[RFC] Use PKU for isolation between LibOS and userspace program about ngo HOT 3 CLOSED

Occlum supports PKU feature now. NGO will support PKU after its SDK is upgraded to 2.16.

Another good news is moby accepts our PR: moby/moby#43490. (Add syscalls related to PKU in default docker's policy). Dockerd will support PKU related syscalls by default in version of 1.5.x and 1.6.x: containerd/containerd#7163.

Thanks for all the reviewers for helpful advice!

from ngo.

As I know, PKU relies on the pkey bits within the page table entry to enforce the data access policy. However, the page table is considered untrusted in SGX's threat model and can be manipulated by the attacker.

from ngo.

Hi @IceCY , PKU here is an option for users to enhance security. As mentioned before:

Though userspace applications are considered benign in NGO, but is may be bug-prone. Potential illegal memory accesses may affect correctness of computation, even lead to the crash of the whole enclave.

(LibOS's) userspace applications are still in our TCB, but they are bug-prone inevitably. We only use PKU for fault isolation enforce its robustness inside enclave, which can help developers uncover bugs beforehand.

OS has the full control of enclave's page table, and it is able to misconfigure the pkey in PTE without enclave's authentication, but such misconfigurations can only help OS to perform DoS attacks. However, DoS is not considered in SGX's threat model. If users worry that PKU feature in Occlum opens a new attack vector, they can turn off PKU feature in production environment. The PKU feature can be switched on/off easily by configuring occlum.json.

from ngo.