Dynamic and Composable Enclave Measurement

Evgeny Pobachienko

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2024-102

May 14, 2024

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2024/EECS-2024-102.pdf

An enclave is an execution environment isolated from the rest of the system, including the OS, providing security and privacy guarantees. The technology is maturing and seeing more adaptation in large and security-niche products, for security and confidentiality, but is still too difficult to use for wider adoption to occur. Specifically, the trust derivation from a measurement of the loaded memory proves incompatible with the design of modern applications because applications are redeployed with different workloads, load resources gradually, can be optimized by using available dependencies, etc. This leads to workarounds, inefficiencies, and unnecessary complexity.

We introduce Dynamic and Composable Measurement -- following a design paradigm shift to the measurement securely relaying a collection of resources to be used instead of blindly capturing exact runtime state. The report takes on the abstraction of guaranteeing that only these resources can be used, independently of how and when they are delivered. This approach is especially helpful for dealing with resources that vary across instances, like dynamic libraries, inputs, and configurations; or that come from mutually distrusting providers. The measurement design is modular and implementation-agnostic, without having any side effects on trust assumptions. New use cases of enclaves become feasible thanks to new capabilities.

Advisors: Dawn Song

BibTeX citation:

@mastersthesis{Pobachienko:EECS-2024-102,
    Author= {Pobachienko, Evgeny},
    Title= {Dynamic and Composable Enclave Measurement},
    School= {EECS Department, University of California, Berkeley},
    Year= {2024},
    Month= {May},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2024/EECS-2024-102.html},
    Number= {UCB/EECS-2024-102},
    Abstract= {An enclave is an execution environment isolated from the rest of the system, including the OS, providing security and privacy guarantees. The technology is maturing and seeing more adaptation in large and security-niche products, for security and confidentiality, but is still too difficult to use for wider adoption to occur. Specifically, the trust derivation from a measurement of the loaded memory proves incompatible with the design of modern applications because applications are redeployed with different workloads, load resources gradually, can be optimized by using available dependencies, etc. This leads to workarounds, inefficiencies, and unnecessary complexity.

We introduce Dynamic and Composable Measurement -- following a design paradigm shift to the measurement securely relaying a collection of resources to be used instead of blindly capturing exact runtime state. The report takes on the abstraction of guaranteeing that only these resources can be used, independently of how and when they are delivered. This approach is especially helpful for dealing with resources that vary across instances, like dynamic libraries, inputs, and configurations; or that come from mutually distrusting providers. The measurement design is modular and implementation-agnostic, without having any side effects on trust assumptions. New use cases of enclaves become feasible thanks to new capabilities.},
}

EndNote citation:

%0 Thesis
%A Pobachienko, Evgeny 
%T Dynamic and Composable Enclave Measurement
%I EECS Department, University of California, Berkeley
%D 2024
%8 May 14
%@ UCB/EECS-2024-102
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2024/EECS-2024-102.html
%F Pobachienko:EECS-2024-102