S GX E LIDE : Enabling Enclave Code Secrecy via Self-Modification - - PowerPoint PPT Presentation

s gx e lide enabling enclave code secrecy via self
SMART_READER_LITE
LIVE PREVIEW

S GX E LIDE : Enabling Enclave Code Secrecy via Self-Modification - - PowerPoint PPT Presentation

Dec 17, 2023 339 likes •1.09k views

S GX E LIDE : Enabling Enclave Code Secrecy via Self-Modification Erick Bauman 1 , Huibo Wang 1 , Mingwei Zhang 2 , Zhiqiang Lin 1 , 3 1 University of Texas at Dallas 2 Intel Labs 3 The Ohio State University CGO 2018 Introduction Background and

slide-1
SLIDE 1

SGXELIDE: Enabling Enclave Code Secrecy via Self-Modification

Erick Bauman1, Huibo Wang1, Mingwei Zhang2, Zhiqiang Lin1,3

1University of Texas at Dallas 2Intel Labs 3The Ohio State University

CGO 2018

slide-2
SLIDE 2

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

2 / 23

slide-3
SLIDE 3

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Intel SGX

Provides secure enclaves

3 / 23

slide-4
SLIDE 4

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Intel SGX

Provides secure enclaves Memory regions isolated from all

  • ther code

3 / 23

slide-5
SLIDE 5

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Intel SGX

Provides secure enclaves Memory regions isolated from all

  • ther code

Cannot be accessed by OS or hypervisor

3 / 23

slide-6
SLIDE 6

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Hypervisor Hardware Operating System App App App Trusted

4 / 23

slide-7
SLIDE 7

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Hypervisor Hardware Operating System App App App Trusted

4 / 23

slide-8
SLIDE 8

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Disk Application Enclave

Code Data

5 / 23

slide-9
SLIDE 9

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Application Enclave

Code Data Code Data

5 / 23

slide-10
SLIDE 10

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Attest Application Enclave

Code Data Code Data

5 / 23

slide-11
SLIDE 11

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Attest Application Enclave

Code Data Code Data

Data Integrity

5 / 23

slide-12
SLIDE 12

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Attest Application Enclave

Code Data Code Data

Code Integrity Data Integrity

5 / 23

slide-13
SLIDE 13

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Attest Application Enclave

Code Data Code Secret Data Data

Code Integrity Data Integrity

5 / 23

slide-14
SLIDE 14

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Attest Application Enclave

Code Data Code Secret Data Data Secret Data

Code Integrity Data Integrity Data Confidentiality

5 / 23

slide-15
SLIDE 15

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Attest Application Enclave

Code Data Code Secret Code Data Secret Data

?

Code Integrity Data Integrity Data Confidentiality

5 / 23

slide-16
SLIDE 16

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

Client Enclave Disk Attest Application Enclave

Code Data Code Secret Code Data Secret Data

?

Code Integrity Data Integrity Data Confidentiality Code Confidentiality

5 / 23

slide-17
SLIDE 17

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Intel SGX

“The enclave file can be disassembled, so the algorithms used by the enclave developer will not remain secret.” –SGX SDK Manual

6 / 23

slide-18
SLIDE 18

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE

Definition

Elide: To leave out or omit

7 / 23

slide-19
SLIDE 19

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Challenges

Enclaves must be signed and unmodified until initialization

8 / 23

slide-20
SLIDE 20

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Challenges

Enclaves must be signed and unmodified until initialization The entire enclave cannot be encrypted

8 / 23

slide-21
SLIDE 21

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Challenges

Enclaves must be signed and unmodified until initialization The entire enclave cannot be encrypted Any secrets cannot be stored in the enclave

8 / 23

slide-22
SLIDE 22

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Challenges

Enclaves must be signed and unmodified until initialization The entire enclave cannot be encrypted Any secrets cannot be stored in the enclave There should be minimal toolchain changes

8 / 23

slide-23
SLIDE 23

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Main Idea

Redact (or sanitize) secrets and restore at runtime

9 / 23

slide-24
SLIDE 24

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

10 / 23

slide-25
SLIDE 25

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations)

10 / 23

slide-26
SLIDE 26

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted

10 / 23

slide-27
SLIDE 27

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer

10 / 23

slide-28
SLIDE 28

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes

10 / 23

slide-29
SLIDE 29

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes

Whitelist

10 / 23

slide-30
SLIDE 30

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes

Whitelist

Only specify code that must not be redacted

10 / 23

slide-31
SLIDE 31

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes

Whitelist

Only specify code that must not be redacted Applicable to any enclave

10 / 23

slide-32
SLIDE 32

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes

Whitelist

Only specify code that must not be redacted Applicable to any enclave No need for developer to mark secrets

10 / 23

slide-33
SLIDE 33

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Blacklist vs. Whitelist

Blacklist

User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes

Whitelist

Only specify code that must not be redacted Applicable to any enclave No need for developer to mark secrets More code must be encrypted

10 / 23

slide-34
SLIDE 34

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Our Solution

Sign sanitized enclave and restore secrets after initializing

11 / 23

slide-35
SLIDE 35

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Our Solution

Sign sanitized enclave and restore secrets after initializing Encrypt all nonessential functions

11 / 23

slide-36
SLIDE 36

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Our Solution

Sign sanitized enclave and restore secrets after initializing Encrypt all nonessential functions Use remote attestation

11 / 23

slide-37
SLIDE 37

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Our Solution

Sign sanitized enclave and restore secrets after initializing Encrypt all nonessential functions Use remote attestation Use both local and remote storage

11 / 23

slide-38
SLIDE 38

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Overview

Enclave Runtime Restorer Sanitizer

secret.so dummy.so secret enclave code

Compiler, Linker Compiler, Linker

dummy enclave code secret.so sanitized.so secret data

Dummy Enclave Code Generation Normal Enclave Code Generation Runtime Secret Enclave Code Restoration

12 / 23

slide-39
SLIDE 39

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Remote vs. Local Data

Secret Data

13 / 23

slide-40
SLIDE 40

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Remote vs. Local Data

Secret Data

13 / 23

slide-41
SLIDE 41

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Remote vs. Local Data

Secret Key Secret Data

14 / 23

slide-42
SLIDE 42

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Remote vs. Local Data

Secret Key Secret Data

14 / 23

slide-43
SLIDE 43

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Remote vs. Local Data

Secret Key Secret Data

14 / 23

slide-44
SLIDE 44

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data

15 / 23

slide-45
SLIDE 45

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data 1

15 / 23

slide-46
SLIDE 46

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data 1 2

15 / 23

slide-47
SLIDE 47

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

meta data secret data meta data 1 2 3

15 / 23

slide-48
SLIDE 48

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

meta data secret data meta data 1 2 3 4

15 / 23

slide-49
SLIDE 49

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data secret data meta data 1 2 3 4 5

15 / 23

slide-50
SLIDE 50

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data secret data meta data 1 2 3 4 5 6

15 / 23

slide-51
SLIDE 51

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Remote Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data secret data meta data sealed secret data 1 2 3 4 5 6 7

15 / 23

slide-52
SLIDE 52

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

meta data encrypted secret data

16 / 23

slide-53
SLIDE 53

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

meta data 1 encrypted secret data

16 / 23

slide-54
SLIDE 54

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

meta data 1 2 encrypted secret data

16 / 23

slide-55
SLIDE 55

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

meta data meta data 1 2 3 encrypted secret data

16 / 23

slide-56
SLIDE 56

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

meta data meta data 1 2 3 encrypted secret data 4

16 / 23

slide-57
SLIDE 57

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data meta data 1 2 3 5 encrypted secret data 4

16 / 23

slide-58
SLIDE 58

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data meta data 1 2 3 5 6 encrypted secret data 4

16 / 23

slide-59
SLIDE 59

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Design - Local Data

Authentication Server User Platform Application Enclave Untrusted Code File System

secret data meta data meta data sealed secret data 1 2 3 5 6 7 encrypted secret data 4

16 / 23

slide-60
SLIDE 60

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Benchmarks

Original LOC w/ SGX LOC w/ SGXELIDE TC TC Sanitized Sanitized Benchmarks LOC UC TC UC TC Functions Bytes Functions Bytes AES 802 472 427 522 540 185 75999 15 3840 DES 473 463 372 513 485 179 75455 9 3296 Sha1 315 423 251 473 364 179 73791 9 1632 Shas 2417 1529 1240 1579 1353 224 80127 54 7968 2048 413 551 192 601 305 208 76351 38 4448 Biniax 3523 3582 193 3632 306 208 76351 38 4448 Crackme 48 316 93 366 206 182 73711 12 1536 17 / 23

slide-61
SLIDE 61

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Sanitization/Restoration Time

Remote Data Local Data Sanitize Stand. Restore Stand. Sanitize Stand. Restore Stand. Benchmarks Time Dev. Time Dev. Time Dev. Time Dev. AES 0.09 0.01 4.06 0.54 0.15 0.01 3.76 0.20 DES 0.09 0.01 3.99 0.52 0.14 0.01 3.97 0.75 Sha1 0.09 0.01 3.67 0.35 0.14 0.01 3.97 0.98 Shas 0.09 0.00 4.06 0.53 0.15 0.01 4.26 0.97 2048 0.09 0.01 3.78 0.52 0.15 0.01 3.73 0.28 Biniax 0.09 0.00 4.44 0.61 0.15 0.01 4.32 0.92 Crackme 0.09 0.01 3.53 0.28 0.15 0.00 3.54 0.78

18 / 23

slide-62
SLIDE 62

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Overhead - Remote Data

AES DES Sha1 Shas Crackme 99% 100% 101% 102% 103% 104% 105%

Relative Performance

w/ SGX w/ SGXELIDE

19 / 23

slide-63
SLIDE 63

Introduction Background and Overview Design and Implementation Evaluation Conclusion

SGXELIDE Overhead - Local Data

AES DES Sha1 Shas Crackme 99% 100% 101% 102% 103% 104% 105%

Relative Performance

w/ SGX w/ SGXELIDE

20 / 23

slide-64
SLIDE 64

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

21 / 23

slide-65
SLIDE 65

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

How do we defend against malicious enclaves?

21 / 23

slide-66
SLIDE 66

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

How do we defend against malicious enclaves? How do we protect vulnerable enclaves?

21 / 23

slide-67
SLIDE 67

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

How do we defend against malicious enclaves? How do we protect vulnerable enclaves? How does this influence side-channel attacks?

21 / 23

slide-68
SLIDE 68

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

How do we defend against malicious enclaves? How do we protect vulnerable enclaves? How does this influence side-channel attacks?

Limitations and future work

21 / 23

slide-69
SLIDE 69

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

How do we defend against malicious enclaves? How do we protect vulnerable enclaves? How does this influence side-channel attacks?

Limitations and future work

Framework not completely transparent

21 / 23

slide-70
SLIDE 70

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

How do we defend against malicious enclaves? How do we protect vulnerable enclaves? How does this influence side-channel attacks?

Limitations and future work

Framework not completely transparent Would be useful to test SGXELIDE with large-scale software

21 / 23

slide-71
SLIDE 71

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Discussions

SGXELIDE enclaves are self-modifying!

How do we defend against malicious enclaves? How do we protect vulnerable enclaves? How does this influence side-channel attacks?

Limitations and future work

Framework not completely transparent Would be useful to test SGXELIDE with large-scale software Framework is proof-of-concept and not production ready

21 / 23

slide-72
SLIDE 72

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Conclusion

SGXELIDE

Presented framework for SGX that ensures code confidentiality Sanitize enclave and dynamically restore code at runtime Evaluated SGXELIDE’s performance with SGX benchmarks we developed Showed SGXELIDE has very little overhead with no performance penalty after restoration

22 / 23

slide-73
SLIDE 73

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Conclusion

SGXELIDE

Presented framework for SGX that ensures code confidentiality Sanitize enclave and dynamically restore code at runtime Evaluated SGXELIDE’s performance with SGX benchmarks we developed Showed SGXELIDE has very little overhead with no performance penalty after restoration

SGXELIDE Source

github.com/utds3lab/sgxelide

22 / 23

slide-74
SLIDE 74

Introduction Background and Overview Design and Implementation Evaluation Conclusion

Thank You

Enclave Runtime Restorer Sanitizer

secret.so dummy.so secret enclave code Compiler, Linker Compiler, Linker dummy enclave code secret.so sanitized.so secret data

Dummy Enclave Code Generation Normal Enclave Code Generation Runtime Secret Enclave Code Restoration

  • uter enclave

inner enclave

meta data

erick.bauman@utdallas.edu

github.com/utds3lab/sgxelide

23 / 23