During the past few years, we have witnessed various efforts to provide confidentiality and integrity for applications running in untrusted environments such as public clouds. In most of these approaches, hardware extensions such as Intel SGX, TDX, AMD SEV, etc., are leveraged to provide encryption and integrity protection on process or VM level. Although all of these approaches increase the trust in the application at runtime, an often overlooked aspect is the integrity and confidentiality protection at build time, which is equally important as maliciously injected code during compilation can compromise the entire application and system. In this paper, we present Tical, a practical framework for trusted compilation that provides integrity protection and confidentiality in build pipelines from source code to the final executable. Our approach harnesses TEEs as runtime protection but enriches TEEs with file system shielding and an immutable audit log with version history to provide accountability. This way, we can ensure that the compiler chain can only access trusted files and intermediate output, such as object files produced by trusted processes. Our evaluation using micro- and macro-benchmarks shows that Tical can protect the confidentiality and integrity of whole CI/CD pipelines with an acceptable performance overhead.
翻译:过去几年中,我们见证了多种为在不可信环境(如公有云)中运行的应用程序提供机密性与完整性的努力。在大多数此类方法中,硬件扩展(如Intel SGX、TDX、AMD SEV等)被用于在进程或虚拟机层面提供加密与完整性保护。尽管这些方法均增强了运行时对应用程序的信任,但构建阶段的完整性与机密性保护这一常被忽视的方面同样至关重要,因为编译过程中恶意注入的代码可能危及整个应用程序及系统。本文提出TICAL,一种实用的可信编译框架,可在从源代码到最终可执行文件的构建流水线中提供完整性保护与机密性。我们的方法利用可信执行环境(TEE)作为运行时保护机制,并通过文件系统屏蔽及带有版本历史的不可变审计日志来增强TEE功能,以实现可追溯性。通过这种方式,我们确保编译链仅能访问可信文件及中间输出(如由可信进程生成的目标文件)。基于微观与宏观基准测试的评估表明,TICAL能够以可接受的性能开销为整个CI/CD流水线提供机密性与完整性保护。
相关内容
微信扫码咨询专知VIP会员