The Secure Machine: Efficient Secure Execution On Untrusted Platforms

TL;DR

The paper introduces the Secure Machine (SeM), a CPU architecture extension that ensures secure, confidential, and integrity-preserving execution on untrusted platforms with minimal performance overhead, supporting existing applications.

Contribution

It presents SeM hardware, SeM-Prepare software tool, and SDSM algorithms, enabling secure execution and data sharing on untrusted hardware with negligible performance impact.

Findings

SeM provides confidentiality and integrity with minimal performance loss.

SDSM enables secure shared memory with negligible overhead.

Distributed Memory Integrity Trees enhance distributed application security.

Abstract

In this work we present the Secure Machine, SeM for short, a CPU architecture extension for secure computing. SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts when required. SeM provides confidentiality and integrity for a secure program without trusting the platform software or any off-chip hardware. SeM supports existing binaries of single- and multi-threaded applications running on single- or multi-core, multi-CPU. The performance reduction caused by it is only few percent, most of which is due to the memory encryption layer that is commonly used in many secure architectures. We also developed SeM-Prepare, a software tool that automatically instruments existing applications (binaries) with additional instructions so they can be securely executed on our architecture without requiring any programming efforts or the availability of the desired program`s source code. To enable secure data sharing in shared memory environments, we developed Secure Distributed Shared Memory (SDSM), an efficient (time and memory) algorithm for allowing thousands of compute nodes to share data securely while running on an untrusted computing environment. SDSM shows a negligible reduction in performance, and it requires negligible and hardware resources. We developed Distributed Memory Integrity Trees, a method for enhancing single node integrity trees for preserving the integrity of a distributed application running on an untrusted computing environment. We show that our method is applicable to existing single node integrity trees such as Merkle Tree, Bonsai Merkle Tree, and Intel`s SGX memory integrity engine. All these building blocks may be used together to form a practical secure system, and some can be used in conjunction with other secure systems.