Efficient Enclave Communication Through Shared Memory a Case Study of Intel SGX Enabled Open Vswitch

Efficient Enclave Communication Through Shared Memory a Case Study of Intel SGX Enabled Open Vswitch

DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2019 Efficient Enclave Communication through Shared Memory A case study of Intel SGX enabled Open vSwitch JAKOB SVENNINGSSON KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE i Efficient Enclave Communication through Shared Memory A case study of Intel SGX enabled Open vSwitch JAKOB SVENNINGSSON [email protected] Master in Computer Science Date: December 12, 2019 Supervisor: Nicolae Paladi/Panos Papadimitratos Examiner: Mathias Ekstedt School of Electrical Engineering and Computer Science Host company: RISE Swedish title: Effektiv kommunikation genom delat minne - en fallstudie av Open vSwitch med SGX-stöd iii Abstract Open vSwitch is a virtual network switch commonly used to forward net- work packages between virtual machines. The switch routes network pack- ets based on a set of flow rules stored in its flow tables. Open vSwitch does not provide confidentiality or integrity protection of its flow tables; there- fore, an attacker can exploit software vulnerabilities in Open vSwitch to gain access to the host machine and observe or modify installed flow rules. Medina [1] brought integrity and confidentially guarantees to the flow ta- bles of Open vSwitch, even in the presence of untrusted privileged soft- ware, by confining them inside of an Intel SGX enclave. However, using an enclave to protect the flow tables has significantly reduced the perfor- mance of Open vSwitch. This thesis investigates how and to what extent the performance overhead introduced by Intel SGX in Open vSwitch can be reduced. The method consisted of the development of a general-purpose communi- cation library for Intel SGX enclaves, and two optimized SGX enabled Open vSwitch prototypes. The library enables efficient communication between the enclave and the untrusted application through shared memory-based techniques. Integrating the communication library in Open vSwitch, com- bined with other optimization techniques, resulted in two optimized pro- totypes that were evaluated on a set of common Open vSwitch use cases. The results of this thesis show that it is possible to reduce the overhead in- troduced by Intel SGX in Open vSwitch with several orders of magnitude, depending on the use case and optimization technique, without compro- mising its security guarantees. iv Sammanfattning Open vSwitch är en virtuell nätverksswitch som vanligtvis används för att vidarebefordra datatrafik mellan virtuella maskiner. Switchen vidarebeford- rar datatrafik baserat på en uppsättning flödesregler lagrade i dess flödesta- beller. Open vSwitch garanterar inte flödestabellernas integritet eller kon- fidentialitet, därför är det möjligt för en angripare att utnyttja sårbarheter i Open vSwitch för att få tillgång till värdmaskinen och observera eller modi- fiera flödesregler. En tidigare studie gav integritets- och konfidentialitetsgarantier till flödes- tabellerna i Open vSwitch, även i närvaro av opålitlig och privilegierad mjuk- vara, genom att placera flödestabellerna inuti en Intel SGX-enklav [1]. An- vändandet av en enklav för att skydda flödestabellerna medför emellertid en signifikant försämring av Open vSwitch’s prestanda. Detta examensar- bete undersöker hur och i vilken utsträckning prestandaförsämringen med- förd av Intel SGX kan minimeras i Open vSwitch. Examensarbetets metod bestod av utveckling av ett kommunikationsbib- liotek för Intel SGX-enklaver och två optimerade Open vSwitch-prototyper med SGX-stöd. Det utvecklade biblioteket möjliggör effektiv kommunika- tion mellan en enklav och den opålitliga applikationen genom kommu- nikationstekniker baserade på delat minne. Kombinering av kommunika- tionsbibliotekets olika optimeringsfunktioner med andra optimeringstek- niker resulterade i två optimerade Open vSwitch-prototyper med SGX-stöd som utvärderades på en uppsättning användningsfall. Resultaten av detta examensarbete visar att det är möjligt att minska pre- standaförsämringen genererat av Intel SGX i Open vSwitch med flera mag- nituder, beroende på användningsfall och optimeringsteknik, utan att kom- promissa med dess säkerhetsgarantier. Contents 1 Introduction 1 1.1 Research Question . .2 1.2 Scope . .2 1.3 Disposition . .3 2 Background 4 2.1 Trusted Execution Environment . .4 2.2 Intel Software Guard Extensions . .5 2.2.1 Enclave Entry and Exit . .6 2.2.2 Attestation . .7 2.3 Inter Process Communication (IPC) with Shared Memory . .9 2.4 Memoization . 10 2.5 Software Defined Networking . 10 2.6 Virtual Switch . 11 2.7 Open vSwitch . 12 2.8 Previous Work . 13 3 Methodology 16 3.1 Prestudy ................................ 16 3.2 Design . 17 3.3 Implementation . 18 3.4 Evaluation . 18 3.4.1 Measuring Methodology . 19 3.4.2 Experimental Settings . 19 3.5 Benchmarks . 20 3.5.1 HotCall Bundler . 20 3.5.2 Open vSwitch . 21 4 SGX Performance Analysis in Open vSwitch 22 v vi CONTENTS 4.1 Use Cases . 22 4.2 Overhead Generated by Enclave Transitions . 23 4.2.1 Estimating the Cost of Enclave Transitions . 23 4.2.2 The Cost of a Single Enclave Transition . 24 4.2.3 Estimate of Total Enclave Transition Overhead . 25 4.3 Open vSwitch Enclave Access Pattern . 26 5 HotCall Bundler Library 27 5.1 Functional Requirements . 28 5.2 Architecture . 28 5.3 Switchless Enclave Function Calls . 29 5.3.1 Translation Functions . 31 5.4 Execution Graphs . 32 5.4.1 Iterator . 34 5.4.2 If . 34 5.4.3 For . 35 5.4.4 While . 35 5.4.5 Construction of Execution Graphs . 36 5.5 Enclave Function Memoization . 36 5.5.1 Limitations . 38 5.6 Library API . 39 5.7 Integration in Intel SGX Application . 39 6 Open vSwitch Prototypes 42 6.1 Modifications of OFTinSGX . 42 6.1.1 Prototype Bundle & Refactored . 43 6.1.2 Prototype Bundle . 44 6.1.3 Prototype Refactor . 44 6.2 Modifications of Open vSwitch . 46 6.2.1 Prototype Bundle & Refactor . 47 6.2.2 Prototype Bundle . 47 6.2.3 Prototype Refactor . 48 7 Results 50 7.1 HotCall Bundler Library . 50 7.1.1 Enclave Transition Time . 50 7.1.2 Execution Graphs . 51 7.1.3 Enclave Function Memoization . 54 7.2 Open vSwitch Prototypes . 55 7.2.1 Add Flow Rule . 56 CONTENTS vii 7.2.2 Delete Flow Rule . 56 7.2.3 Modify Flow Rule . 58 7.2.4 Evict Flow Rule . 59 8 Discussion 61 8.1 Evaluation of HotCall Bundler . 61 8.1.1 Enclave Transition Time . 61 8.1.2 Execution Graphs . 62 8.1.3 Enclave Function Memoization . 64 8.2 Evaluation of Open vSwitch Prototypes . 65 8.3 Security Analysis . 67 8.4 Trusted Computing Base . 69 8.5 Method Critique and Possible Improvements . 70 9 Conclusions 71 Bibliography 73 A Estimating ECall Overhead 78 B HotCall Bundler User API 80 B.1 Calling a Switchless Enclave Function . 80 B.2 Merging Enclave Functions with Execution Graphs . 80 B.3 For Loop . 81 B.4 For Each . 81 B.5 Map................................... 82 B.6 If..................................... 83 B.7 While Loop . 83 B.8 Enclave Function Memoization . 84 C Results of Open vSwitch Prototypes 86 List of Acronyms SDN Software Defined Networking TEE Trusted Execution Environment OVS Open vSwitch SGX Software Guard Extension FIFO First-In-First-Out LRU Least Recently Used CDF Cumulative Distribution Function API Application Programming Interface EPC Enclave Page Cache PRM Processor Reserved Memory NIC Network Interface Card VNIC Virtual Network Interface Card OVSDB Open vSwitch Database SDK Software Development Kit RDTSCP Read Time Stamp Counter Instruction LLC Last Level Cache DRAM Dynamic Random-Access Memory L2 Level 2 viii Chapter 1 Introduction Software applications today often handle confidential and integrity sensi- tive data [2]. Deploying applications to public cloud platforms are increas- ing in popularity, which has raised concerns about the confidentiality and integrity of sensitive data stored on these platforms [3]. Hardware-based trusted execution environments (TEE), such as Intel SGX [4], provide in- tegrity and confidentiality guarantees to user data even in the presence of untrusted privileged software [5]. Intel SGX enables the deployment of ap- plications handling sensitive data with increased confidence on cloud plat- forms where the host machine or other tenants are potentially malicious [6]. Open vSwitch is a virtual network switch that is purpose-built for virtual- ized environments. Virtual switches are commonly used to forward net- work packets between virtual machines and are a critical piece in cloud platform infrastructure since it provides network isolation among tenants’ virtual machines [7]. Open vSwitch does not provide confidentiality or in- tegrity protection of its flow tables; therefore, an attacker can exploit soft- ware vulnerabilities in Open vSwitch to gain access to the host machine and its memory [8]. Access to host memory allows for an attacker to ob- serve or modify installed flow rules, which are security-sensitive assets of Open vSwitch. Observing the flow rules of Open vSwitch allows for an at- tacker to learn about the network topology, and the ability to modify flow rules enables an attacker to reroute traffic, which can be used to avoid a firewall or intrusion detection system [9]. Medina [1] presented a security-enhanced Open vSwitch where its flow ta- 1 2 CHAPTER 1. INTRODUCTION bles are confined within an Intel SGX enclave; however, the security guar- antees provided by Intel SGX do not come for free [10]. The performance overhead associated with Intel SGX is well documented [11]. Open vSwitch with Intel SGX support is significantly slower compared to its non-SGX coun- terpart and is hence less likely to be adopted in a production environment. The aim of this thesis is to investigate how and to what extent the perfor- mance overhead in SGX enabled Open vSwitch can be reduced while still maintaining the security properties provided by Intel SGX. 1.1 Research Question The main goal of this thesis is to optimize the performance of SGX enabled Open vSwitch without compromising the provided security guarantees.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    99 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us