Automatic Enforcement of Expressive Security Policies using Enclaves

DSpace/Manakin Repository

Automatic Enforcement of Expressive Security Policies using Enclaves

Citable link to this page

 

 
Title: Automatic Enforcement of Expressive Security Policies using Enclaves
Author: Gollamudi, Anitha; Chong, Stephen N

Note: Order does not necessarily reflect citation order of authors.

Citation: Gollamudi, Anitha and Stephen Chong. 2016. Automatic Enforcement of Expressive Security Policies using Enclaves. Harvard Computer Science Group Technical Report TR-02-16.
Full Text & Related Files:
Abstract: Hardware-based enclave protection mechanisms, such as Intel’s SGX, ARM’s TrustZone, and Apple’s Secure Enclave, can protect code and data from powerful low-level attackers. In this work, we use enclaves to enforce strong applicationspecific information security policies. We present IMPE, a novel calculus that captures the essence of SGX-like enclave mechanisms, and show that a security-type system for IMPE can enforce expressive confidentiality policies (including erasure policies and delimited release policies) against powerful low-level attackers, including attackers that can arbitrarily corrupt non-enclave code, and, under some circumstances, corrupt enclave code. We present a translation from an expressive securitytyped calculus (that is not aware of enclaves) to IMPE. The translation automatically places code and data into enclaves to enforce the security policies of the source program.
Other Sources: http://people.seas.harvard.edu/~chong/pubs/oopsla16-auto-enclave.pdf
Terms of Use: This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at http://nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of-use#LAA
Citable link to this page: http://nrs.harvard.edu/urn-3:HUL.InstRepos:30168300
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)

 
 

Search DASH


Advanced Search
 
 

Submitters