2021 International Symposium on Secure and Private Execution Environment Design (SEED)

Conference Information
Name: 2021 International Symposium on Secure and Private Execution Environment Design (SEED)
Date: 2021-9-20 - 2021-9-21

Latest articles from this conference

Kunbei Cai, Hafizul Islam Chowdhuryy, Zhenkai Zhang, Fan Yao
2021 International Symposium on Secure and Private Execution Environment Design (SEED) pp 76-82; https://doi.org/10.1109/seed51797.2021.00019

Abstract:
The rapid development of deep learning has significantly bolstered the performance of natural language processing (NLP) in the form of language modeling. Recent advances in hardware security studies have demonstrated that hardware-based threats can severely jeopardize the integrity of computing systems (e.g., fault attacks for data at rest). Internal adversaries exploiting such hardware vulnerabilities are becoming a major security concern. Yet the impact of hardware faults on systems running NLP models has not been fully understood.In this paper, we perform the first investigation of hardware-based fault injections in modern neural machine translation (NMT) models. We find that compared to neural network classifiers (e.g., CNNs), fault attacks on NMT models present unique challenges. We propose a novel attack framework–NMT-Stroke–that can maliciously divert the translation of a victim NMT model by modeling memory fault injections with the rowhammer attack vector. We design a fault injection strategy to minimize bit flips needed, which would mislead the translation to an arbitrary natural output sentence. Our evaluation on state-of-the-art Transformer-based NMT models shows that NMT-Stroke can effectively induce the attacker-desired and linguistically sound translation by faulting minimal parameter bits. Our work highlights the significance of understanding the robustness of emerging NLP models with the presence of hardware vulnerabilities, which could lead to future new research directions.
Brandon D'Agostino, Omer Khan
2021 International Symposium on Secure and Private Execution Environment Design (SEED) pp 203-209; https://doi.org/10.1109/seed51797.2021.00031

Abstract:
Secure processor technologies incorporating some form of enclave-based isolation are being deployed in remote cloud computing environments. However, commercial enclave-based systems, such as Intel SGX, incur performance penalties due to architectural limitations arising from enclave interactions with the operating system (OS), encryption and attestation checks for data accesses to main memory, and limitations on the enclave memory size. Enclave software development frameworks like Graphene-SGX aim to improve these limitations with performance enhancements such as exitless calling that offset the latency of expensive enclave interactions with the OS. However, to the best of our knowledge, prior works have not presented a thorough characterization of enclave performance in the presence of increased enclave-level parallelism. In this paper, we characterize how enclave overheads trade off exploitable parallelism on an Intel SGX-enabled multicore CPU for a set of parallelized workloads. We develop a microbenchmark to study the effects of threading as a function of application characteristics, such as the intensity of memory operations and system calls to the OS. We extend our characterization to realistic parallelized enclave workloads from the database and web server domains. We find that application performance scaling with threading is tightly correlated to system call and memory-bound activities in applications. The real world applications stress these constraints, while the underlying system calling implementations deliver competing performance at different thread counts.
Scott Constable, Thomas Unterluggauer
2021 International Symposium on Secure and Private Execution Environment Design (SEED) pp 14-21; https://doi.org/10.1109/seed51797.2021.00012

Abstract:
Consider a set-associative cache with p n sets and p n ways where p is prime and n > 0. Furthermore, assume that the cache may be shared among p n mutually distrusting principals that may use the Prime+Probe side-channel attack against one another; architecturally, these principals occupy separate security domains (for example, separate processes, virtual machines, sandboxes, etc.). This paper shows that there exists a linear skewing of cache sets over the Galois field G p n that exhibits the following property: each cache set of each security domain intersects every cache set of every other security domain exactly once. Therefore, a random eviction from a single cache set in security domain A may be observed via Prime+Probe in any of security domain B’s cache sets. This paper characterizes this linear skewing and describes how it can be implemented efficiently in hardware.
Hosein Mohammadi Makrani, Hossein Sayadi, Najmeh Nazari, Khaled N. Khasawneh, Avesta Sasan, Setareh Rafatirad, Houman Homayoun
2021 International Symposium on Secure and Private Execution Environment Design (SEED) pp 1-13; https://doi.org/10.1109/seed51797.2021.00011

Abstract:
The heterogeneity of resources and the diversity of applications on the cloud motivated the need for resource provisioning systems (RPSs) to meet the users’ performance requirements while maximizing the resource utilization to achieve cost-efficiency. On the other hand, resource sharing-based attacks, such as side-channel, transient execution, rowhammer, and denial of service attacks, exploit shared resources to leak sensitive data or hurt the performance of a victim. Although mounting resource sharing-based attacks on the cloud is trivial once the attacker virtual machine (VM) is co-located with the victim VM, the co-location requirement with the victim limit the practicality of resource sharing-based attacks on the cloud. In this paper, we show that RPSs can be exploited to solve the co-location challenge of resource sharing-based attacks in the cloud. In particular, we propose a new attack, called Cloak & Co-locate, which utilize adversarial evasion attacks to force RPSs to co-locate attackers’ VMs with targeted victims’ VMs. Specifically, Cloak is a fake trace generator (FTG) that is wrapped around an adversary kernel in order to force RPSs to Co-locate it with a specific victim’s VM, while also evading from detection and migration by the RPS.
Gururaj Saileshwar, Sanjay Kariyappa, Moinuddin Qureshi
2021 International Symposium on Secure and Private Execution Environment Design (SEED) pp 37-49; https://doi.org/10.1109/seed51797.2021.00015

Abstract:
Cache partitioning is a principled defense against side-channel attacks on shared last-level caches (LLCs). Such defenses allocate isolated cache regions to distrusting applications and prevent a spy from monitoring the cache accesses of a victim. But current solutions have severe practical limitations. Way-partitioning is not scalable as the number of partitions is limited by cache associativity and page-coloring is inflexible as it requires coupled DRAM and LLC allocations in the same ratio. For cache partitioning to be practical, we need a scheme that can scale to a large number of fine-grained partitions and places no restrictions on DRAM allocations.This paper proposes Bespoke Cache Enclaves (BCE), a secure cache partitioning substrate that is scalable in supporting hundreds of isolated cache partitions and is flexible in allocating cache space independent of memory allocations. BCE allocates cache space at the granularity of a cluster, a group of a few sets (e.g., 64 KB in size). The key insight of BCE is a configurable cache indexing function (determining the line to set mapping) that guides cache lines of a domain to only the allocated cache sets, enabling flexible set-partitioning independent of memory allocations. BCE achieves this by modifying the cache indexing hardware to include a Cluster-Indirection Module (CIM), which maps logical-to-physical clusters of a domain and a Load-Balancing Hash (LBH), which uniformly distributes lines of a domain among its clusters. Our implementation of BCE with a 32MB 16-way LLC scalably supports up to 512 isolated partitions while incurring negligible storage overheads (<2%) and slowdown (1% on average) compared to a non-secure unpartitioned LLC.
Michael Eckel, Don Kuzhiyelil, Christoph Kraus, Maria Zhdanova, Stefan Katzenbeisser, Jasmin Cosic, Matthias Drodt, Jean-Jacques Pitrolle
2021 International Symposium on Secure and Private Execution Environment Design (SEED) pp 215-226; https://doi.org/10.1109/seed51797.2021.00033

Abstract:
The digitalization of safety-critical railroad infrastructure enables new types of attacks. This increases the need to integrate Information Technology (IT) security measures into railroad systems. For that purpose, we rely on a security architecture for a railway object controller which controls field elements that we developed in previous work. Our architecture enables the integration of security mechanisms into a safety-certified railway system. In this paper, we demonstrate the practical feasibility of our architecture by using a Trusted Platform Module (TPM) 2.0 and a Multiple Independent Levels of Safety and Security (MILS) Separation Kernel (SK) for our implementation. Our evaluation includes a test bed and shows how certification and homologation can be achieved.
Back to Top Top