Abstract
Containers are widely deployed on cloud platforms because of their low resource footprint, fast start-up time, and high performance, especially compared with its counterpart virtual machines. However, the Achilles’ heel of container technology is its weak isolation. For an attacker, jailbreaking into a host OS from a container is relatively easier than attacking a hypervisor from a virtual machine, because of its notably larger attack surface and larger trusted computing base (TCB). Researchers have proposed various solutions to protect applications from untrusted OS; yet, few of them focus on protecting containers, especially those hosting multiple applications and shared by multiple users. In this paper, we first identify several new attacks that cannot be prevented using the existing solutions. Furthermore, we systematically analyze the security properties that should be maintained to defend against these attacks and protect a full-fledged container from a malicious host OS. We then present the TZ-Container, a TrustZone-based secure container mechanism that can keep all these security properties. The TZ-Container specifically leverages TrustZone to construct multiple isolated execution environments (IEEs). Each IEE has a memory space isolated from the underlying OS and any other processes. By interposing switching between the user and the kernel modes, IEEs enforce security checks on each system call according to its semantics. We have implemented TZ-Container on the Hikey development board ensuring that it can support running unmodified Docker images downloaded from existing repositories such as https://hub.docker.com/. The evaluation results demonstrate that the TZ-Container has a performance overhead of approximately 5%.
Similar content being viewed by others
References
Merkel D. Docker: lightweight Linux containers for consistent development and deployment. Linux J, 2014, 2: 12
Moammer K. Amd launching “hierofalcon” 64bit arm embedded chips in 1h 2015-zen and k12 next year. 2015. http://wccftech.com/amd-launching-arm-serves-year-wip/#ixzz3Yef58mtq
Morgan T P. Arm servers: cavium is a contender with thunderx. 2015. https://www.nextplatform.com/2015/12/09/arm-servers-cavium-is-a-contender-with-thunderx/
Amd opteron a1100. AMD. 2016. http://www.amd.com/en-gb/products/server/opteron-a-series
Sverdlik Y. Paypal deploys arm servers in data centers. 2015. http://www.datacenterknowledge.com/archives/2015/04/29/paypal-deploys-arm-servers-in-data-centers
Rath J. Baidu deploys marvell arm-based cloud server. 2013. http://www.datacenterknowledge.com/archives/2013/02/28/baidu-deploys-marvell-arm-based-server/
Introduction of Rancher-labs. Rancher-labs. 2017. http://rancher.com/rancher-labs-2017-predictions-rapid-adoption-and-innovation-to-come/
Martin J. Kubernetes on arm. 2016. http://kubecloud.io/kubernetes-on-arm-cluster/
Docker on arm. Uli Middelberg. 2015. https://github.com/umiddelb/armhf/wiki/Installing,-running,-using-docker-on-armhf-(ARMv7)-devices
Linux CVE. CVE Details. 2016. http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/Linux-Linux-Kernel.html
Chen H, Zhang F, Chen C, et al. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor. Parallel Processing Institute Technical Report, 2007. FDUPPITR-2007-08001
Chen X, Garfinkel T, Lewis E, et al. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, 2008
Arnautov S, Trach B, Gregor F, et al. Scone: secure Linux containers with Intel SGX. In: Proceedings of USENIX Symposium on Operating Systems Design and Implementation, 2016
Yang J, Shin K G. Using hypervisor to provide data secrecy for user applications on a per-page basis. In: Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 2008. 71–80
Intel. Software guard extensions programming reference. 2015. https://software.intel.com/site/default/files/329298-001.pdf
Checkoway S, Shacham H. Iago attacks: why the system call API is a bad untrusted RPC interface. SIGARCH Comput Archit News, 2013, 41: 253–264
Hofmann O S, Kim S, Dunn A M, et al. InkTag: secure applications on an untrusted operating system. In: Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems, New York, 2013. 265–278
Kwon Y, Dunn A M, Lee M Z, et al. Sego: pervasive trusted metadata for efficiently verified untrusted system services. In: Proceedings of the 21st International Conference on Architectural Support for Programming Languages and Operating Systems, 2016. 277–290
Mitsuishi T, Nomura S, Suzuki J, et al. Accelerating breadth first search on GPU-BOX. SIGARCH Comput Archit News, 2014. 42: 81–86
Chhabra S, Rogers B, Solihin Y, et al. SecureME: a hardware-software approach to full system security. In: Proceedings of the International Conference on Supercomputing, 2011
Azab A M, Ning P, Zhang X. Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011. 375–388
Strackx R, Piessens F. Fides: selectively hardening software application components against kernel-level or process-level malware. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, 2012. 2–13
Sun H, Sun K, Wang Y, et al. Trustice: hardware-assisted isolated computing environments on mobile devices. In: Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015. 367–378
Li Y, McCune J, Newsome J, et al. Minibox: a two-way sandbox for x86 native code. In: Proceedings of 2014 USENIX Annual Technical Conference (USENIX ATC 14), 2014. 409–420
Baumann A, Peinado M, Hunt G. Shielding applications from an untrusted cloud with haven. In: Proceedings of ACM Transactions on Computer Systems (TOCS), 2015. 33: 8
Tsai C-C, Porter D E, Vij M. Graphene-sgx: a practical library OS for unmodified applications on SGX. In: Proceedings of USENIX Annual Technical Conference (ATC), 2017. 8
Guan L, Liu P, Xing X, et al. Trustshadow: secure execution of unmodified applications with ARM TrustZone. 2017. ArXiv: 1704.05600
Google. gvisor. 2018. https://github.com/google/gvisor
Alves T, Felton D. TrustZone: integrated hardware and software security. ARM White Paper, 2004, 3: 18–24
Lipp M, Schwarz M, Gruss D, et al. Meltdown. 2018. ArXiv: 1801.01207
Arm trusted firmware. ARM. 2017. https://github.com/ARM-software/arm-trusted-firmware
Xu Y, Cui W, Peinado M. Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: Proceedings of 2015 IEEE Symposium on Security and Privacy (SP), 2015. 640–656
Hähnel M, Cui W, Peinado M. High-resolution side channels for untrusted operating systems. In: Proceedings of 2017 USENIX Annual Technical Conference (USENIX ATC 17), 2017. 299–312
Kocher P, Genkin D, Gruss D, et al. Spectre attacks: exploiting speculative execution. 2018. ArXiv: 1801.01203
Weisse O, Van Bulck J, Minkin M, et al. Foreshadow-ng: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution. Technical Report, KU Leuven. 2018
Ta-Min R, Litty L, Lie D. Splitting interfaces: making trust between applications and operating systems configurable. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006. 279–292
Peinado M, Chen Y, England P, et al. Ngscb: a trusted open system. In: Proceedings of Australasian Conference on Information Security and Privacy, 2004. 86–97
McCune J M, Li Y, Qu N, et al. Trustvisor: efficient TCB reduction and attestation. In: Proceedings of 2010 IEEE Symposium on Security and Privacy (SP), 2010. 143–158
Dautenhahn N, Kasampalis T, Dietz W, et al. Nested kernel: an operating system architecture for intra-kernel privilege separation. In: Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems, 2015. 191–206
Dan W, Martin L, Ricardo K, et al. Unikernels as processes. In: Proceedings of 2018 ACM Symposium on Cloud Computing, 2018
Wang H, Shi P, Zhang Y. Jointcloud: a cross-cloud cooperation architecture for integrated internet service customization. In: Proceedings of 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017. 1846–1855
Cao D G, An B, Shi P C, et al. Providing virtual cloud for special purposes on demand in jointcloud computing environment. J Comput Sci Technol, 2017, 32: 211–218
Shi P C, Wang H M, Zheng Z B, et al. Collaboration environment for jointcloud computing (in Chinese). Sci Sin Inform, 2017, 47: 1129–1148
Azab A M, Ning P, Shah J, et al. Hypervision across worlds: real-time kernel protection from the arm TrustZone secure world. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014. 90–102
Cho Y, Shin J, Kwon D, et al. Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices. In: Proceedings of 2016 USENIX Annual Technical Conference (USENIX ATC 16), 2016. 565–578
Hua Z, Gu J, Xia Y, et al. vTZ: virtualizing ARM TrustZone. In: Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), 2017
Brasser F, Gens D, Jauernig P, et al. Sanctuary: ARMing TrustZone with user-space enclaves. In: Proceedings of the 26th Network and Distributed System Security Symposium, 2019
Acknowledgements
This work was supported in part by National Key Research & Development Program (Grant No. 2016YFB-1000104), National Natural Science Foundation of China (Grant No. 61772335), and Program of Shanghai Academic Research Leader.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hua, Z., Yu, Y., Gu, J. et al. TZ-Container: protecting container from untrusted OS with ARM TrustZone. Sci. China Inf. Sci. 64, 192101 (2021). https://doi.org/10.1007/s11432-019-2707-6
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-019-2707-6