Cryptology ePrint Archive: Report 2019/001

Sanctorum: A lightweight security monitor for secure enclaves

Ilia Lebedev and Kyle Hogan and Jules Drean and David Kohlbrenner and Dayeol Lee and Krste Asanović and Dawn Song and Srinivas Devadas

Abstract: Enclaves have emerged as a particularly compelling primitive to implement trusted execution environments: strongly isolated sensitive user-mode processes in a largely untrusted software environment. While the threat models employed by various enclave systems differ, the high-level guarantees they offer are essentially the same: attestation of an enclaveís initial state, as well as a guarantee of enclave integrity and privacy in the presence of an adversary.

This work describes Sanctorum, a small trusted code base (TCB), consisting of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intelís SGX. While enclaves may be implemented via unconditionally trusted hardware and microcode, as it is the case in SGX, we employ a smaller TCB principally consisting of authenticated, privileged software, which may be replaced or patched as needed. Sanctorum implements a formally verified specification for generic enclaves on an in-order multiprocessor system meeting baseline security requirements, e.g., the MIT Sanctum processor and the Keystone enclave framework. Sanctorum requires trustworthy hardware including a random number generator, a private cryptographic key pair derived via a secure bootstrapping protocol, and a robust isolation primitive to safeguard sensitive information. Sanctorumís threat model is informed by the threat model of the isolation primitive, and is suitable for adding enclaves to a variety of processor systems.

Category / Keywords: implementation / trusted execution, enclave, secure processor

Original Publication (in the same form): Design, Automation and Test in Europe 2019

Date: received 15 Dec 2018

Contact author: ilebedev at mit edu

Available format(s): PDF | BibTeX Citation

Version: 20190109:003210 (All versions of this report)

Short URL: ia.cr/2019/001


[ Cryptology ePrint archive ]