Digital Contact Tracing
Salathé Marcel, Althaus Christian L., Anderegg Nanina, Antonioli Daniele, Ballouz Tala, Bugnion Edouard, Čapkun Srdjan, Jackson Dennis, Kim Sang-Il, Larus James R., Low Nicola, Lueks Wouter, Menges Dominik, Moullet Cédric, Payer Mathias, Riou Julien, Stadler Theresa, Troncoso Carmela, Vayena Effy, von Wyl Viktor, Early evidence of effectiveness of digital contact tracing for SARS-CoV-2 in Switzerland, Swiss Medical Weekly, 2020;150:w20457 December 2020.
Programming languages and systems have failed to address the security implications of the increasingly frequent use of public libraries to construct modern software. Most languages provide tools and online repositories to publish, import, and use libraries; however, this double-edged sword can incorporate a large quantity of unknown, unchecked, and unverified code into an application. The risk is real, as demonstrated by malevolent actors who have repeatedly inserted malware into popular open-source libraries. This paper proposes a solution: enclosures, a new programming language construct for library isolation that provides a developer with fine-grain control over the resources that a library can access, even for libraries with complex inter-library dependencies. The programming abstraction is language-independent and could be added to most languages. These languages would then be able to take advantage of hardware isolation mechanisms that are effective across language boundaries. The enclosure policies are enforced at run time by LitterBox, a language-independent framework that uses hardware mechanisms to provide uniform and robust isolation guarantees, even for libraries written in unsafe languages. LitterBox currently supports both Intel VT-x (with general-purpose extended page tables) and the emerging Intel Memory Protection Keys (MPK). We describe an enclosure implementation for the Go and Python languages. Our evaluation demonstrates that the Go implementation can protect sensitive data in real-world applications constructed using complex untrusted libraries with deep dependencies. It requires minimal code refactoring and incurs acceptable performance overhead. The Python implementation demonstrates LitterBox’s ability to support dynamic languages.
Trusted Execution Environments (TEEs), such as Intel SGX’s enclave, use hardware to ensure the confidentiality and integrity of operations on sensitive data. While the technology is widely available, the complexity of its programming model and its performance overhead have limited adoption. TEEs provide a new and valuable hardware functionality that has no obvious analogue in programming languages, which means that developers must manually partition their application into trusted and untrusted components.
This paper describes an approach that fully integrates trusted execution in a language-appropriate manner. We extend the Go language to allow a programmer to execute a goroutine within an enclave, to use low-overhead channels to communicate between the trusted and untrusted environments, and to rely on a compiler to automatically extract the secure code and data. Our prototype compiler and runtime, GOTEE , is a backward-compatible fork of the Go compiler.
Adrien Ghosn, James Larus, Edouard Bugnion. Secured Routines: Language-based Construction of Trusted Execution Environments,
USENIX Annual Technical Conference (ATC), Renton WA, July 2019. https://infoscience.epfl.ch/record/268171.
Software Development Tools
Modern software systems heavily use the memory heap. As systems grow more complex and compute with increasing amounts of data, it can be difficult for developers to understand how their programs actually use the bytes that they allocate on the heap and whether improvements are possible. To answer this question of heap usage efficiency, we have built a new, detailed heap profiler called Memoro. Memoro uses a combination of static instrumentation, subroutine interception, and runtime data collection to build a clear picture of exactly when and where a program performs heap allocation, and crucially how it actually uses that memory. Memoro also introduces a new visualization application that can distill collected data into scores and visual cues that allow developers to quickly pinpoint and eliminate inefficient heap usage in their software. Our evaluation and experience with several applications demonstrate that Memoro can reduce heap usage and produce runtime improvements of 10%.
Stuart Byma and James R. Larus. Detailed Heap Profiling. 2018 ACMSIGPLAN International Symposium on Memory Management (ISMM’18). ACM, New York, NY, USA, 13 pages. https://doi.org/10.1145/3210563.3210564