OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, - - PowerPoint PPT Presentation

opensgx an open platform for
SMART_READER_LITE
LIVE PREVIEW

OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, - - PowerPoint PPT Presentation

Aug 13, 2022 518 likes •1.28k views

OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim* , Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim, Brent Byunghoon Kang, Dongsu Han 1 Trusted Execution Environment (TEE) Hardware

slide-1
SLIDE 1

OpenSGX: An Open Platform for SGX Research

Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim, Brent Byunghoon Kang, Dongsu Han

1

slide-2
SLIDE 2

Trusted Execution Environment (TEE)

2

  • Hardware technologies for trusted computing

– Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform

slide-3
SLIDE 3

Trusted Execution Environment (TEE)

3

  • Hardware technologies for trusted computing

– Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform

slide-4
SLIDE 4

Trusted Execution Environment (TEE)

4

  • Hardware technologies for trusted computing

– Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform

slide-5
SLIDE 5

Trusted Execution Environment (TEE)

5

  • Hardware technologies for trusted computing

– Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform

slide-6
SLIDE 6

Trusted Execution Environment (TEE)

6

  • Hardware technologies for trusted computing

– Isolated execution: integrity of code, confidentiality – To protect application from untrusted platform

  • Practical limitations of TEEs

– Trusted Platform Module (TPM) : Poor performance – ARM TrustZone : Compatibility (only for embedded devices)

slide-7
SLIDE 7

Intel SGX

7

  • An extension of x86 Instruction Set Architecture (ISA)

– Offers native performance, Compatibility with x86 – Application keeps its data/code inside the “enclave”

Operating System (untrusted) Application (untrusted) Enclave Skylake CPU

slide-8
SLIDE 8

Intel SGX

8

  • An extension of x86 Instruction Set Architecture (ISA)

– Offers native performance, Compatibility with x86 – Application keeps its data/code inside the “enclave”

Operating System (untrusted) Application (untrusted) Enclave

Data Code

Skylake CPU

slide-9
SLIDE 9

Intel SGX 101: Isolated Execution

  • Smallest attack surface by reducing TCB (App + processor)
  • Protect app’s secret from untrusted privilege software

9

Address Space Enclave Physical Memory EPC

Encrypted code/data

CPU Package

slide-10
SLIDE 10

Intel SGX 101: Isolated Execution

  • Smallest attack surface by reducing TCB (App + processor)
  • Protect app’s secret from untrusted privilege software

10

Address Space Enclave Physical Memory EPC

Encrypted code/data

CPU Package Memory Encryption Engine (MEE)

slide-11
SLIDE 11

Intel SGX 101: Isolated Execution

  • Smallest attack surface by reducing TCB (App + processor)
  • Protect app’s secret from untrusted privilege software

11

Address Space Enclave Physical Memory EPC

Encrypted code/data

CPU Package Memory Encryption Engine (MEE)

slide-12
SLIDE 12

Intel SGX 101: Isolated Execution

  • Smallest attack surface by reducing TCB (App + processor)
  • Protect app’s secret from untrusted privilege software

12

Address Space Enclave Physical Memory EPC

Encrypted code/data

CPU Package Memory Encryption Engine (MEE) Processor Key

slide-13
SLIDE 13

Intel SGX 101: Isolated Execution

  • Smallest attack surface by reducing TCB (App + processor)
  • Protect app’s secret from untrusted privilege software

13

Address Space Enclave Physical Memory EPC

Encrypted code/data

CPU Package Memory Encryption Engine (MEE) Snooping Processor Key

slide-14
SLIDE 14

Intel SGX 101: Isolated Execution

  • Smallest attack surface by reducing TCB (App + processor)
  • Protect app’s secret from untrusted privilege software

14

Address Space Enclave Access from OS/VMM Physical Memory EPC

Encrypted code/data

CPU Package Memory Encryption Engine (MEE) Snooping Processor Key

slide-15
SLIDE 15

Intel SGX 101: Remote attestation

15 15

  • Attest an application on remote platform

– Check the integrity of enclave (hash of code/data pages) – Verify whether enclave is running on real SGX CPU – Can establish a “secure channel” between enclaves

Application Enclave

Quoting Enclave

Remote platform User platform

  • 1. Request

Application Challenger Enclave Attestation Verification

EPID key Ephemeral

  • 2. Create REPORT
  • 3. Sign with

EPID group key (Create QUOTE)

  • 4. Send

QUOTE

  • 5. Verify
slide-16
SLIDE 16

Intel SGX 101: Remote attestation

16 16

  • Attest an application on remote platform

– Check the integrity of enclave (hash of code/data pages) – Verify whether enclave is running on real SGX CPU – Can establish a “secure channel” between enclaves

Application Enclave

Quoting Enclave

Remote platform User platform

  • 1. Request

Application Challenger Enclave Attestation Verification

EPID key Ephemeral

  • 2. Create REPORT
  • 3. Sign with

EPID group key (Create QUOTE)

  • 4. Send

QUOTE

  • 5. Verify

Intel SGX brings new opportunities for enhancing security of applications

slide-17
SLIDE 17

SGX Research: Current Status

  • Pioneering research: Adopting SGX on cloud computing

(Haven [OSDI14], VC3 [S&P15])

  • Confidentiality verification of SGX program

(Moat [CCS15])

  • Adopts SGX on networking [HotNets15]

17

slide-18
SLIDE 18

SGX Research: Current Status

  • However, software technologies for SGX lag behind their

hardware counterpart

18

SGX CPU and SDK is now available! But..

  • Specification for SGX [revision 1 & 2] is not fully available
  • n the SGX hardware (only functionalities in revision 1)
  • SGX technology has a complex license model
slide-19
SLIDE 19

OpenSGX: Design Goal

19

  • Offers a complete platform for SGX research

– To explore software and hardware design space of SGX – To develop and evaluate SGX-enabled applications

slide-20
SLIDE 20

OpenSGX: Design Goal

20

  • Offers a complete platform for SGX research

– To explore software and hardware design space of SGX – To develop and evaluate SGX-enabled applications

  • Fills non-trivial issues on SGX software components

– Support for system software and user-level APIs – Familiar programming model and interface – Secure design to defend against potential attack vectors (e.g., Iago attacks)

slide-21
SLIDE 21

OpenSGX: Design Goal

21

  • Offers a complete platform for SGX research

– To explore software and hardware design space of SGX – To develop and evaluate SGX-enabled applications

  • Fills non-trivial issues on SGX software components

– Support for system software and user-level APIs – Familiar programming model and interface – Secure design to defend against potential attack vectors (e.g., Iago attacks)

  • Non goal : security guarantee
slide-22
SLIDE 22

Binary Translation

OpenSGX: Approach

22

  • Using userspace emulation of QEMU

– Binary translation to support SGX instructions – QEMU helper routine to implement complex instructions Helper routine

  • Set registers
  • Operates

SGX instructions

QEMU Host (single address space)

Wrapper

Lib Stack Heap

Enclave

Code Data

EPC EPC EPC EPC EPC

… …

enclu(){ …

asm(“.byte 0x0f” “.byte 0x01” “.byte 0xd7” “rax=entry”

… }

Entry point

… if(opcode == 0x0f01d7) { helper_enclu(); } …

RIP

slide-23
SLIDE 23

Binary Translation

OpenSGX: Approach

23

  • Using userspace emulation of QEMU

– Binary translation to support SGX instructions – QEMU helper routine to implement complex instructions Helper routine

  • Set registers
  • Operates

SGX instructions

QEMU Host (single address space)

Wrapper

Lib Stack Heap

Enclave

Code Data

EPC EPC EPC EPC EPC

… …

enclu(){ …

asm(“.byte 0x0f” “.byte 0x01” “.byte 0xd7” “rax=entry”

… }

Entry point

… if(opcode == 0x0f01d7) { helper_enclu(); } …

RIP

slide-24
SLIDE 24

OpenSGX: Component Overview

24

  • Emulated SGX hardware

SGX QEMU (HW emulation)

slide-25
SLIDE 25

OpenSGX: Component Overview

25

  • Emulated SGX hardware

SGX OS Emulation SGX QEMU (HW emulation)

  • OS emulation layer
slide-26
SLIDE 26

OpenSGX: Component Overview

26

  • Emulated SGX hardware

SGX OS Emulation SGX QEMU (HW emulation) SGX Libraries

Trampoline Stub

  • OS emulation layer
  • OpenSGX user library
slide-27
SLIDE 27

OpenSGX: Component Overview

27

  • Emulated SGX hardware

SGX OS Emulation SGX QEMU (HW emulation) OpenSGX toolchain SGX Libraries

Trampoline Stub

  • OS emulation layer
  • OpenSGX user library
  • OpenSGX toolchain
slide-28
SLIDE 28

OpenSGX: Component Overview

28

  • Emulated SGX hardware
  • Enclave loader

SGX OS Emulation SGX QEMU (HW emulation) OpenSGX toolchain Enclave loader SGX Libraries

Trampoline Stub

Runtime library

  • OS emulation layer
  • OpenSGX user library
  • OpenSGX toolchain
slide-29
SLIDE 29

OpenSGX: Component Overview

29

  • Emulated SGX hardware
  • Enclave loader

SGX OS Emulation SGX QEMU (HW emulation) OpenSGX toolchain Enclave loader SGX Libraries

Trampoline Stub

Runtime library Enclave Debugger Performance Monitor

  • OS emulation layer
  • OpenSGX user library
  • OpenSGX toolchain
  • Enclave debugger
  • Performance monitor
slide-30
SLIDE 30

OpenSGX: Component Overview

30

  • Emulated SGX hardware
  • Enclave loader

SGX OS Emulation SGX QEMU (HW emulation) Enclave Program OpenSGX toolchain Enclave loader SGX Libraries

Trampoline Stub

Runtime library Enclave Debugger Performance Monitor

  • OS emulation layer
  • OpenSGX user library
  • OpenSGX toolchain
  • Enclave debugger
  • Performance monitor
slide-31
SLIDE 31

OpenSGX: Component Overview

31

  • Emulated SGX hardware
  • Enclave loader

SGX OS Emulation SGX QEMU (HW emulation) Enclave Program OpenSGX toolchain Enclave loader SGX Libraries

Trampoline Stub

Runtime library Enclave Debugger Performance Monitor

  • OS emulation layer
  • OpenSGX user library
  • OpenSGX toolchain
  • Enclave debugger
  • Performance monitor

void enclave_main(){ char *hello = “hello sgx!\n”; sgx_enclave_wriate(hello, strlen(hello)); sgx_exit(NULL); } $ opensgx hello.sgx hello.conf hello sgx! Code enclave_main() Data “hello sgx\n” 0x0000 EPC1 0x1000 EPC2 Entry point : SigStruct: …

slide-32
SLIDE 32

OpenSGX: Component Overview

32

  • Emulated SGX hardware
  • Enclave loader

  

SGX OS Emulation SGX QEMU (HW emulation) Enclave Program OpenSGX toolchain Enclave loader SGX Libraries

Trampoline Stub

Runtime library Enclave Debugger Performance Monitor

  • OS emulation layer
  • OpenSGX user library
  • OpenSGX toolchain
  • Enclave debugger
  • Performance monitor

void enclave_main(){ char *hello = “hello sgx!\n”; sgx_enclave_wriate(hello, strlen(hello)); sgx_exit(NULL); } $ opensgx hello.sgx hello.conf hello sgx! Code enclave_main() Data “hello sgx\n” 0x0000 EPC1 0x1000 EPC2 Entry point : SigStruct: …

slide-33
SLIDE 33

Hardware Emulation

33

  • Emulates all data structures(e.g., EPCM) and processor key
  • EPC Memory management

– Direct mapping on virtual memory – Access protection: Instrument memory access

slide-34
SLIDE 34

Hardware Emulation

34

  • Emulates all data structures(e.g., EPCM) and processor key
  • EPC Memory management

– Direct mapping on virtual memory – Access protection: Instrument memory access Virtual address space

slide-35
SLIDE 35

Hardware Emulation

35

  • Emulates all data structures(e.g., EPCM) and processor key
  • EPC Memory management

– Direct mapping on virtual memory – Access protection: Instrument memory access

EPC_begin EPC_end

Virtual address space

slide-36
SLIDE 36

Hardware Emulation

36

  • Emulates all data structures(e.g., EPCM) and processor key
  • EPC Memory management

– Direct mapping on virtual memory – Access protection: Instrument memory access

EPC_begin EPC_end enclave_begin enclave_end

Virtual address space

  • 2. Prohibit others enclaves’

EPC to current enclave’s EPC

  • 1. Prohibit access

from host to EPC

slide-37
SLIDE 37

Hardware Emulation

37

  • Emulates all data structures(e.g., EPCM) and processor key
  • EPC Memory management

– Direct mapping on virtual memory – Access protection: Instrument memory access

EPC_begin EPC_end enclave_begin enclave_end

QEMU’s translation routine

… Case (Load | Store) { } …

Virtual address space

  • 2. Prohibit others enclaves’

EPC to current enclave’s EPC

  • 1. Prohibit access

from host to EPC

slide-38
SLIDE 38

Instruction Support

38

  • OpenSGX supports most instructions specified

– 21 out of 24 instructions – Except for debugging related instructions (e.g., EDBGRD) – Instead, it offers rich environment for debugging since it is a “software emulator” (e.g., GDB stub)

slide-39
SLIDE 39

Instruction Support

39

  • OpenSGX supports most instructions specified

– 21 out of 24 instructions – Except for debugging related instructions (e.g., EDBGRD) – Instead, it offers rich environment for debugging since it is a “software emulator” (e.g., GDB stub)

  • Provides simple C APIs which wraps assembly code

– User-level instructions (ENCLU) : accessible to user-level APIs – Super-level instructions (ENCLS) : Requires system support

slide-40
SLIDE 40

OS Emulation Layer

40

  • Emulate OS to execute the privileged SGX instructions

– Bootstrapping (EPC allocation) – Enclave initialization & page translation – Dynamic EPC page allocation System call Description

sys_sgx_init() Allocate EPC memory region sys_init_enclave() Create an enclave, Add and measure EPC pages sys_add_epc() Allocates a new EPC page to the running enclave sys_stat_enclave() Obtains the enclave statistics

slide-41
SLIDE 41

OS Emulation Layer

41

  • Emulate OS to execute the privileged SGX instructions

– Bootstrapping (EPC allocation) – Enclave initialization & page translation – Dynamic EPC page allocation System call Description

sys_sgx_init() Allocate EPC memory region sys_init_enclave() Create an enclave, Add and measure EPC pages sys_add_epc() Allocates a new EPC page to the running enclave sys_stat_enclave() Obtains the enclave statistics

Planning to extend the emulated OS for the system-level layer

slide-42
SLIDE 42

Stub and Trampoline Interface

“A strict and narrow interface to handle enclave-host communication using shared data/code”

42

slide-43
SLIDE 43

Stub and Trampoline Interface

“A strict and narrow interface to handle enclave-host communication using shared data/code”

43

Enclave

Code Heap Lib

Emulated OS Wrapper

Trampoline

(Shared) Stub : Shared data to specify the function code and arguments Trampoline : Shared code to call user-level APIs in the wrapper

Stub

slide-44
SLIDE 44

Stub and Trampoline Interface

“A strict and narrow interface to handle enclave-host communication using shared data/code”

44

Enclave

Code Heap Lib

Emulated OS Wrapper

Trampoline

(Shared)

… if (fcode == FUNC_MALLOC) alloc_tramp(); …

fcode mcode argument1 heap_end

Stub : Shared data to specify the function code and arguments Trampoline : Shared code to call user-level APIs in the wrapper

… malloc(100); … malloc(){ … sgx_exit(tram); … }

Stub

slide-45
SLIDE 45

Stub and Trampoline Interface

“A strict and narrow interface to handle enclave-host communication using shared data/code”

45

Enclave

Code Heap Lib

Emulated OS Wrapper

Trampoline

(Shared)

… if (fcode == FUNC_MALLOC) alloc_tramp(); …

fcode mcode argument1 heap_end

Stub : Shared data to specify the function code and arguments Trampoline : Shared code to call user-level APIs in the wrapper

Heap

… malloc(100); … malloc(){ … sgx_exit(tram); … }

Stub

FULL!

slide-46
SLIDE 46

Stub and Trampoline Interface

“A strict and narrow interface to handle enclave-host communication using shared data/code”

46

Enclave

Code Heap Lib

Emulated OS Wrapper

Trampoline

(Shared)

… if (fcode == FUNC_MALLOC) alloc_tramp(); …

fcode mcode argument1 heap_end

Stub : Shared data to specify the function code and arguments Trampoline : Shared code to call user-level APIs in the wrapper

Heap

… malloc(100); … malloc(){ … sgx_exit(tram); … }

<Specification> fcode : FUNC_MALLOC mcode : EAUG size: 100

Stub

FULL!

slide-47
SLIDE 47

Trampoline and Stub Interface

Stub

“A strict and narrow interface to handle enclave-host communication using shared data/code”

47

Enclave

Code

malloc(100);

Heap Lib

malloc(){ … sgx_exit(tram); … }

Emulated OS

Trampoline

(Shared)

heap_end

EEXIT

FUNC_MALLOC EAUG 100

… if (fcode == FUNC_MALLOC) alloc_tramp(); …

Wrapper

alloc_tramp() { … sys_add_epc(); … }

User-level APIs to request system calls

slide-48
SLIDE 48

Trampoline and Stub Interface

Stub

“A strict and narrow interface to handle enclave-host communication using shared data/code”

48

Enclave

Code

malloc(100);

Heap Lib

malloc(){ … sgx_exit(tram); … }

Emulated OS

int sys_add_epc() { encls(EAUG, …); …

Trampoline

(Shared)

Call EAUG heap_end

EEXIT

FUNC_MALLOC EAUG 100

… if (fcode == FUNC_MALLOC) alloc_tramp(); …

Wrapper

alloc_tramp() { … sys_add_epc(); … }

User-level APIs to request system calls

System Call

slide-49
SLIDE 49

Trampoline and Stub Interface

Stub

“A strict and narrow interface to handle enclave-host communication using shared data/code”

49

Enclave

Code

malloc(100);

Heap Lib

malloc(){ … sgx_exit(tram); … }

Emulated OS

int sys_add_epc() { encls(EAUG, …); …

Trampoline

(Shared)

Call EAUG

ERESUME EEXIT

FUNC_MALLOC EAUG 100

… if (fcode == FUNC_MALLOC) alloc_tramp(); …

Wrapper

alloc_tramp() { … sys_add_epc(); … }

User-level APIs to request system calls

System Call

heap_end+4K

slide-50
SLIDE 50

Evaluation: Tor Network

50

  • Redesigns non-trivial application to use OpenSGX
  • Tor : volunteer-based anonymity network
slide-51
SLIDE 51

Evaluation: Tor Network

51

  • Redesigns non-trivial application to use OpenSGX
  • Tor : volunteer-based anonymity network

“Defend possible attacks on Tor components when they are compromised by adversaries”

slide-52
SLIDE 52

Evaluation: Tor Network

52

  • Redesigns non-trivial application to use OpenSGX
  • Tor : volunteer-based anonymity network
  • Here, defense against network-level attacks on Tor is
  • ut of scope

“Defend possible attacks on Tor components when they are compromised by adversaries”

slide-53
SLIDE 53

SGX-enabled Tor Design

53

  • Design goal

– Protect data/code from adversary – Reducing Trusted Computing Base Enclave Exit node (or directory server) Separation

slide-54
SLIDE 54

SGX-enabled Tor Design

54

  • Design goal

– Protect data/code from adversary – Reducing Trusted Computing Base Enclave Exit node (or directory server)

Key Relay table

gen_key(){ … } encrypt(){ … }

Core operations (e.g., key creation, encryption, decryption, …)

Separation

slide-55
SLIDE 55

SGX-enabled Tor Design

55

  • Design goal

– Protect data/code from adversary – Reducing Trusted Computing Base Enclave Exit node (or directory server)

Key Relay table

gen_key(){ … } encrypt(){ … }

Core operations (e.g., key creation, encryption, decryption, …)

Separation Interaction Rest of Tor operations

  • 1. Send/receive packets
  • 2. Initialize data structures

slide-56
SLIDE 56

Enclave Other Tor nodes

SGX-enabled Tor Design

56

  • Design goal

– Protect data/code from adversary – Reducing Trusted Computing Base Enclave Exit node (or directory server)

Key Relay table

gen_key(){ … } encrypt(){ … }

Core operations (e.g., key creation, encryption, decryption, …)

Separation Interaction Rest of Tor operations

  • 1. Send/receive packets
  • 2. Initialize data structures

Remote Attestation Interaction

slide-57
SLIDE 57

Performance Profiling

57

Code Data Total OpenSSL 271 89 360 SgxLib 3 1 4 Tor 4 1 5 Total 278 91 369

(Unit: Number of pages)

Required EPC : Less than 2MB

  • Performance profiling of Tor exit node

– Using OpenSGX performance monitor

200 400 600 800 1000 1200

# of instructions (M)

Key generation Consensus creation Circuit establishment & Service Total

slide-58
SLIDE 58

OpenSGX: Current Status

58

  • Available at github, released in May 2015

– Available in https://github.com/sslab-gatech/opensgx – 7 Contributors (Gatech, KAIST, Two sigma, MITRC, …) – 31 unique cloners, 1,645 Views (Until January, 2016)

  • What’s next?

– Binary compatibility with Intel SGX hardware – Implement unsupported functionalities (e.g., multi-threading)

  • Our current community
slide-59
SLIDE 59

Our Early Lessons on SGX

59

  • Misconceptions on SGX

– SGX for desktop-like environment : Needs secure I/O channel (integration with hardware technology such as Intel IPT) – Need EPID support for the remote attestation

slide-60
SLIDE 60

Our Early Lessons on SGX

60

  • Misconceptions on SGX

– SGX for desktop-like environment : Needs secure I/O channel (integration with hardware technology such as Intel IPT) – Need EPID support for the remote attestation

  • Malicious use of Intel SGX

– Malware might be possible by abusing the isolation property – Fails on traditional signature-based AV programs

slide-61
SLIDE 61

Conclusion

61

  • We design and implement OpenSGX, fully functional and

instruction-compatible SGX emulator

slide-62
SLIDE 62

Conclusion

62

  • We design and implement OpenSGX, fully functional and

instruction-compatible SGX emulator

  • As a showcasing application, we develop SGX-enabled

Tor to enhance the security and privacy

slide-63
SLIDE 63

Conclusion

63

  • We design and implement OpenSGX, fully functional and

instruction-compatible SGX emulator

  • As a showcasing application, we develop SGX-enabled

Tor to enhance the security and privacy

  • OpenSGX offers opportunities to explore all components
  • f SGX research

– Hardware semantics (e.g., encryption scheme of MEE) – System software, enclave loader and user-level APIs – Redesigning unforeseen security applications (e.g., Tor)

slide-64
SLIDE 64

64

Thanks! Any Questions?

slide-65
SLIDE 65

SGX Threat Model

65

“An adversary has control over all software components (including OS and hypervisor) and hardware except the CPU package”

  • Protection against denial-of-service is out of scope
slide-66
SLIDE 66

Comparison: Intel SGX vs OpenSGX

66

Intel SGX OpenSGX Type Hardware Software Emulator Instructions 16 ENCLS, 8 ENCLU 13 ENCLS, 8 ENCLU (Except debugging) Data structures Specified ○ Paging Page table Direct mapping System software Not specified User level emulation User level APIs SDK is available (Only for Windows) ○

slide-67
SLIDE 67

OpenSGX User Library

67

  • Challenge 1: Facilitate the enclave programming

– Custom in-enclave library : APIs for user-level SGX instructions – Porting standard C library (glibc)

  • Challenge 2: Minimize attack surface between

enclave and the potentially malicious host process

– Function call relies on OS features will break an execution of enclave programs – Such functions open up new attack surfaces (e.g., Iago attacks)

slide-68
SLIDE 68

Enclave

Defense against Iago attacks

68

  • Iago attacks [ASPLOS’13] : Malicious OS tries to

subvert trusted application by incorrect behavior

ex) adds incorrect EPC page for heap

… malloc(); … Application In-enclave Lib

Emulated OS Wrapper

Stub

heap_end cur_heap_ptr

void *malloc(int size){ if(cur_heap_ptr == heap_end) { stub->mcode = EAUG; exit(trampoline); }

Trampoline

malloc_tramp() { sys_add_epc(); } enclu(EACCEPT, …); int sys_add_epc() { … }

Bad EPC page Detect!

slide-69
SLIDE 69

Memory State of OpenSGX Program

69

SGX OS Emulation QEMU SGX

User process (single address space)

ENCLS (e.g., EINIT)

Package Info

Entry point Measurement Key …

SGX Lib

Trampoline Stub

Wrapper

Lib Stack Heap

Enclave Program

Code Data

EPC EPC EPC EPC EPC

… …

Privilege boundary System calls boundary

ENCLU (e.g., EENTER) ENCLU (e.g., EEXIT) System call (e.g., sys_sgxinit())

slide-70
SLIDE 70

Attacks on Tor Components

  • Tor network : uses 3-hop onion routing

– Directory servers : Advertise available onion routers (ORs), vote for bad exit nodes

Entry Relay Exit

When exit node is compromised, (unless end-to-end encryption is used)

  • 1. Snooping or tampering of the plain-text
  • 2. Break of anonymity : Bad apple attack

70

Directory servers Tor client Destination

Tor network

slide-71
SLIDE 71

Attacks on Tor Components

  • Tor network : uses 3-hop onion routing

– Directory servers : Advertise available onion routers (ORs), vote for bad exit nodes Directory servers Tor client Destination

Entry Relay Exit

When directory servers are compromised,

  • 1. Tie-breaking attacks while voting
  • 2. Admission of malicious ORs

71

Tor network

slide-72
SLIDE 72

Performance Profiling: CPU cycles

72

<Directory Server> <Tor Exit Node>

3000 6000 9000 12000 15000 18000

# of CPU cycles (M)

Key generation Consensus creation Circuit establishment & Service Total

200 400 600 800 1000 1200

# of CPU cycles (M)

OpenSGX Native QEMU OpenSGX Native QEMU

2.8x 2.7x

  • ENCLU(EEXIT, ERESUME) calls
  • In-enclave library code to handle stub & trampoline interface
slide-73
SLIDE 73

Performance Profiling: TCB

  • Required EPC size: Less than 2MB for each process
  • TCB size : 54% smaller than compared to Tor code base

73

Code Data Total OpenSSL 270 88 358 SgxLib 3 1 4 Tor 3 1 4 Total 276 90 366 Code Data Total OpenSSL 271 89 360 SgxLib 3 1 4 Tor 4 1 5 Total 278 91 369

<Directory Server> <Tor Exit Node>

(Unit: Number of pages)

slide-74
SLIDE 74

OpenSGX implementation

74

  • OpenSGX is an open source project!

– Modified lines of code : 19K – First released in May, 2015 – 7 Contributors (Gatech, KAIST) – 31 unique cloners, 1,645 Views (Until January, 2016) – Available at https://github.com/sslab-gatech/opensgx.git