The Keystone project: a trusted environment for running applications based on RISC-V
A team of researchers from MIT and University of California at Berkeley with the support of Facebook, Google, Microsoft and other IT giants presented project Keystone . This is an open source component that allows you to organize a trusted execution environment ( TEE ) Based on the RISC-V architecture.
Further - about why the decision was needed and how it is arranged.
/photo Wikimedia CC
Why you need Keystone
Trusted execution environment is an isolated area (enclave) of the main processor with a set of security mechanisms. It is believed that the code and data loaded into this area are reliably protected from changes and outside interference.
The idea is that in these enclaves you can carry out operations on personal and confidential data without fear of compromising them, since access to these areas of the processor has no operating system or other applications.
The market has systems and solutions that protect data at the level of iron. However, all of them are proprietary, as they are implemented by the manufacturers of computer chips. And there is an opinion , that these technologies are not well protected (because they are not available for evaluation by independent IS experts).
For example, Intel offers an extension of architecture Software Guard Extensions (SGX), which protects data from unauthorized access and changes. This technology also uses enclaves in which the code of the user application is executed. However, more recently it became known that this system is vulnerable to attack Foreshadow ( ? CVE-2018-3615 ). Attackers can access data in the SGX enclave using the features. speculative execution of commands. .
Besides Intel, AMD offers its solutions - their names Secure Processor and SEV, and also ARM - they have TrustZone. However, to their safety for the experts IB There are also questions .
According to researchers from MIT and the University of California, the open source system, while not making the enclaves invulnerable, will still increase their security through the expertise of many community experts.
/photo Brad Holt CC
Thus, the Keystone system is an open source project based on the RISC-V architecture for building TEE. The researchers chose RISC-V, because it is less vulnerable to attacks on third-party channels , aimed at practical implementation of cryptosystems. In particular, this type of architecture is not subject to vulnerabilities like Meltdown and Specter.
Developers Keystone set the following goals :
Construct trust chain to test each component of hardware and software (this includes Secure boot systems and remote hardware reliability checks);
Isolate memory from outside interference;
Implement methods to protect against attacks on third-party channels;
Implement methods for encryption of memory and address bus.
Components of the solution
The Keystone concept is based on technologies. SGX and the enclave-platform Sanctum Processor , developed in MIT .
The latter is built using the so-called trusted the abstraction layer , or trusted abstract platform (TAP). The platform (TAP) consists of a processor with the command counter , general purpose registers , systems for virtual address translation and a set of primitives for executing code in a secure enclave.
From the SGX system Keystone "took" the engine for memory encryption (Memory Encryption Engine, MEE). The core of the solution is organized using the parameterized RISC-V processor BOOM (Berkeley Out-of-Order Machine) at SoC generator Rocket .
In general, the scheme for implementing a system with an enclave on RISC-V is as follows:
Researchers have already conducted several tests of their solution and have established , it reliably isolates the code execution environment and protects it from outside interference (at least from known attacks).
When the release
The first version is Keystone v0.1 - appears. this fall and will be performed on the FPGA. Researchers come to life, that in the future it will be able to replace SGX at implementation of block-platform platforms.
P.S. Additional materials from the First blog about the corporate IaaS:
New functionality in VMware vSphere 6.7: what you need to know
"How are things with VMware": an overview of the new solutions
How to test the disk system in the cloud
P.P.S. A couple of posts from our blog on Habr:
New process technology for the production of microcircuits is increasingly postponed - why?
How to protect data in cloud neural networks - a new encryption method is proposed.
It may be interesting