A Trusted Message Bus Built on Top of D-Bus

  • Newton C. Will UFPR
  • Tiago Heinrich UFPR
  • Amanda B. Viescinski UFPR
  • Carlos A. Maziero UFPR

Resumo


A wide range of applications use Inter-Process Communication (IPC) mechanisms to communicate between each other or between their components running in different processes. A well-known IPC mechanism in UNIX-like systems is D-Bus, which allows processes to communicate by receiving and routing messages. Despite being widely used, such system lacks mechanisms to provide end-to-end data confidentiality. In this paper we propose the use of Intel Software Guard Extensions (SGX) to provide a trusted communication channel between local applications over the D-Bus message bus system. We obtained stronger security guarantees in message confidentiality and integrity while keeping a small Trusted Computing Base (TCB) and compatibility with the reference D-Bus system.

Referências

Anati, I., Gueron, S., Johnson, S. P., and Scarlata, V. R. (2013). Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel. ACM.

Atlidakis, V., Andrus, J., Geambasu, R., Mitropoulos, D., and Nieh, J. (2016). POSIX has become outdated. ;login:, 41(3).

Bui, T., Rao, S. P., Antikainen, M., Bojan, V. M., and Aura, T. (2018). Man-in-themachine: Exploiting ill-secured communication inside the computer. In Proceedings of the 27th USENIX Security Symposium, Baltimore, MD, USA. USENIX Association.

bus1 (2016). bus1 – Kernel Message Bus. https://bus1.org/bus1.html.

bus1 (2018). D-Bus Broker. https://github.com/bus1/dbus-broker/wiki.

Costan, V. and Devadas, S. (2016). Intel SGX explained. Cryptology ePrint Archive, Report 2016/086. https://eprint.iacr.org/2016/086.pdf.

freedesktop.org (2015). kdbus. https://www.freedesktop.org/wiki/Software/systemd/kdbus/.

freedesktop.org (2018). D-Bus. https://www.freedesktop.org/wiki/Software/dbus/.

freedesktop.org (2020). dbus-daemon. https://dbus.freedesktop.org/doc/dbus-daemon.1.html.

Fuhry, B., Bahmani, R., Brasser, F., Hahn, F., Kerschbaum, F., and Sadeghi, A.-R. (2017). HardIDX: Practical and secure index with SGX. In Proceedings of the XXXI Data and Applications Security and Privacy, Philadelphia, PA, USA. Springer.

Havet, A., Pires, R., Felber, P., Pasin, M., Rouvoy, R., and Schiavoni, V. (2017). SecureStreams: A reactive middleware framework for secure data stream processing. In Proceedings of the 11th International Conference on Distributed and Event-based Systems, Barcelona, Spain. ACM.

Intel (2016). Intel Software Guard Extensions SDK for Linux OS Developer Reference. Intel Corporation. [link].

Jain, P., Desai, S., Kim, S., Shih, M.-W., Lee, J., Choi, C., Shin, Y., Kim, T., Kang, B. B., and Han, D. (2016). OpenSGX: An open platform for SGX research. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA. Internet Society.

Lauer, M. (2019). D-Bus, pages 171–200. Apress, Berkeley, CA, USA.

Love, R. (2005). Get on the D-BUS. Linux Journal, 2005(130):3.

Marhefka, M. and Muller, P. (2014). Dfuzzer: A D-Bus service fuzzing tool. In Proceedings of the 7th International Conference on Software Testing, Verification and Validation Workshops, Cleveland, OH, USA. IEEE.

McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C. V., Shafi, H., Shanbhogue, V., and Savagaonkar, U. R. (2013). Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel. ACM.

Melnikov, A. and Zeilenga, K. (2006). Simple Authentication and Security Layer (SASL).

RFC 4422, RFC Editor. https://tools.ietf.org/html/rfc4422.

Paoloni, G. (2010). How to benchmark code execution times on Intel IA-32 and IA-64 instruction set architectures. Intel Corporation. [link].

Pennington, H., Carlsson, A., Larsson, A., Herzberg, S., McVittie, S., and Zeuthen, D. (2020). D-Bus specification. freedesktop.org. rev. 0.36. https://dbus.freedesktop.org/doc/dbus-specification.html.

Pires, R., Pasin, M., Felber, P., and Fetzer, C. (2016). Secure content-based routing using Intel Software Guard Extensions. In Proceedings of the 17th International Middleware Conference, Trento, Italy. ACM.

Shaon, F., Kantarcioglu, M., Lin, Z., and Khan, L. (2017). SGX-BigMatrix: A practical encrypted data analytic framework with trusted processors. In Proceedings of the Conference on Computer and Communications Security, Dallas, TX, USA. ACM.

Sobchuk, J., O’Melia, S., Utin, D., and Khazan, R. (2018). Leveraging Intel SGX technology to protect security-sensitive applications. In Proceedings of the 17th International Symposium on Network Computing and Applications, Cambridge, MA, USA. IEEE.

Tanenbaum, A. S. and Bos, H. (2015). Modern Operating Systems. Pearson, Boston, MA, USA, 4th edition.

Whittaker, J. A. (2002). How to break software. Addison-Wesley, Boston, MA, USA.

Will, N. C. and Maziero, C. A. (2020). Using a shared SGX enclave in the UNIX PAM authentication service. In Proceedings of the 14th Annual International Systems Conference, Montreal, QC, Canadá. IEEE.

ZeroMQ (2020). An open-source universal messaging library. https://zeromq.org.
Publicado
13/10/2020
WILL, Newton C.; HEINRICH, Tiago; VIESCINSKI, Amanda B.; MAZIERO, Carlos A.. A Trusted Message Bus Built on Top of D-Bus. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 175-187. DOI: https://doi.org/10.5753/sbseg.2020.19236.

Artigos mais lidos do(s) mesmo(s) autor(es)