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 321–347 (2019)
ISO/IEC 17825:2016: Information technology – security techniques – testing methods for the mitigation of non-invasive attack classes against cryptographic modules (2016)
ISO/IEC 19790:2012: Information technology – security techniques – security requirements for cryptographic modules (2012)
ISO/IEC 24759:2017: Information technology – security techniques – test requirements for cryptographic modules (2017)
Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)
Lindell, Y.: The security of intel SGX for key protection and data privacy applications. Technical report (2018). https://cdn2.hubspot.net/hubfs/1761386/Unbound_Docs_/security-of-intelsgx-key-protection-data-privacy-apps.pdf
Mokhtar, S.B., Boutet, A., Felber, P., Pasin, M., Pires, R., Schiavoni, V.: X-search: revisiting private web search using intel SGX. In: Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference, pp. 198–208 (2017)
National Institute of Standards and Technology: Fips 140–3: Security requirements for cryptographic modules (2018)
Nilsson, A., Nikbakht Bideh, P., Brorsson, J.: A survey of published attacks on intel SGX. Technical report (2020). http://lup.lub.lu.se/record/a6d6575f-ac4f-466f-8582-48e1fe48b50c
NIST: SP 800–140F(draft): CMVP approved non-invasive attack mitigation test metrics: CMVP validation authority updates to ISO/IEC 24759:2014(E) (2019)
Priebe, C., Vaswani, K., Costa, M.: EnclaveDB: a secure database using SGX. In: Proceedings - IEEE Symposium on Security and Privacy, vol. 2018, pp. 264–278, May 2018
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)
Saab, S., Rohatgi, P., Hampel, C.: Side-channel protections for cryptographic instruction set extensions. IACR Cryptology ePrint Archive 2016, 700 (2016)
Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy, vol. 2015, pp. 38–54. IEEE, July 2015
Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. (CSUR) 48(3), 1–38 (2016)
Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing your faults from telling your secrets: defenses against pigeonhole attacks. arxiv.org (2015)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)
Van Schaik, S., Minkin, M., Kwong, A., Genkin, D., Yarom, Y.: CacheOut: Leaking Data on Intel CPUs via Cache Evictions, p. 16 (2020). cacheoutattack.com
Weisse, O., et al.: Foreshadow-NG: breaking the virtual memory abstraction with transient out-of-order execution. In: Proceedings of 27th USENIX Security Symposium (2018)
Xiong, W., Lagerström, R.: Threat modeling-a systematic literature review. Comput. Secur. 84, 53–69 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Brorsson, J., Bideh, P.N., Nilsson, A., Hell, M. (2020). On the Suitability of Using SGX for Secure Key Storage in the Cloud. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2020. Lecture Notes in Computer Science(), vol 12395. Springer, Cham. https://doi.org/10.1007/978-3-030-58986-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-58986-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58985-1
Online ISBN: 978-3-030-58986-8
eBook Packages: Computer ScienceComputer Science (R0)