The MIT Secure Enclave Platform is a series of publications, implementations and ongoing projects that aim at developing real-world secure enclaves. Enclaves are a strong isolation primitive that make it possible for a user to run sensitive computations on a remote and untrusted server while ensuring the integrity and privacy of the computation. Enclaves usually assume a very strong threat model including an untrusted OS. At MIT, we push the concept even further by also considering most timing side channels as part of our threat model. We are looking at secure communication between an enclave and the outside world. Exploring solutions such as shared memory between the enclave and the OS. This is an especially tricky problem in the presence of speculation. The enclave programmer might not be fully in control of the interactions the enclave might have with the outside, would it be which addresses are accessed, the ordering or the timing of these interactions.
Modern systems lack meaningful abstractions for security domains. At the moment, only processes are potentially isolated from one another at an architectural level (some part of a process's memory might be private). This abstraction is not only broken by micro-architectural side channels but is also greatly limited. Modern software imports untrusted libraries, calls into legacy code and execute content from different security domains. The current solution, like in modern web browsers, has been to place each of these security domains in a different process. Nevertheless, we believe the existence of alternative isolation abstractions and hardware primitives to enforce them could change the way we isolate and secure software. We've been looking at building these new primitives to enable secure isolation of libraries, functions and other fine-grained security domains.
Copyright (c) 2022 Jules Drean