Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX

Since its debut, SGX has been used in many applications, e.g., secure data processing. However, previous systems usually assume a trusted enclave and ignore the security issues caused by an untrusted enclave. For instance, a vulnerable (or even malicious) third-party enclave can be exploited to attack the host application and the rest of the system. In this paper, we propose an efficient mechanism to confine an untrusted enclave's behaviors. The threats of an untrusted enclave come from the enclave-host asymmetries. They can be abused to access arbitrary memory regions of its host application, jump to any code location after leaving the enclave and forge the stack register to manipulate the saved context. Our solution breaks such asymmetries and establishes mutual distrust between the host application and the enclave. It leverages Intel MPK for efficient memory isolation and the x86 single-step debugging mechanism to capture the event when an enclave is existing. It then performs the integrity check for the jump target and the stack pointer. We have solved two practical challenges and implemented a prototype system. The evaluation with multiple micro-benchmarks and representative real-world applications demonstrated the efficiency of our system, with less than 4% performance overhead.

[1]  Daniel Gruss,et al.  Kernel Isolation: From an Academic Idea to an Efficient Patch for Every Computer , 2018, login Usenix Mag..

[2]  Insik Shin,et al.  SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs , 2017, NDSS.

[3]  Soyeon Park,et al.  libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK) , 2019, USENIX Annual Technical Conference.

[4]  Samuel Weiser,et al.  Practical Enclave Malware with Intel SGX , 2019, DIMVA.

[5]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[6]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[7]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[8]  Mingwei Zhang,et al.  SGXElide: enabling enclave code secrecy via self-modification , 2018, CGO.

[9]  Stefan Lankes,et al.  Intra-unikernel isolation with Intel memory protection keys , 2020, VEE.

[10]  Samuel Weiser,et al.  SGXJail: Defeating Enclave Malware via Confinement , 2019, RAID.

[11]  Frank Piessens,et al.  A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes , 2019, CCS.

[12]  Rüdiger Kapitza,et al.  Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution , 2017, USENIX Security Symposium.

[13]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[14]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[15]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[16]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[17]  Christof Fetzer,et al.  SGXBOUNDS: Memory Safety for Shielded Execution , 2017, EuroSys.

[18]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[19]  Yong Qi,et al.  MPTEE: bringing flexible and efficient memory protection to Intel SGX , 2020, EuroSys.

[20]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[21]  Tao Wei,et al.  Towards Memory Safe Enclave Programming with Rust-SGX , 2019, CCS.

[22]  Andrew Baumann,et al.  Autarky: closing controlled channels with self-paging enclaves , 2020, EuroSys.

[23]  Hassan Takabi,et al.  Privacy-preserving Machine Learning as a Service , 2018, Proc. Priv. Enhancing Technol..

[24]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[25]  Michael L. Scott,et al.  Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries , 2019, USENIX Annual Technical Conference.

[26]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[27]  Tao Wei,et al.  COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX , 2020, ASPLOS.

[28]  Yubin Xia,et al.  Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX , 2020, ASPLOS.

[29]  Yajin Zhou,et al.  LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed , 2017, CCS.

[30]  Peter Druschel,et al.  ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK) , 2019, USENIX Security Symposium.