Skip to main content
SpringerLink
Log in

Formal Foundations for Intel SGX Data Center Attestation Primitives

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2020)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12531))

Included in the following conference series:

Abstract

Intel has recently offered third-party attestation services, called Data Center Attestation Primitives (DCAP), for a data center to create its own attestation infrastructure. These services address the availability concerns and improve the performance as compared to the remote attestation based on Enhanced Privacy ID (EPID). Practical developments, such as Hyperledger Avalon, have already planned to support DCAP in their roadmap. However, the lack of formal proof for DCAP leads to security concerns. To fill this gap, we propose an automated, rigorous, and sound formal approach to specify and verify the remote attestation based on Intel SGX DCAP under the assumption that there are no side-channel attacks and no vulnerabilities inside the enclave. In the proposed approach, the data center configuration and operational policies are specified to generate the symbolic model, and security goals are specified as security properties to produce verification results. The evaluation of non-Quoting Verification Enclave-based DCAP indicates that the confidentiality of secrets and integrity of data is preserved against a Dolev-Yao adversary in this technology. We also present a few of the many inconsistencies found in the existing literature on Intel SGX DCAP during formal specification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: mobile values, new names, and secure communication. J. ACM (JACM) 65(1), 1–41 (2017)

    Article  MathSciNet  Google Scholar 

  2. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. ACM SIGPLAN Not. 36(3), 104–115 (2001)

    Article  Google Scholar 

  3. Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: International Workshop on Hardware and Architectural Support for Security and Privacy, 2013. ACM, New York (2013). https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing

  4. Avram, M.G.: Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technol. 12, 529–534 (2014)

    Article  Google Scholar 

  5. Bachmair, L., Ganzinger, H.: Resolution theorem proving. In: Handbook of Automated Reasoning, pp. 19–99. Elsevier (2001)

    Google Scholar 

  6. Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006). https://doi.org/10.1007/11804192_17

    Chapter  Google Scholar 

  7. Biere, A., Cimatti, A., Clarke, E.M., Fujita, M., Zhu, Y.: Symbolic model checking using SAT procedures instead of BDDs. In: Design Automation Conference, pp. 317–320. ACM/IEEE (1999)

    Google Scholar 

  8. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49059-0_14

    Chapter  Google Scholar 

  9. Blanchet, B.: Modeling and verifying security protocols with the applied pi calculus and ProVerif. Found. Trends Priv. Secur. 1(1–2), 1–135 (2016)

    Google Scholar 

  10. Blanchet, B.: CryptoVerif: a computationally-sound security protocol verifier. Technical report (2017)

    Google Scholar 

  11. Brickell, E., Li, J.: Enhanced privacy ID: a direct anonymous attestation scheme with enhanced revocation capabilities. In: Privacy in Electronic Society, pp. 21–30. ACM (2007)

    Google Scholar 

  12. Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. In: Social Computing, pp. 768–775. IEEE (2010)

    Google Scholar 

  13. Browne, M.C., Clarke, E.M., Grümberg, O.: Characterizing finite Kripke structures in propositional temporal logic. Theor. Comput. Sci. 59(1–2), 115–131 (1988)

    Article  MathSciNet  Google Scholar 

  14. Cabodi, G., Camurati, P., Loiacono, C., Pipitone, G., Savarese, F., Vendraminetto, D.: Formal verification of embedded systems for remote attestation. WSEAS Trans. Comput. 14, 760–769 (2015)

    Google Scholar 

  15. Conchon, S., Roux, M.: Reasoning about universal cubes in MCMT. In: Ait-Ameur, Y., Qin, S. (eds.) ICFEM 2019. LNCS, vol. 11852, pp. 270–285. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32409-4_17

    Chapter  Google Scholar 

  16. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive (2016)

    Google Scholar 

  17. Costan, V., Lebedev, I., Devadas, S.: Sanctum: minimal hardware extensions for strong software isolation. In: USENIX Security Symposium, pp. 857–874 (2016)

    Google Scholar 

  18. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  19. Fraer, R., et al.: From visual to logical formalisms for SoC validation. In: Formal Methods and Models for Codesign (MEMOCODE), pp. 165–174. ACM/IEEE (2014)

    Google Scholar 

  20. Gill, A.: Domain-specific languages and code synthesis using Haskell. Queue 12(4), 30–43 (2014)

    Article  Google Scholar 

  21. Goel, A., Krstic, S., Leslie, R., Tuttle, M.: SMT-based system verification with DVF. In: Satisfiability Modulo Theories, vol. 20, pp. 32–43. EasyChair (2013)

    Google Scholar 

  22. Herlihy, M.P., Wing, J.M.: Linearizability: a correctness condition for concurrent objects. ACM Trans. Program. Lang. Syst. 12(3), 463–492 (1990)

    Google Scholar 

  23. Hyperledger: Hyperledger Avalon (2020). https://www.hyperledger.org/use/avalon. Accessed 24 July 2020

  24. Intel: Attestation service for Intel\(\textregistered \) Software Guard Extensions (Intel\(\textregistered \) SGX): API documentation. https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf, revision 6.0. Accessed 24 July 2020

  25. Intel: Intel®Software Guard Extensions (Intel®SGX) Data Center Attestation Primitives: ECDSA Quote Library API, March 2020–08 July 2020. https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf. Accessed 24 July 2020

  26. Intel: SGX Data Center Attestation Primitives. https://github.com/intel/SGXDataCenterAttestationPrimitives. Accessed on 24 July 2020

  27. Intel: Intel®Software Guard Extensions (Intel® SGX), June 2015. https://software.intel.com/sites/default/files/332680-002.pdf, revision 1.1. Accessed 24 July 2020

  28. Intel: Intel® 64 and IA-32 architectures: software developer’s manual. Order Number: 325462–071US, October 2019. https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf. Accessed 24 July 2020

  29. Intel: Intel® SGX data center attestation primitives (Intel® SGX DCAP) (2019). https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_DCAP_ECDSA_Orientation.pdf, revision 08–07-2020, Accessed 24 July 2020

  30. Intel: Intel®PCK Certificate and Certificate Revocation List Profile Specification, March 2020. https://download.01.org/intel-sgx/sgx-dcap/1.7/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.4.pdf, revision 1.4, 30 March 2020, updated 08–07-2020. Accessed 24 July 2020

  31. Intel: Intel®Software Guard Extensions (Intel®SGX): developer guide, April 2020. https://download.01.org/intel-sgx/sgx-linux/2.9.1/docs/Intel_SGX_Developer_Guide.pdf, revision 2.9.1, April 2020. Accessed 24 July 2020

  32. Johnson, S., Scarlata, V., Rozas, C., Brickell, E., Mckeen, F.: Intel® Software Guard Extensions: EPID provisioning and attestation services (2016), https://software.intel.com/content/www/us/en/develop/download/intel-sgx-intel-epid-provisioning-and-attestation-services.html

  33. Kaplan, D.: AMD x86 memory encryption technologies. USENIX Association, Austin, TX, August 2016

    Google Scholar 

  34. Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., Vij, M.: Integrating remote attestation with transport layer security. arXiv preprint:1801.05863 (2018)

    Google Scholar 

  35. Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems: A Cyber-Physical Systems Approach. MIT Press, Cambridge (2017)

    MATH  Google Scholar 

  36. Leslie-Hurd, R., Caspi, D., Fernandez, M.: Verifying linearizability of Intel® software guard extensions. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9207, pp. 144–160. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21668-3_9

    Chapter  Google Scholar 

  37. Lugou, F., Apvrille, L., Francillon, A.: SMASHUP: a toolchain for unified verification of hardware/software co-designs. J. Cryptograph. Eng. 7(1), 63–74 (2017)

    Article  Google Scholar 

  38. Marlow, S., et al.: Haskell 2010 language report (2010). https://www.haskell.org/onlinereport/haskell2010

  39. McKeen, F., et al.: Intel\(\textregistered \) software guard extensions (Intel\(\textregistered \) SGX) support for dynamic memory management inside an enclave. In: Hardware and Architectural Support for Security and Privacy, pp. 1–9. ACM (2016)

    Google Scholar 

  40. Nunes, I.D.O., Eldefrawy, K., Rattanavipanon, N., Steiner, M., Tsudik, G.: VRASED: a verified hardware/software co-design for remote attestation. In: 28th USENIX Security Symposium, pp. 1429–1446. USENIX Association, Santa Clara (2019)

    Google Scholar 

  41. Paar, C., Pelzl, J.: Understanding Cryptography: A Textbook for Students and Practitioners. Springer, Cham (2009)

    MATH  Google Scholar 

  42. Pinto, S., Santos, N.: Demystifying ARM TrustZone: a comprehensive survey. ACM Comput. Surv. (CSUR) 51(6), 1–36 (2019)

    Article  Google Scholar 

  43. Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: Trustcom/BigDataSE/ISPA, vol. 1, pp. 57–64. IEEE (2015)

    Google Scholar 

  44. Sardar, M.U., Quoc, D.L., Fetzer, C.: Towards formalization of EPID-based remote attestation in Intel SGX, Euromicro Conference on Digital System Design (To appear, 2020)

    Google Scholar 

  45. Scarlata, V., Johnson, S., Beaney, J., Zmijewski, P.: Supporting third party attestation for Intel® SGX with Intel® data center attestation primitives. White paper (2018)

    Google Scholar 

  46. Subramanyan, P., Sinha, R., Lebedev, I., Devadas, S., Seshia, S.A.: A formal foundation for secure remote execution of enclaves. In: SIGSAC Conference on Computer and Communications Security, pp. 2435–2450. ACM (2017)

    Google Scholar 

  47. Tuttle, M.R., Goel, A.: Protocol proof checking simplified with SMT. In: Network Computing and Applications, pp. 195–202. IEEE (2012)

    Google Scholar 

  48. Weidenbach, C.: Towards an automatic analysis of security protocols in first-order logic. CADE 1999. LNCS (LNAI), vol. 1632, pp. 314–328. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48660-7_29

    Chapter  Google Scholar 

  49. Woo, T.Y.C., Lam, S.S.: A semantic model for authentication protocols. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 178–194, May 1993

    Google Scholar 

  50. Zeller, A.: Why Programs Fail: A Guide to Systematic Debugging. Elsevier (2009)

    Google Scholar 

Download references

Acknowledgments

We would like to thank Do Le Quoc for his feedback on this work.

Author information

Authors and Affiliations

  1. Chair of Systems Engineering, Institute of Systems Architecture, Faculty of Computer Science, Technische Universität Dresden, Dresden, Germany

    Muhammad Usama Sardar, Rasha Faqeh & Christof Fetzer

Authors
  1. Muhammad Usama Sardar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rasha Faqeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christof Fetzer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Usama Sardar .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Shang-Wei Lin

  2. School of Information and Communication Technology, Griffith University, Nathan Campus, QLD, Australia

    Zhe Hou

  3. Defence Science and Technology Group, Denver, CO, USA

    Brendan Mahony

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sardar, M.U., Faqeh, R., Fetzer, C. (2020). Formal Foundations for Intel SGX Data Center Attestation Primitives. In: Lin, SW., Hou, Z., Mahony, B. (eds) Formal Methods and Software Engineering. ICFEM 2020. Lecture Notes in Computer Science(), vol 12531. Springer, Cham. https://doi.org/10.1007/978-3-030-63406-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63406-3_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63405-6

  • Online ISBN: 978-3-030-63406-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation