Skip to content

caihuali95/blindfold

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
app
app
 
 
arm-trusted-firmware
arm-trusted-firmware
 
 
device/rpi
device/rpi
 
 
guardian
guardian
 
 
linux
linux
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Blindfold

Overview

This repository provides a proof-of-concept implementation of Blindfold. Blindfold protects sensitive user application data from the untrusted operating system, mainly leveraging a trusted software called Guardian running at a higher privilege level.

Prerequisites

Usage

1. Preparation

  1. Install Raspberry Pi OS on the TF card with Raspberry Pi Imager.

    We tested the following steps on Raspberry Pi 4 (RPI4) using Raspberry Pi OS Lite (64-bit) released on 2024-11-19.

  2. Set up user name and password. We assume the user name is "usr" in the following steps.

    To use a different user name, please change line 29 of device/rpi/flash.sh of this repo accordingly.

  3. Install Rust.

  4. Clone this repo to local and enter the Blindfold folder.

  5. Build Blindfold and flash the TF card.

    sudo apt install make gcc flex bison gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libssl-dev -y
cd ./device/rpi
./build.sh
sudo ./flash.sh

  6. Boot up RPI4 with the TF card, connect it to ethernet, and build benchmark. Do not run this command with root privilege.

    ./run_me.sh

2. Evaluation

Evaluation on native Linux:

  1. Run LMbench and print the aggregative results. 
    ./batch_test_lmbench.sh nat
./print_lmbench_result.py nat
  2. Run LTP system call testcases. 
    ./test_syscalls.py -n
  3. Evaluate app latency, e.g., run OTP for 100 times. 
    ./test_app.py 100 ./otp
  4. Run other application, e.g., test fork/clone/futex/signal. 
    ./test
  5. Nano benchmark of mode switching overhead. Before measurement, please uncomment line 48~56 of linux/arch/arm64/kernel/entry.S, rebuild and reflash the linux kernel. Please uncomment this code only for nano benchmark as it is unsafe. After reflash and reboot, run the following command: 
    ./nano -n

Evaluation with Blindfold enabled:

  1. Enable Blindfold. This command has to be run with root privilege.

    sudo ./run_me.sh

  2. Run LMbench and print the aggregative results.

    2.1 For non-sensitive configuration:

    ./batch_test_lmbench.sh non
./print_lmbench_result.py non

    2.2 For sensitive configuration:

    ./batch_test_lmbench.sh sen
./print_lmbench_result.py sen

  3. Run LTP system call testcases.

    ./test_syscalls.py -a

  4. Evaluate app latency, e.g., run OTP for 100 times.

    4.1 For non-sensitive configuration:

    ./test_app.py 100 ./otp

    4.2 For sensitive configuration:

    ./test_app.py 100 ./adapted_otp

  5. Run other application, e.g., test fork/clone/futex/signal.

    5.1 For non-sensitive configuration:

    ./test

    5.2 For sensitive configuration:

    ./adapted_test

License

GPL-2.0 License

About

No description, website, or topics provided.

Resources

Readme

License

GPL-2.0 license
Activity

Stars

10 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages