Comments (3)
Occlum supports PKU feature now. NGO will support PKU after its SDK is upgraded to 2.16.
Another good news is moby accepts our PR: moby/moby#43490. (Add syscalls related to PKU in default docker's policy). Dockerd will support PKU related syscalls by default in version of 1.5.x and 1.6.x: containerd/containerd#7163.
Thanks for all the reviewers for helpful advice!
from ngo.
As I know, PKU relies on the pkey bits within the page table entry to enforce the data access policy. However, the page table is considered untrusted in SGX's threat model and can be manipulated by the attacker.
from ngo.
Hi @IceCY , PKU here is an option for users to enhance security. As mentioned before:
Though userspace applications are considered benign in NGO, but is may be bug-prone. Potential illegal memory accesses may affect correctness of computation, even lead to the crash of the whole enclave.
(LibOS's) userspace applications are still in our TCB, but they are bug-prone inevitably. We only use PKU for fault isolation enforce its robustness inside enclave, which can help developers uncover bugs beforehand.
OS has the full control of enclave's page table, and it is able to misconfigure the pkey in PTE without enclave's authentication, but such misconfigurations can only help OS to perform DoS attacks. However, DoS is not considered in SGX's threat model. If users worry that PKU feature in Occlum opens a new attack vector, they can turn off PKU feature in production environment. The PKU feature can be switched on/off easily by configuring occlum.json
.
from ngo.
Related Issues (20)
- [BUG] ioctl TCGETS return and glibc throws "**** stack smashing detected ***"
- [BUG]ioctl UT crashed
- Use arc_new_cyclic
- [RFC] Memory Cleaning Threads
- [BUG] pthread case hang when running glibc test with simulation mode
- [RFC] Use Completely Fair Scheduler (CFS) in NGO
- [BUG] fstatat crashed with invalid path
- [BUG] Cannot update atime, mtime and ctime for inode
- The design of the `page-cache` crate HOT 1
- Support io_uring's IORING_SETUP_SQPOLL flag HOT 1
- [BUG] Running iperf and the client side never exits HOT 1
- Improve the scalability of SyncIoDisk HOT 4
- Improve the performance of IoUringDisk HOT 1
- [RFC] Introduce Asynchronous Filesystem in NGO
- [RFC] Introduce Page Cache in NGO
- [RFC] Use Occlum configuration in yaml format in NGO HOT 3
- [RFC] Extend the SGX untrusted allocator to support untrusted device memory HOT 1
- [RFC] Introduce SwornDisk in NGO
- Steps to Enable Async-SFS + SwornDisk as the RootFS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ngo.