DOVE: A Data-Oblivious Virtual Environment
release_zuw4thcyjnbrxnqzv5plsprdlu
by
Hyun Bin Lee
2021
Abstract
Users can improve the security of remote communications by using Trusted
Execution Environments (TEEs) to protect against direct introspection and
tampering of sensitive data. This can even be done with applications coded in
high-level languages with complex programming stacks such as R, Python, and
Ruby. However, this creates a trade-off between programming convenience versus
the risk of attacks using microarchitectural side channels.
In this paper, we argue that it is possible to address this problem for
important applications by instrumenting a complex programming environment (like
R) to produce a Data-Oblivious Transcript (DOT) that is explicitly designed to
support computation that excludes side channels. Such a transcript is then
evaluated on a Trusted Execution Environment (TEE) containing the sensitive
data using a small trusted computing base called the Data-Oblivious Virtual
Environment (DOVE).
To motivate the problem, we demonstrate a number of subtle side-channel
vulnerabilities in the R language. We then provide an illustrative design and
implementation of DOVE for R, creating the first side-channel resistant R
programming stack. We demonstrate that the two-phase architecture provided by
DOT generation and DOVE evaluation can provide practical support for complex
programming languages with usable performance and high security assurances
against side channels.
In text/plain
format
Archived Files and Locations
application/pdf 918.8 kB
file_x7j2gxzpxvgdnausslm6oqntny
|
arxiv.org (repository) web.archive.org (webarchive) |
2102.05195v1
access all versions, variants, and formats of this works (eg, pre-prints)