

#### CAPSTONE: A Capability-based Foundation for Trustless Secure Memory Access

32<sup>nd</sup> USENIX Security Symposium

#### Jason Zhijingcheng Yu, Conrad Watt, Aditya Badole, Trevor E. Carlson, Prateek Saxena

National University of Singapore University of Cambridge





## World of Security Extensions



[ARMv8 Pointer Authentication Code]

[Intel <u>MPK</u>, x86/64 <u>DEP/NX</u>][Intel <u>MPX</u>, RISC-V/ARM <u>CHERI</u>] [None]

[Intel <u>TSX</u> – Transactional Synchronization Extensions]

[Intel <u>SGX</u>] [x86 <u>Segmentation</u>]

x86/64 Privilege Rings

[AMD <u>SEV</u>] [Intel <u>VT-x</u>] [Intel <u>TDX</u>] [ARM <u>CCA</u>]

[ARM TZ] [Intel TXT]

[Intel VT-x] [Intel SGX]

# **Problems with Security Extensions**

#### I. Unreliable availability of security features

: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse3 6 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant\_ tsc art arch\_perfmon pebs bts rep\_good nopl xtopology nonstop\_tsc cpuid aperfmperf pni p clmulgdg dtes64 monitor ds cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4 1 sse 4 2 x2apic movbe popcnt tsc\_deadline\_timer aes xsave avx f16c rdrand lahf\_lm abm 3dnowpr efetch cpuid\_fault epb invpcid\_single pti ssbd ibrs ibpb stibp tpr\_shadow vnmi flexprior ity ept vpid ept\_ad fsgsbase tsc\_adjust sgx bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel\_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp notify hwp act window hwp epp sqx lc md clear flush l1d arch capabilities

#### Deprecated Technologies

The processor has deprecated the following technologies and they are no longer supported:

- Intel<sup>®</sup> Memory Protection Extensions (Intel<sup>®</sup> MPX)
- Branch Monitoring Counters
- Hardware Lock Elision (HLE), part of Intel<sup>®</sup> TSX-NI
- Intel<sup>®</sup> Software Guard Extensions (Intel<sup>®</sup> SGX)
- Intel<sup>®</sup> TSX-NI
- Power Aware Interrupt Routing (PAIR)

Source: https://edc.intel.com/content/www/us/en/design/ipla/software-development-

platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-

2/010/deprecated-technologies/ accessed 30 July 2023

Y. Chen et al., 'SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX', in 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, K. R. B. Butler and K. Thomas, Eds., USENIX Association, 2022, pp. 4129–4146. [Online]. Available:

https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yuan

#### [2]

[1]

D. Kuvaiskii et al., 'SGXBOUNDS: Memory Safety for Shielded Execution', in Proceedings of the Twelfth European Conference on Computer Systems, Belgrade Serbia: ACM, Apr. 2017, pp. 205-221. doi: 10.1145/3064176.3064192.

#### 2. Poor interoperability for multiple security goals





#### Traditional Architectures Rely on Access Control



#### Traditional Architectures Rely on Access Control



#### Contributions

#### Goal: Unified Foundation for Trustless Memory Access

Minimal set of properties

P1: Exclusive Access

- P2: Revocable Delegation
- P3: Extensible Hierarchy
- P4: Secure Domain Switching

CAPSTONE -

#### Pointer Integrity

Spatial Memory Safety

Temporal Memory Safety

Concurrent Thread Safety

Intra-process Sandboxing

**Process Sandboxing** 

Virtualization

Red-Green Secure Worlds

Nested / App Virtualization

#### Threat Model: Benign Scenario



#### Threat Model: Malicious Scenario



#### Threat Model: Malicious Scenario



# Minimal set of properties for a unified foundation

## Property I: Exclusive Access



J. Z.Yu, S. Shinde, T. E. Carlson, and P. Saxena, 'Elasticlave: An Efficient Memory Model for Enclaves', in 31st USENIX Security Symposium

#### Property 2: Revocable Delegation



J. Z.Yu, S. Shinde, T. E. Carlson, and P. Saxena, 'Elasticlave: An Efficient Memory Model for Enclaves', in 31st USENIX Security Symposium

### Property 3: Extensible Hierarchy



J. Z.Yu, S. Shinde, T. E. Carlson, and P. Saxena, 'Elasticlave: An Efficient Memory Model for Enclaves', in 31st USENIX Security Symposium

## Property 4: Secure Domain Switching



J. Cui, J. Z.Yu, S. Shinde, P. Saxena, and Z. Cai, 'SmashEx: Smashing SGX Enclaves Using Exceptions', in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

#### Properties for a Trustless Unified Foundation

#### P1: Exclusive Access

P2: Revocable Delegation

P3: Extensible Hierarchy

P4: Secure Domain Switching

How to enforce those properties through a unified interface?



#### Architectural Capabilities: A Baseline



R. N. M. Watson et al., 'Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 8)'.

 $t_1$ 

# Enforcing Property 1: Exclusive Access



#### Enforcing Property 1: Exclusive Access



#### **Exclusive Access: Linear Capabilities**





# Memory Delegation with Linear Capabilities



# Enforcing Property 2: Revocable Delegation



#### Problem: Secret Leakage Can Still Happen



#### Problem: Secret Leakage Can Still Happen



#### Solution: Uninitialized Capabilities



# CAPSTONE: Putting It Together

ISA with capability types and instructions



# Implementation and Evaluation

## Functional Prototype



# Full Memory Safety (Rust-like Semantics)

Spatial Memory Safety

Temporal Memory Safety

Concurrent Thread Safety

Architectural capabilities

Linear capabilities + revocation

| Operation        | <b>Rust semantics</b> | CAPSTONE                                                                                                       |
|------------------|-----------------------|----------------------------------------------------------------------------------------------------------------|
| Move             | let a = b;            | mov ra, rb;                                                                                                    |
| Immutable borrow | let a = &b            | <pre>mrev rr, rb; delin rb; li r0,<br/>0; tighten rb, r0; mov ra, rb;<br/>(use ra) revoke rr; mov rb, rr</pre> |
| Mutable borrow   | let a = &mut b;       | mrev rr, rb; mov ra, rb; (use<br>ra) revoke rr; mov rb, rr                                                     |

#### **Trustless Memory Allocator**







#### **Trustless Scheduler**





#### Nestable Enclaves





Takeaway: CAPSTONE is highly expressive

# Preliminary Performance Evaluation



**Results:** within ~50% run time overhead

#### Conclusion

- Goal: unified foundation for trustless memory access
- Required properties
  - Exclusive access
  - Revocable delegation
  - Extensible hierarchy
  - Secure domain switching
- CAPSTONE
  - Capability-based architecture
- Core ideas: linear capabilities, revocation, uninitialized capabilities
- Prototype implementations with emulator, compiler, and library
- Case studies: CAPSTONE is highly expressive



https://capstone.kisp-lab.org/

# Thanks for listening!