SCONE threat model Assume a powerful and active adversary who has superuser access and also access to the physical hardware Attackers can control entire software stack Assume that container service were not designed with the above privileged attacker model in mind
SCONE, threat model • Assume a powerful and active adversary who has superuser access and also access to the physical hardware. • Attackers can control entire software stack. • Assume that container service were not designed with the above privileged attacker model in mind
SCONE. solutions Use Intel SGX to protect containers Improve performance by
SCONE, solutions • Use Intel SGX to protect containers • Improve performance by …
What system support should be placed inside a enclave Trade-offs between security and performance More system support inside enclave (better performance),but bigger tcB(less security Less system support in side enclave(worse performance),but smaller TcB (better security)
What system support should be placed inside a enclave ? • Trade-offs between security and performance: • More system support inside enclave (better performance), but bigger TCB (less security) • Less system support in side enclave (worse performance), but smaller TCB (better security)
SCONE, design trade-offs What system support should be placed inside a enclave Trade-offs between security and performance More system support inside enclave(better performance), but bigger tcB(less security) Less system support in side enclave(worse performance),but smaller TcB (better security)
SCONE, design trade-offs • What system support should be placed inside a enclave ? • Trade-offs between security and performance: • More system support inside enclave (better performance), but bigger TCB (less security) • Less system support in side enclave (worse performance), but smaller TCB (better security)
SCONE, challenge 1: interface Haven(OSDI'14): library operating Library os inside tcB system in enclave Application Code Libraries Large tcb- more vulnerable C Library Library Os Small interface(22 system calls) Shielding layer Shields protect the interface Host os
SCONE, challenge 1: interface • Haven (OSDI’14): library operating system in enclave • Large TCB → more vulnerable • Small interface (22 system calls) • Shields protect the interface