Protect Sensitive Computing Using Program Transformation And Trusted Execution Environment

Cloud computing is a new type of service that emerges from virtualization,cluster computing,and remote computing.It allows individuals to upload data and programs to the public platforms to be stored or executed.Unfortunately,such environments are prone to attacks from hackers,adversarial environments,or even the owner of the service.In these untrusted environments,data confidentiality of the programs is not fully protected and facing a significant threat.On the other hand,in practical and industrial applications,sensitive computing sets strict requirements on protecting data confidentiality of applications.Thus,protecting the confidentiality of the data in untrusted environments has become a key problem that service providers need to solve.Therefore,the code and data of applications must be preserved and placed in a secure environment.In this context,different technologies rely on several solutions,which isolate the execution of the security-sensitive code from the rest of the application.One of these technologies is the Trusted Execution Environment(TEE),which is supported by different platforms,such as Intel's Software are Guard Extension(SGX).SGX provides a special TEE,called an enclave,which can be used to protect the integrity of the code and the confidentiality of the data.This architecture ensures that even high priority components,such as the cloud operating system(OS),hypervisor and virtual machine monitor(VM),do not have access to the security-sensitive code and data of the program.Some former works have shown that most applications can run in their entirety inside trusted areas such as SGX enclaves,which however,leads to a large trusted computing base(TCB).Researchers are proposing solutions to reduce the size of the TCB.However,the security issue rooted from a large TCB is not completely solved.Moreover,this solution is not generalized.There lacks a TEE-based solution that can protect general programs.This thesis builds on these hardware security features and targets on implementing a generic solution to protect the data and control flow confidentiality.This solution can be used on a large variety of applications implemented in different programming languages.It leverages program analysis and transformation techniques to hide the security-sensitive part of applications to a trusted area,i.e.,the enclave so that program and data confidentiality can be protected.Our contributions in this thesis can be summarized as follows.Firstly,this thesis surveyed basic and advanced knowledge of trusted execution environment technologies,covering technical and practical details of hardware mechanisms and their applications.It also covers different security principles and concepts used when describing the security of cloud computing platforms and applications.Generally,the concepts are used throughout the whole thesis when describing the security of SGX technology and its proposed applications.Through this thorough survey,we identify the problem of this dissertation and proposed the following two novel solutions.Secondly,this thesis proposed and implemented a hardware-based solution,namely CFHider,to protect control flow confidentiality in the public cloud setting.By leveraging program transformation and Intel SGX,CFHider moves branch statement conditions to an opaque and trusted memory space,i.e.,the enclave,thereby offering a guaranteed control flow confidentiality.Although the prototype system is tested on Java applications,the idea of CFHider can be directly applied to applications written in most programming languages.The results of our experimental and analysis show that CFHider can preserve the confidentiality of control flow.Also,it has a much more reduced performance overhead than existing software-based solutions(by a factor of 8.8).Thirdly,this thesis proposed a novel solution that can be used to protect the data confidentiality of Java applications.In this contribution,we used SGX technology as a trusted area to store sensitive data and execute sensitive statements.We describe our proposed solution by combining the partitioning technique,program transformation,and TEEs to protect the execution of security-sensitive data on Java applications.We analyzed three case studies,in which we partition real Java applications and employ SGX enclave to only protect the execution of sensitive statements,therefore reducing the TCB.We also showed the advantages of the proposed solution and demonstrated how the confidentiality of security-sensitive data is protected.