Trusted Enforcement of Application-specific Security Policies

TL;DR

This paper introduces AppSPEAR, a flexible application-level security enforcement architecture using hardware-based trusted execution environments, demonstrated with an electronic medical record system.

Contribution

It presents a novel architecture and C++ framework for application-specific policy enforcement that balances security rigor and implementation costs.

Findings

Hardware-based trusted execution environments provide optimal enforcement balance.

The framework allows customization for different application security needs.

Evaluation shows effective protection in an electronic medical record system.

Abstract

While there have been approaches for integrating security policies into operating systems (OSs) for more than two decades, applications often use objects of higher abstraction requiring individual security policies with application-specific semantics. Due to insufficient OS support, current approaches for enforcing application-level policies typically lead to large and complex trusted computing bases rendering tamperproofness and correctness difficult to achieve. To mitigate this problem, we propose the application-level policy enforcement architecture AppSPEAR and a C++ framework for its implementation. The configurable framework enables developers to balance enforcement rigor and costs imposed by different implementation alternatives and thus to easily tailor an AppSPEAR implementation to individual application requirements. We especially argue that hardware-based trusted execution environments offer an optimal balance between effectiveness and efficiency of policy protection and enforcement. This claim is substantiated by a practical evaluation based on an electronic medical record system.