Hardware-Aided Trusted Computing

Developing for the AWS Nitro Enclave Platform

A new Enclave Development Platform (EDP) Target
D.trusted-hardware
Raoul Strackx
<p>Intel, AMD, ARM, all have launched their own TEE. Amazon can be added to that list with AWS Nitro, but unlike the others it is not a hardware manufacturer. Instead, it chooses to provides its own abstractions over the platform used. This leads to some interesting characteristics. The Enclave Development Platform (EDP) is a TEE platform SDK developed by Fortanix. EDP already targeted the Intel SGX platform. Recently we also support the AWS Nitro platform. In this talk we discuss the AWS Nitro platform in detail and interesting design decisions we made for the EDP platform.</p>
In the AWS Nitro architecture, the hypervisor plays a key role. Hardware resources (processor cores and memory) are split off of a parent VM and can be repurposed to run the Nitro enclave. This enclave can be viewed as a separate VM with only processor cores and memory. A hard disk drive is not present, nor can it directly access an Ethernet network. All communication needs to take place over VSOCK to the parent VM. An attestation report can be provided by the hypervisor to ensure that the enclave has been build correctly. The Enclave Development Platform (EDP) provides a way to easily build Rust applications on top of TEEs. It should be as easy for developers to target TEEs any other modern operating system. Next to Intel SGX, the Nitro platform has been added recently. To target the Nitro platform, EDP reimplements parts of the Rust standard library. It takes care of starting a runner process in the parent VM, forwarding network packets to/from the enclave and providing attestation evidence.

Additional information

Type devroom

More sessions

2/5/22
Hardware-Aided Trusted Computing
D.trusted-hardware
<p>A brief introduction to the room and to the sessions.</p>
2/5/22
Hardware-Aided Trusted Computing
Shunda Zhang
D.trusted-hardware
<p>Intel SGX provided a mechanism to better isolate user-level software from attackers. However, attackers will still use various methods to attack SGX and user’s Enclaves. And user’s code inside Enclave may also have bugs, which can be leveraged by the attackers. We are from intel SGX SDK team, we have conducted security analysis and pen-test for SGX Enclave (based on SGX SDK) during the past 10+ years. We want to summarize some past exploits we encountered in our daily work and what's the ...
2/5/22
Hardware-Aided Trusted Computing
Dmitrii Kuvaiskii
D.trusted-hardware
<p>Gramine (formerly called "Graphene") is a lightweight library OS, designed to run a single Linux application in an isolated environment. Currently, Gramine runs on Linux and Intel SGX enclaves on Linux platforms. With Intel SGX support, Gramine can secure a critical application in a hardware-encrypted memory region and protect the application from a malicious system stack with minimal porting effort ("lift and shift" approach).</p> <p>Several major events happened to the Gramine project in ...
2/5/22
Hardware-Aided Trusted Computing
Nick Vidal
D.trusted-hardware
<p>The Enarx project reached a huge milestone: its first official release, featuring WebAssembly runtime. WebAssembly and Confidential Computing are a great match because WebAssembly offers developers a wide range of language choices, it works across silicon architectures, and it provides a sandboxed environment. This presentation will highlight the benefits of WebAssembly to Confidential Computing and showcase some demos.</p>
2/5/22
Hardware-Aided Trusted Computing
Fritz Alder
D.trusted-hardware
<p>Short break.</p>
2/5/22
Hardware-Aided Trusted Computing
Guilhem Bryant
D.trusted-hardware
<p>Veracruz is a framework for designing and deploying privacy-preserving computations amongst a group of mutually mistrusting individuals. Veracruz uses strong isolation technologies, such as AWS Nitro Enclaves, Arm CCA Realms, and the high-assurance seL4 hypervisor, to provide a safe, neutral ground, within which a sandboxed WebAssembly program executes. Recent enhancements to Veracruz have made it possible to support larger, more complex privacy-preserving computations: we have adopted the ...
2/5/22
Hardware-Aided Trusted Computing
D.trusted-hardware
<p>The confidentiality and integrity guarantees offered by Intel SGX enclaves can be easily thwarted if the enclave has not been properly designed. Its interface with the untrusted software stack is a perhaps the largest attack surface that adversaries can exploit; unintended interactions with untrusted code can expose the enclave to memory corruption attacks, for instance.</p> <p>We have proposed a notion, called orderliness, that embodies good practice set out by academic papers and the ...