Title: ICE: a passive, high-speed, state-continuity scheme
Authors: Strackx, Raoul
Jacobs, Bart
Piessens, Frank
Issue Date: Dec-2014
Publisher: ACM
Host Document: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC 2014) edition:30 pages:106-115
Conference: Annual Computer Security Applications Conference (ACSAC 2014) edition:30 location:New Orleans, Louisiana date:8-12 December 2014
Abstract: The amount of trust that can be placed in commodity computing platforms is limited by the likelihood of vulnerabilities in their huge software stacks. Protected-module architectures, such as Intel SGX, provide an interesting alternative by isolating the execution of software modules. To minimize the amount of code that provides support for the protected-module architecture, persistent storage of (confidentiality and integrity protected) states of modules can be delegated to the untrusted operating system. But precautions should be taken to ensure state continuity: an attacker should not be able to cause a module to use stale states (a so-called rollback attack), and while the system is not under attack, a module should always be able to make progress, even when the system could crash or lose power at unexpected, random points in time (i.e., the system should be crash resilient).
Providing state-continuity support is non-trivial as many algorithms are vulnerable to attack, require on-chip non-volatile memory, wear-out existing off-chip secure non-volatile memory and/or are too slow for any applications.
We present ICE, a system and algorithm providing state-continuity guarantees to protected modules. ICE’s novelty lies in the facts that (1) it does not rely on secure non-volatile storage for every state update (e.g., the slow TPM chip). (2) ICE is a passive security measure. An attacker interrupting the main power supply or any other source of power, cannot break state-continuity. (3) Benchmarks show that ICE already enables state-continuous updates almost 5x faster than writing to TPM NVRAM. With dedicated hardware, performance can be increased 2 orders of magnitude. ICE's security properties are guaranteed by means of a machine-checked proof and a prototype implementation is evaluated on commodity hardware.
ISBN: 978-1-4503-3005-3
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
strackx_ice.pdf Published 296KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.