more on SCONE

Re: SCONE, mentioned here: https://firmwaresecurity.com/2017/01/07/secure-linux-containers-with-intel-sgx/


SCONE: Secure Linux Containers with Intel SGX
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, Christof Fetzer

In multi-tenant environments, Linux containers managed by Docker or Kubernetes have a lower resource footprint, faster startup times, and higher I/O performance compared to virtual machines (VMs) on hypervisors. Yet their weaker isolation guarantees, enforced through software kernel mechanisms, make it easier for attackers to compromise the confidentiality and integrity of application data within containers. We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library interface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6✓–1.2✓ of native throughput.[…]





Joanna announces codehash.db, a software/firmware code hash database

Joanna Rutkowska of Invisible Things Lab posted a message to the Secure Desktops list, announcing a new public hash database for software and firmware! lightly-edited announcement below, see the list archive for full announcement:

Introducing a public db for software and firmware hashes:
I’ve recently created this simple repo which is an attempt to somehow addresses a problem of software and firmware “verifiability” (the word is somehow loaded, hence in quotation marks).  I imagine that once more and more vendors, such as e.g. Tails or Subgraph, or secure messenger app devs, or various firmware projects (coreboot, Trezor, OpenWRT, etc) agreed to stick to this format, we could expect each of them to submit hashes + signatures with each new release of their software.  These hashes would then be subsequently verified and submitted by other witnesses.  Each person or organization will be free to host a repo similar to the one above, only with the “proofs” from the select witness they consider somehow trusted or meaningful.


(Now if OEMs and IBVs would only publish their golden image hashes, including after each update….)


Capsule by Quarkslab

“Two years of development later, Cappsule goes open-source! Enjoy!” –September 21st




ORWL on Joanna’s security comments

ORWL has a response to Joanna’s comments on ORWL security:


“Recently, Joanna Rutkowska, the founder of Qubes OS (which we announced as a default OS option), posted on her Invisible Things blog and on Twitter some of her thoughts on ORWL. We offer here our comments and responses to specific points, as well as a more general response. Some of what is described in this update is laid out in our previous update on secure microcontroller (MCU) details.[…]”




ORWL funded!

ORWL, “The First Open Source, Physically Secure Computer”, just got funded on CrowdSupply!


Joanna Rutkowska wrote a recent post that gives some great background on ORWL’s physical security:



Joanna to speak at coreboot conference

Joanna Rutkowska will be speaking at the upcoming Coreboot convention!





X-Ray Inspector for PCBs

If you have not read about the “Stateless Laptop” proposal, please read it, it covers modern Intel firmware/hardware security issues:



One part in the article talks about how to trust silicon:

The physical protections mentioned above do not, however, resolve the problem of the attackers subverting the laptop hardware at manufacturing or shipment stages. This includes, naturally, a potentially conspiring laptop vendor. In order to address this latter problem we — the industry — need to come up with reliable and simple methods for comparing PCBs with each other. A tool analogical to ‘diff’, only working for PCBs rather than on files. Such a tool, implemented as a software, could e.g. take two (sets of) photos taken by the user of the two boards to compare. The photos might be taken with an ordinary camera, or, in a more sophisticated setup, using X-ray imaging to reveal also the internal layer wiring. This inititive has already been proposed by other researchers recently (e.g. [@appelbaum_technical_action_plan]), so it is not unreasonable to expect some progress in this area in the near future.

So when Make Magazine retweated a recent PCB Xray project, I thought of the above:

Homemade X-Ray Inspector Reveals PCB Secrets

Anyone who has ever tried to reverse engineer a printed circuit board is familiar with the frustration of tracing out the connections by eye and by multimeter. It’s a long process, and if there are multiple layers to the board, you may not even get the full picture. It would be a lot easier if you could just see through the board. On an industrial scale, X-ray inspection machines are used for this, but as you might suspect, they’re not cheap. So, hardware hacker John McMaster built his own.