Ph.D Thesis

Ph.D StudentShwartz Ofir
SubjectThe Secure Machine: Efficient Secure Execution on
Untrusted Platforms
DepartmentDepartment of Electrical and Computer Engineering
Supervisor ASSOCIATE PROFESSOR Yitzhak Birk


Remote computing services on shared, third party platforms (e.g., virtualization and cloud services) offer advantages to organizations and individuals, putting at their disposal enormous computing resources while permitting them to pay only for the resources actually used. Unfortunately, such environments are prone to attacks by hackers, adversarial users of the systems, or even the owner of the service. Such attacks may address the operating system, hypervisor, virtual machine monitor (VMM), or even the hardware itself. It would therefore be extremely beneficial if users could ensure the security of their programs in such environments, as this would likely lead to a dramatic expansion of their use for applications ranging from research, through finance, and to medical systems. Specifically, the confidentiality of the code and data must be preserved, and tampering with those or with the sequence of execution must be detected.

Although prior works suggested various ideas and architectures, they are missing key features for becoming practical and ubiquitous:

a)      Supporting existing application binaries

b)      Providing security without significant performance, power or cost penalties.

c)      Being scalable to many compute nodes

In this work we present the Secure Machine, SeM for short, a CPU architecture extension for secure computing. SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts when required. SeM provides confidentiality and integrity for a secure program without trusting the platform software or any off-chip hardware. SeM supports existing binaries of single- and multi-threaded applications running on single- or multi-core, multi-CPU, or multi-node computing environment, and it is also extendable to accelerators (e.g., GPU, smart NICs), which allows the use of secure heterogeneous systems. The performance reduction caused by it is only few percent, most of which is due to the memory encryption layer that is commonly used in many secure architectures.

We also developed SeM-Prepare, a software tool that automatically instruments existing applications (binaries) with additional instructions so they can be securely executed on our architecture without requiring any programming efforts or the availability of the desired program’s source code.

The development of SeM included the creation of several independent and important building blocks:

To enable secure data sharing in shared memory environments, we developed Secure Distributed Shared Memory (SDSM), an efficient (time and memory) algorithm for allowing thousands of compute nodes to share data securely while running on an untrusted computing environment. SDSM shows a negligible reduction in performance, and it requires negligible and hardware resources.

We developed Distributed Memory Integrity Trees, a method for enhancing single node integrity trees for preserving the integrity of a distributed application running on an untrusted computing environment. We show that our method is applicable to existing single node integrity trees such as Merkle Tree, Bonsai Merkle Tree, and Intel’s SGX memory integrity engine.

SeM is thus an important step towards high performance, cost effective secure computing, which will allow wide usage of those for sensitive application.