adding tee operator. too much side channel? #32
Conversation
threat-model/readme.md
Outdated
| TODO | ||
| 1. Microarchitectural side channel mitigations: microarchitectural side channels arise due to resource sharing between the TEE processes and other processes on the host machine. They can be mitigated by ensuring spatial and temporal isolation of the TEE processes though this has proved challenging in practice and no existing TEE is free of side channel leakage. | ||
| 2. Speculative/transient execution mitigations: turn off speculative execution. | ||
| 3. Physical access mitigations: To mitigate cold boot attacks any TEE assets stored off the trusted hardware, e.g. in DRAM, must be encrypted and integrity checked. Defending against power/acoustic/temperature side channels requires preventing the operator from observing these features or by executing TEE processes obliviously (execution is fully independent of the confidential input data). |
There was a problem hiding this comment.
This might be split:
| 3. Physical access mitigations: To mitigate cold boot attacks any TEE assets stored off the trusted hardware, e.g. in DRAM, must be encrypted and integrity checked. Defending against power/acoustic/temperature side channels requires preventing the operator from observing these features or by executing TEE processes obliviously (execution is fully independent of the confidential input data). | |
| 3. To mitigate cold boot attacks any TEE assets stored off the trusted hardware, e.g. in DRAM, must be encrypted and integrity checked. | |
| 4. Defending against power/acoustic/temperature side channels requires preventing the operator from observing these features or by executing TEE processes obliviously (execution is fully independent of the confidential input data). |
Though I think that the latter could be:
Defending against attacks that use power/acoustic/temperature side channels requires either preventing the operator from observing these features by limiting physical access in some way or by executing TEE processes obliviously (that is, eliminating any potential for side channel information by using computation that does not depend on the content of any confidential data).
Out of curiosity, what is the state of the art as it relates to timing side channels? You don't mention them, but these no doubt exist as well and leak information to more than just those with physical access to the machine.
There was a problem hiding this comment.
I think this section in particular is quite rough and needs to be workshopped a bit.
I separated side channels out into microarchitectural, speculative (a special kind of microarchitectural really), and physical where this is the means an adversary uses to observe something about the program execution. The something observed is very often a timing difference. Maybe there is a better way to describe side channels that makes this more clear? Especially because some of the more traditionally physical attacks can be executed remotely now: Hertzbleed
It might also make sense to pull oblivious execution out into its own mitigation as it really applies more generally (but isn't typically a viable option due to the performance).
(agreed on splitting cold boot attacks out)
Co-authored-by: Martin Thomson <mt@lowentropy.net>
Co-authored-by: Martin Thomson <mt@lowentropy.net>
Co-authored-by: Martin Thomson <mt@lowentropy.net>
AramZS
added
the
call-for-consensus
AramZS
added
Threat Model Document
AramZS
added
needs-work
First draft of threat model for the TEE operator.
Lots of side channel discussion (maybe too much side channel discussion).
Some of these side channels are not currently possible to mitigate.
Do we want references here?
Also see #33 which adds the TEE itself and #34 which adds the TEE manufacturer.