25th USENIX Security Symposium has ended
Back To Schedule
Friday, August 12 • 10:00am - 10:30am
Ariadne: A Minimal Approach to State Continuity

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Protected-module architectures such as Intel SGX provide strong isolation guarantees to sensitive parts of applications while the system is up and running. Unfortunately systems in practice crash, go down for reboots or lose power at unexpected moments in time. To deal with such events, additional security measures need to be taken to guarantee that stateful modules will either recover their state from the last stored state, or fail-stop on detection of tampering with that state. More specifically, protected-module architectures need to provide a security primitive that guarantees that (1) attackers cannot present a stale state as being fresh (i.e. rollback protection), (2) once a module accepted a specific input, it will continue execution on that input or never advance, and (3) an unexpected loss of power must never leave the system in a state from which it can never resume execution (i.e. liveness guarantee).

We propose Ariadne, a solution to the state-continuity problem that achieves the theoretical lower limit of requiring only a single bit flip of non-volatile memory per state update. Ariadne can be easily adapted to the platform at hand. In low-end devices where non-volatile memory may wear out quickly and the bill of materials (BOM) needs to be minimized, Ariadne can take optimal use of non-volatile memory. On SGX-enabled processors, Ariadne can be readily deployed to protect stateful modules (e.g., as used by Haven and VC3).

avatar for Frank Piessens

Frank Piessens

Full professor, imec-DistriNet, KU Leuven
Frank Piessens is a professor at the Department of Computer Science of the KU Leuven, Belgium. His research interests lie in software security, including security in operating systems and middleware, architectures, applications, Java and .NET, and software interfaces to security technologies. He... Read More →

Raoul Strackx

imec-DistriNet, KU Leuven

Friday August 12, 2016 10:00am - 10:30am PDT
Zilker Ballroom 3

Attendees (4)