Automatic Enforcement of Expressive Security Policies using Enclaves
MetadataShow full item record
CitationGollamudi, Anitha and Stephen Chong. 2016. Automatic Enforcement of Expressive Security Policies using Enclaves. Harvard Computer Science Group Technical Report TR-02-16.
AbstractHardware-based enclave protection mechanisms, such as Intel’s SGX, ARM’s TrustZone, and Apple’s Secure Enclave, can protect code and data from powerful low-level attackers. In this work, we use enclaves to enforce strong applicationspecific information security policies. We present IMPE, a novel calculus that captures the essence of SGX-like enclave mechanisms, and show that a security-type system for IMPE can enforce expressive confidentiality policies (including erasure policies and delimited release policies) against powerful low-level attackers, including attackers that can arbitrarily corrupt non-enclave code, and, under some circumstances, corrupt enclave code. We present a translation from an expressive securitytyped calculus (that is not aware of enclaves) to IMPE. The translation automatically places code and data into enclaves to enforce the security policies of the source program.
Citable link to this pagehttp://nrs.harvard.edu/urn-3:HUL.InstRepos:30168300
- FAS Scholarly Articles