| dc.description.abstract | Security continues to be an important topic as more businesses and individuals entrust software with sensitive information. One of the most important areas for security is that of the operating system and hardware of any computer – the most fundamental levels of any computer. Using Intel Software Guard Extensions (SGX), we set out to develop Nested Trusted Execution Environment Library Operating System (NesTEE LibOS), a prototype to build upon preexisting SGX features. This paper overviews the NesTEE LibOS prototype, documenting performance, features, and feasibility of the proposed system. Currently, SGX does to secure enclave contents through privilege separation design. NesTEE LibOS modifies SGX by adding additional trust levels and a refined control flow of data moving in and out of the enclave. Designing NesTEE LibOS with more security subdomains is a crucial step towards expanding hardware security capabilities. The subdomain model is as follows. For an application to interact with the enclave, the program must interact first interact with NesTEE LibOS entry code. The entry code separates NesTEE LibOS from the internal SGX application, managing page protections and creating a separate stack before execution can be handed over to NesTEE LibOS. From this domain, the software can securely perform SGX functions and interact with the outer kernel. After NesTEE LibOS Execution is complete, control is transferred back to the internal application through the NesTEE LibOS exit code. This portion of code changes page permissions, making NesTEE LibOS memory pages inaccessible. By doing so, NesTEE LibOS is protected from tampering. This module relies on three levels of trust. The highest trusted level is that of NesTEE LibOS, followed by the application and kernel. Following with design choices made by SGX, the outer kernel and internal application is least trusted due to the possibility of corruption. Measuring performance on the SGX versions of mprotect reveal the initialization cost for NesTEE LibOS as being very light. Contrarily, evaluations performed show NesTEE LibOS, though secure, can be relatively expensive in terms of execution time to accomplish common tasks when compared to a standard SGX architecture. Future work will certainly focus on improving the overhead costs to take advantage of NesTEE LibOS. | |
