Advertisement
Check these out next
![[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking](https://cdn.slidesharecdn.com/ss_thumbnails/06vmware-160226170659-thumbnail.jpg?width=600&height=600&fit=bounds)
WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone - Presentation slides
Mar. 24, 2023•0 likes•20 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Software
The presentation slides of the paper WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone, published in the proceedings of the 42nd IEEE International Conference on Distributed Computing Systems (ICDCS), July 2022. Read the publication here: https://arxiv.org/abs/2206.08722 This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197
Jämes MénétreyFollow
University of NeuchâtelAdvertisement
Advertisement
Advertisement
Recommended
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...Jämes Ménétrey
VMware Developer-Ready TransformationVMware Tanzu
WebRTC Webinar & Q&A - W3C WebRTC JS API Test Platform & Updates from W3C Lis...Amir Zmora
Dependable Cloud ComutingKazuhiko Kato
Automated Deployment and Management of Edge CloudsJay Bryant
Twine: An Embedded Trusted Runtime for WebAssembly - Presentation slidesJämes Ménétrey
WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone - Presentation slides
- WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone Jämes Ménétrey Marcelo Pasin Pascal Felber Valerio Schiavoni University of Neuchâtel, Switzerland July 10-13, 2022 42nd IEEE International Conference on Distributed Computing Systems (ICDCS ’22), Bologna, Italy 🇮🇹
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Context Developers Your apps • We process and store sensitive data on edge or IoT devices • Developers deploy applications on those systems they assume to be trustworthy • How can we better protect deployed applications and systems? 2 IoT devices Hardware Firmware Premises OS Software stack Your apps Attack surface of your system
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Context (cont.) Hardware Firmware Premises OS Software stack Your apps Attack surface of your system • One way to better secure applications and systems is to use Trusted Execution Environments (TEEs) • There are many TEE technologies, the most widespread on IoT devices is Arm TrustZone • TEEs isolate applications from the rest of the system 3
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Primer on Arm TrustZone 4 Attack surface of your system Secure world Secure OS TA TA TA Secure Monitor Hardware OS App App App Hypervisor Communication Premises Normal world • TrustZone is split in two worlds • Trusted Application (TA) is isolated from the normal world • Limited amount of memory in the TEE, this reduces the size of the attack surface • We use OP-TEE, an open- source trusted OS
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 OP-TEE limitations and pitfalls 5 • No POSIX API (e.g., printf), but Global Platform (GP) API ➡ Hard to write or migrate existing applications • SDK only available for C programming language ➡ Constrained development environment • TrustZone does not come with attestation ➡ Lack of trust when deploying applications
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 How to ease the development experience? 6
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Introduction to WebAssembly 7 • WebAssembly (Wasm) is a standard for a lightweight bytecode format • A compilation target for most mainstream programming languages • Initially meant for the web, can be used anywhere today • Include WebAssembly System Interface (WASI) for system interactions Image: Standardising WASI, Mozilla, 2020 developer WebAssembly runtime clang user cargo tinygo
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 RQ1: Challenges when embedding Wasm into TrustZone 8 • Interoperability: Leverage WASI to replace POSIX and deliver features bound to the TEE • Performance: Execution of ahead-of-time compiled Wasm binaries App Secure world Normal world Suppl. Trusted app Wasm runtime WASI Secure OS Wasm app RPC OS GP Wasm app Contributions
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 RQ1: Results 9 • Language agnostic: Wasm introduces an intermediate bytecode, enabling to use various programming languages • Abstraction: Wasm applications no longer depend on TEE-specific concerns • Sandbox: The hosted app and the secure OS are mutually distrusted App Secure world Normal world Suppl. Trusted app Wasm runtime WASI Secure OS Wasm app RPC OS GP Wasm app Contributions
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 RQ1: Contributions 10 • An embedded Wasm runtime in the TEE to abstract TEE-specific concerns for the hosted applications, called WaTZ • An easy way to run applications in the TEE Secure world Secure OS TA WaTZ TA Secure Monitor Hardware OS App App App Hypervisor Communication Premises Normal world Wasm App Contributions
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 RQ2: How to trust a remotely executed application? 11
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Attestation of applications • Attestation is a way to prove the trustworthiness of a piece of software • TEEs help obtaining such a proof, called evidence • Remote attestation provides this proof for remotely executed software • Remote attestation is present in many state-of-the-art TEEs, such as Intel SGX, but is missing from TrustZone 12
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Remote attestation primer Attester (TrustZone) Veri fi er Reference Value Provider 13 Reference values = ? Provision references values Forward results Evidence Claims H( ) Code measurement Issue evidence Provision confidential data Relying party
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 RQ2: Trust remote execution of Wasm applications 14 • Root of Trust: A secret value only available in the secure world for signature • Secure boot: The system cannot be booted without signed bootloader and OS Secure world Secure OS Firmware Hardware OS Hypervisor Normal world Boot Root of trust Verify Verify Start
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 ⑤ Provision data RQ2: Protocol for remote attestation 15 • Protocol: Inspired by SIGMA and Intel SGX, enables us to authenticate remotely executing Wasm applications and detect genuine platforms Wasm runtime (TA) Attestation service (Secure OS) Cloud (Veri fi er) ① Challenge ② Request signing Code measurement (Wasm bytecode) ③ Send Evidence ④ Forward evidence Download certificates Certi fi cates catalog Extract public key IoT device
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 RQ2: Contributions 16 • The foundation to protect the platform and infer trust • A remote attestation protocol to establish trust with remote Wasm software Secure world Secure OS TA WaTZ TA Firmware Hardware OS App App Hypervisor Communication Premises Normal world Wasm App Veri fi er Cloud Trust insurance & data provisioning Root of trust Verify Verify Attestation service Contributions
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 RQ3: What about performance? 17
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 2mm 3mm adi ata bic cho cor cov der doi dur f2d flo gem ges gev gra h3d j1d j2d lu lud mvt nus s2d s2k sym syr tri trm 0 1 2 3 4 1.14 1.16 1.03 1.47 1.26 1.29 1.07 1.06 1.15 1.25 1.49 1.83 1.13 2.47 1.15 1.26 1.03 1.47 1.98 1.77 1.1 1.27 1.13 1.35 1.12 1.72 1.1 1.89 1.14 1.09 1.13 1.15 1.03 1.47 1.26 1.29 1.07 1.06 1.14 1.24 1.49 1.82 1.13 2.46 1.16 1.27 1.03 1.47 1.99 1.76 1.1 1.27 1.14 1.33 1.12 1.72 1.1 1.88 1.15 1.08 Normalised run time J better Native: REE (= 1) Wasm: REE (WAMR) TEE (WaTZ) Wasm performance: micro-benchmarks 18 Polybench/C: slowdown of 1.34x compared to native • Polybench/C is a compiler performance benchmark We made these
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 160 161 170 320 140 145 240 142 280 310 230 150 410 260 110 0 1 2 3 4 0.99 0.98 1.01 0.99 1.3 1.14 1.2 1.18 1.22 1.18 1.4 1.38 1.1 0.96 1.28 1.85 1.88 1.89 1.96 1.94 1.98 1.96 1.96 1.95 1.99 2.05 2.01 2.1 2.09 2.08 1.85 1.87 1.91 1.94 1.94 1.96 1.97 1.97 1.97 2.03 2.04 2.06 2.08 2.09 2.1 Native: REE (= 1) TEE Wasm: REE (WAMR) TEE (WaTZ) 130 100 980 250 400 270 510 120 300 210 190 180 290 990 500 520 0 1 2 3 4 1 1.3 1.23 1.62 1.51 1.34 1.22 1.5 1.74 1.27 1.71 1.7 1.66 1.28 1.53 1.78 2.12 2.11 2.06 2.14 2.15 2.14 2.23 2.22 2.21 2.2 2.22 2.23 2.23 2.32 2.32 2.52 2.1 2.11 2.12 2.13 2.14 2.18 2.23 2.24 2.26 2.26 2.28 2.28 2.28 2.3 2.35 2.54 Normalised run time J better Wasm performance: macro-benchmarks 19 SQLite Speedtest1 benchmarks Native (REE) Wasm (REE) Native (TEE) Wasm (TEE) 2.1x 1.31x 1.01x 1.62x 2.12x We made these We made these
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Wasm attestation: benchmarks 20 • We tested the remote attestation protocol using Genann, a neural network library • The Wasm application has access to API to control the remote attestation process: handshake, collect_quote, send_quote and receive_data Wasm runtime Genann Cloud (Veri fi er) handshake Secure OS collect_quote send_quote receive_data
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 handshake collect quote send quote Baseline 1.34 s 239 ms 1 ms 1.58 s ,! Baseline Size receive data Total 1.58 s 0.1 MB 168 ms 1.75 s 1.58 s 1 MB 209 ms 1.79 s Wasm attestation: benchmarks 21 0 2 4 6 8 10 12 14 16 18 0.5 1.0 1.5 2.0 2.5 3.0 Time [ms] (J Lower is better) Data size [MB] Encrypt Decrypt Execution time of the function receive_data in more details Time taken for the receive_data based on the size of the data handshake collect quote send quote Baseline 1.34 s 239 ms 1 ms 1.58 s ,! Baseline Size receive data Total 1.58 s 0.1 MB 168 ms 1.75 s 1.58 s 1 MB 209 ms 1.79 s Execution time of the functions handshake, collect_quote and send_quote
- Ménétrey et al. — WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone — ICDCS ’22 / 22 Thanks for your attention! Takeaway • WaTZ is a trusted WebAssembly runtime in TrustZone for edge and IoT devices with sufficient performance for practical deployments • Applications compiled into WebAssembly do not need to be modified, as long as the system calls are covered by WASI • Remote attestation is supported thanks to additional hardware components and integration in the Wasm runtime • WaTZ is open-source with all the instructions to reproduce the experiments 22 Read me online!
Advertisement