search

hex-five / multizone-sdk

MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi
https://hex-five.com/multizone-security-tee-riscv/
Other
79 stars 24 forks source link

Atomic execution / prevent Zone from being interrupted #54

Closed AntonHermann closed 1 year ago

AntonHermann commented 1 year ago

Hey :)

is it possible to prevent the interruption of a security-critical routine for a short amount of time, maybe somehow configurable in the MultiZone config? From my understanding, any Zone can use its own multiplexed instance of the timer interrupt and this can't be prevented. Therefore, in theory a malicious zone could use this timer interrupt to interrupt another zone on purpose, is it not?

I know this situation is extremely specific and that it is unlikely, that such behavior can be used on purpose. But for the Remote Attestation procedure mentioned in #53 atomicity of the attestation routine is a requirement and despite very unlikely, there may be security concerns if targeted interruption of the Attestation procedure and shared memory access are combined.

Thanks in advance, Anton

cgarlati commented 1 year ago

@AntonHermann

Short answer: The execution of any zones is intrinsically atomic with respect to the others including their ISRs, which are executed in unprivileged user mode in the context of the zone mapped to the irq.

Long answer:

MultiZone's design guarantees non-interference: under no circumstance a zone's state can be affected by the execution of another zone. This includes secure shared memory protected with the read-only policy.

>>> is it possible to prevent the interruption of a security-critical routine for a short amount of time?

No. This would break the non-interference contract as one zone could indefinitely prevent the others from executing their ISRs.

>>> From my understanding, any Zone can use its own multiplexed instance of the timer interrupt and this can't be prevented. Therefore, in theory a malicious zone could use this timer interrupt to interrupt another zone on purpose, is it not?

It is not. All ISRs, including TMR 7, are bound to the zone's separation policies. Raising an interrupt and executing its ISR cannot alter the state of the other zones. From a timing perspective, as availability / denial of service is concerned, ISRs are bound to the global time constraint specified in the TICK policy. The most an ISR can do is to delay the execution of other zones' main and irq threads up to this time limit.

>>> I know this situation is extremely specific and that it is unlikely, that such behavior can be used on purpose. But for the Remote Attestation procedure mentioned in #53 atomicity of the attestation routine is a requirement and despite very unlikely, there may be security concerns if targeted interruption of the Attestation procedure and shared memory access are combined.

No security concern here. Atomicity is intrinsically guaranteed by the MultiZone TEE. Shared memory makes no difference as long as it is protected with read-only access.

cgarlati commented 1 year ago

@AntonHermann Can we close this one?

AntonHermann commented 1 year ago

Oh damn, I'm sorry, in the final weeks of my thesis I forgot to answer. Thank you so much, that helped me a lot :)

cgarlati commented 1 year ago

@AntonHermann Congrats on finishing your thesis! Any chance you could send us a copy? Would you be interested in writing a short blog post? Feel free to reach me at info at hex-five dot com