SysTEX '17

Program

8:45-9:00 Welcome

9:00-10:00 Invited keynote by Mark Silberstein (Technion)

• Using in-enclave software memory translation for improved performance and security

In this talk I will discuss our recent work on the compiler and runtime framework for software memory address translation that we leverage to address some of the security and performance challenges of SGX execution. The framework enables the programmer to instrument a subset of memory pointers and override the way they access data, while providing a software infrastructure for page caching and address translation.

I will illustrate the benefits of this framework by describing our design of Secure User-managed Virtual Memory (SUVM) which provides much better memory scaling for enclaves than the original SGX paging. SUVM introduces an extra layer of virtual memory managed entirely by trusted code in a flexible application-specific manner. I will also discuss other potential use cases, such as inter-enclave shared memory, enclave migration and mitigation of controlled side channel attacks.

Mark Silberstein is an Assistant Professor at the department of Electrical Engineering, Technion - Israel Institute of Technology. Mark is working on OS abstractions and services for programmable accelerators and trusted execution environments with the goal to enhance programmability, performance and security.



10:00-10:45 Coffee break

10:45-12:00 Session 1: Tools and approaches towards more resilience

• Strongly Secure and Efficient Data Shuffle on Hardware Enclaves (pdf)
  Ju Chen, Yuzhe (Richard) Tang, and Hao Zhou (Syracuse University)
• Hardening Intel SGX Applications: Balancing Concerns (Short Paper) (pdf)
  Kobe Vrancken, Frank Piessens, and Raoul Strackx (KU Leuven)
• Cobweb: Practical Remote Attestation Using Contextual Graphs (pdf)
  Frank Wang (MIT), Yuna Joung (Harvard University) and James Mickens (Harvard University)
• Round table (15 min)

12:00-13:30 Lunch

13:30-14:45 Session 2: Attacks and detection

• SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control (Best Paper) (pdf)
  Jo Van Bulck, Frank Piessens, and Raoul Strackx (KU Leuven)
• SGX-Bomb: Locking Down the Processor via Rowhammer Attack (pdf)
  Yeongjin Jang (Oregon State University), Jaehyuk Lee (KAIST), and Sangho Lee and Taesoo Kim (Georgia Institute of Technology)
• vCFI: Visible Control Flow Integrity for Cloud Tenants (Short Paper) (pdf)
  Yuan Li (Wuhan University), Chao Zhang (Tsinghua University), and Xiapu Luo (The Hong Kong Polytechnic University)
• Round table (15 min)

14:45-15:30 Coffee break

15:30-16:45 Session 3: Applications

• Enclave-Based Privacy-Preserving Alignment of Raw Genomic Information - Information Leakage and Countermeasures (pdf)
  Marcus Völp, Jeremie Decouchant, Christoph Lambert, Maria Fernandes, and Paulo Esteves-Verissimo (SnT - University of Luxembourg)
• Challenges For Scaling Applications Across Enclaves (Short Paper) (pdf)
  Jethro G. Beekman (Fortanix) and Donald E. Porter (Fortanix and UNC Chapel Hill)
• Scaling Databases using Trusted Hardware Proxies (pdf)
  Kai Mast (Cornell University), Lequn Chen (Shanghai Jiao Tong University), and Emin Gün Sirer (Cornell University)
• Round table (15 min)

16:45-17:00 Short break

17:00-18:00 Session 4: System support

• Architectures for Enhancing Authentication Privacy and Security using Trusted Computing (pdf)
  Ranjbar A. Balisane, Ravishankar Borgaonkar, Ahmad Atamli-Reineh, and Andrew Martin (University of Oxford)
• Hypercallbacks: A New Mechanism for Trusted, Secure Introspection (Short Paper)
  Nadav Amit and Michael Wei (VMware Research)
• Round table (15 min)