Need to restrict SBIs the enclave can use #25

dayeol · 2019-03-11T17:22:45Z

Now SM is embedded into the bbl, which basically provides a lot of SBI that can enable DoS against the OS as well as some potential attacks.
For example, the enclave can shut down the entire machine using an SBI, and also request IPIs (e.g., TLB flush).
Once we make the SM keep track of the CPU states, we should be able to put some gaskets in those interfaces that prevents enclave from doing these.

dkohlbre · 2019-03-11T17:25:49Z

This should, imo, be part of our rework of enclave lifecycles into explicit fsms.
We can define the valid hart transitions along with the valid enclave state transitions and check it all at once on the SBI call.

dkohlbre added the enhancement New feature or request label Mar 11, 2019

dkohlbre mentioned this issue Mar 11, 2019

Issue with enclave creation and host_satp #19

Closed

dayeol mentioned this issue Mar 19, 2019

SM DoS Protection mechanism against broken enclaves keystone-enclave/keystone#75

Open

dayeol added this to To do in Release (0.5) Sep 25, 2019

dayeol assigned dayeol and ghost and unassigned dayeol Sep 25, 2019

dayeol moved this from To do to In progress in Release (0.5) Dec 8, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Need to restrict SBIs the enclave can use #25

Need to restrict SBIs the enclave can use #25

dayeol commented Mar 11, 2019

dkohlbre commented Mar 11, 2019

Need to restrict SBIs the enclave can use #25

Need to restrict SBIs the enclave can use #25

Comments

dayeol commented Mar 11, 2019

dkohlbre commented Mar 11, 2019