SecureFS: A Secure File System for Intel SGX
- 6 October 2021
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in 24th International Symposium on Research in Attacks, Intrusions and Defenses
Abstract
A trusted execution environment or a TEE facilitates the secure execution of an application on a remote untrusted server. In a TEE, the confidentiality, integrity, and freshness properties for the code and data hold throughout the execution. In a TEE setting, specifically Intel SGX, even the operating system (OS) is not trusted. This results in certain limitations of a secure application’s functionality, such as no access to the file system and network – as it requires OS support. Prior works have focused on alleviating this problem by allowing an application to access the file system securely. However, we show that they are susceptible to replay attacks, where replaying an old encrypted version of a file may remain undetected. Furthermore, they do not consider the impact of Intel SGX operations on the design of the file system. To this end, we present SecureFS, a secure, efficient, and scalable file system for Intel SGX that ensures confidentiality, integrity, and freshness of the data stored in it. SecureFS can work with unmodified binaries. SecureFS also considers the impact of Intel SGX to ensure optimal performance. We implement a prototype of SecureFS on a real Intel SGX machine. We incur a minimal overhead () over the current state-of-the-art techniques while adding freshness to the list of security guarantees.Keywords
Funding Information
- Semiconductor Research Corporation (2737.001)
This publication has 11 references indexed in Scilit:
- sgx-perfPublished by Association for Computing Machinery (ACM) ,2018
- Regaining Lost Cycles with HotCallsPublished by Association for Computing Machinery (ACM) ,2017
- Cache Attacks on Intel SGXPublished by Association for Computing Machinery (ACM) ,2017
- Preventing Page Faults from Telling Your SecretsPublished by Association for Computing Machinery (ACM) ,2016
- Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating SystemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- VC3: Trustworthy Data Analytics in the Cloud Using SGXPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Iago attacksPublished by Association for Computing Machinery (ACM) ,2013
- LigraACM SIGPLAN Notices, 2013
- LigraPublished by Association for Computing Machinery (ACM) ,2013
- Support vector machinesIEEE Intelligent Systems and their Applications, 1998