Automatic Enforcement of Expressive Security Policies using Enclaves
Hardware-based enclave protection mechanisms, such as Intel’s
SGX, ARM’s TrustZone, and Apple’s Secure Enclave,
can protect code and data from powerful low-level attackers.
In this work, we use enclaves to enforce strong application-specific
information security policies.
We present $IMP_E$, a novel calculus that captures the
essence of SGX-like enclave mechanisms, and show that a
security-type system for $IMP_E$ can enforce expressive confidentiality
policies (including erasure policies and delimited
release policies) against powerful low-level attackers,
including attackers that can arbitrarily corrupt non-enclave
code, and, under some circumstances, corrupt enclave code.
We present a translation from an expressive security-typed
calculus (that is not aware of enclaves) to $IMP_E$. The
translation automatically places code and data into enclaves
to enforce the security policies of the source program.
Thu 3 NovDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:10 | Language Design and Programming Models IIOOPSLA at Matterhorn 2 Chair(s): Olivier Tardieu IBM Research | ||
10:30 25mTalk | Automatic Enforcement of Expressive Security Policies using Enclaves OOPSLA DOI | ||
10:55 25mTalk | Chain: Tasks and Channels for Reliable Intermittent Programs OOPSLA DOI Pre-print | ||
11:20 25mTalk | GEMs: Shared-Memory Parallel Programming for Node.js OOPSLA Daniele Bonetta Oracle Labs, Luca Salucci Università della Svizzera italiana (USI), Stefan Marr Johannes Kepler University Linz, Walter Binder University of Lugano DOI | ||
11:45 25mTalk | OrcO: A Concurrency-First Approach to Objects OOPSLA Arthur Michener Peters The University of Texas at Austin, Texas, USA, David Kitchin Google, Inc., John A. Thywissen The University of Texas at Austin, William Cook UT Austin DOI Pre-print | ||