CFHider: Control Flow Obfuscation with Intel SGX

When a program is executed on an untrusted cloud, the confidentiality of the program's logics needs to be protected. Control flow obfuscation is a direct approach to obtain this goal. However, existing methods in this direction cannot achieve both high confidentiality and low overhead. In this paper, we propose CFHider, a hardware-assisted method to protect the control flow confidentiality. By combining program transformation and Intel Software Guard Extension (SGX) technology, CFHider moves branch statement conditions to an opaque and trusted memory space, i.e., the enclave, thereby offering a guaranteed control flow confidentiality. Based on the design of CFHider, we developed a prototype system targeting on Java applications. Our analysis and experimental results indicate that CFHider is effective in protecting the control flow confidentiality and incurs a much reduced performance overhead than existing software-based solutions (by a factor of 8.8).

[1]  Jinpeng Wei,et al.  Toward protecting control flow confidentiality in cloud-based computation , 2015, Comput. Secur..

[2]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[3]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[4]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[5]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[6]  Yan Wang,et al.  Turing Obfuscation , 2017, SecureComm.

[7]  Jonathon T. Giffin,et al.  Impeding Malware Analysis Using Conditional Code Obfuscation , 2008, NDSS.

[8]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[9]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[10]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[11]  Debin Gao,et al.  Linear Obfuscation to Combat Symbolic Execution , 2011, ESORICS.

[12]  Jie Huang,et al.  The HiBench benchmark suite: Characterization of the MapReduce-based data analysis , 2010, 2010 IEEE 26th International Conference on Data Engineering Workshops (ICDEW 2010).

[13]  Saumya K. Debray,et al.  Deobfuscation: reverse engineering obfuscated code , 2005, 12th Working Conference on Reverse Engineering (WCRE'05).

[14]  Christof Fetzer,et al.  SecureKeeper: Confidential ZooKeeper using Intel SGX , 2016, Middleware.

[15]  David M. Eyers,et al.  Glamdring: Automatic Application Partitioning for Intel SGX , 2017, USENIX ATC.

[16]  Todd M. Austin,et al.  Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[17]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[18]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[19]  Jack W. Davidson,et al.  Protection of software-based survivability mechanisms , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  Jack W. Davidson,et al.  Protection of software-based survivability mechanisms , 2001, 2001 International Conference on Dependable Systems and Networks.

[21]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[22]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[23]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[24]  Dinghao Wu,et al.  Lambda Obfuscation , 2017, SecureComm.