sgxelide: enabling enclave code secrecy via...
TRANSCRIPT
![Page 1: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/1.jpg)
SGXELIDE: Enabling Enclave Code Secrecy viaSelf-Modification
Erick Bauman1, Huibo Wang1,Mingwei Zhang2, Zhiqiang Lin1,3
1University of Texas at Dallas2Intel Labs
3The Ohio State University
CGO 2018
![Page 2: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/2.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
2 / 23
![Page 3: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/3.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Intel SGXProvides secure enclaves
Memory regions isolated from allother codeCannot be accessed by OS orhypervisor
3 / 23
![Page 4: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/4.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Intel SGXProvides secure enclavesMemory regions isolated from allother code
Cannot be accessed by OS orhypervisor
3 / 23
![Page 5: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/5.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Intel SGXProvides secure enclavesMemory regions isolated from allother codeCannot be accessed by OS orhypervisor
3 / 23
![Page 6: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/6.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Hypervisor
Hardware
Operating System
App App App
Trusted
4 / 23
![Page 7: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/7.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Hypervisor
Hardware
Operating System
App App App
Trusted
4 / 23
![Page 8: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/8.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Disk
Application
Enclave
Code Data
5 / 23
![Page 9: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/9.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
Application
Enclave
Code Data
Code Data
5 / 23
![Page 10: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/10.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
AttestApplication
Enclave
Code Data
Code Data
5 / 23
![Page 11: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/11.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
AttestApplication
Enclave
Code Data
Code Data
Data Integrity
5 / 23
![Page 12: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/12.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
AttestApplication
Enclave
Code Data
Code Data
Code IntegrityData Integrity
5 / 23
![Page 13: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/13.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
AttestApplication
Enclave
Code Data
CodeSecret Data
Data
Code IntegrityData Integrity
5 / 23
![Page 14: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/14.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
AttestApplication
Enclave
Code Data
CodeSecret Data
Data Secret Data
Code IntegrityData Integrity
Data Confidentiality
5 / 23
![Page 15: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/15.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
AttestApplication
Enclave
Code Data
CodeSecret Code
Data Secret Data
?
Code IntegrityData Integrity
Data Confidentiality
5 / 23
![Page 16: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/16.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
Client
Enclave
Disk
AttestApplication
Enclave
Code Data
CodeSecret Code
Data Secret Data
?
Code IntegrityData Integrity
Data ConfidentialityCode Confidentiality
5 / 23
![Page 17: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/17.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Intel SGX
“The enclave file can be disassembled, so the algorithmsused by the enclave developer will not remain secret.”
–SGX SDK Manual
6 / 23
![Page 18: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/18.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE
DefinitionElide: To leave out or omit
7 / 23
![Page 19: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/19.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Challenges
Enclaves must be signed and unmodified until initialization
The entire enclave cannot be encryptedAny secrets cannot be stored in the enclaveThere should be minimal toolchain changes
8 / 23
![Page 20: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/20.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Challenges
Enclaves must be signed and unmodified until initializationThe entire enclave cannot be encrypted
Any secrets cannot be stored in the enclaveThere should be minimal toolchain changes
8 / 23
![Page 21: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/21.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Challenges
Enclaves must be signed and unmodified until initializationThe entire enclave cannot be encryptedAny secrets cannot be stored in the enclave
There should be minimal toolchain changes
8 / 23
![Page 22: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/22.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Challenges
Enclaves must be signed and unmodified until initializationThe entire enclave cannot be encryptedAny secrets cannot be stored in the enclaveThere should be minimal toolchain changes
8 / 23
![Page 23: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/23.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Main Idea
Redact (or sanitize) secrets and restore at runtime
9 / 23
![Page 24: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/24.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
Blacklist
User specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 25: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/25.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)
Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 26: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/26.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encrypted
Burden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 27: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/27.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developer
Risk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 28: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/28.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 29: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/29.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
Whitelist
Only specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 30: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/30.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redacted
Applicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 31: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/31.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclave
No need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 32: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/32.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secrets
More code must be encrypted
10 / 23
![Page 33: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/33.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Blacklist vs. Whitelist
BlacklistUser specifies secrets (e.g. annotations)Minimizes code that must be encryptedBurden of annotating secrets on developerRisk of mistakes
WhitelistOnly specify code that must not be redactedApplicable to any enclaveNo need for developer to mark secretsMore code must be encrypted
10 / 23
![Page 34: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/34.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Our Solution
Sign sanitized enclave and restore secrets after initializing
Encrypt all nonessential functionsUse remote attestationUse both local and remote storage
11 / 23
![Page 35: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/35.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Our Solution
Sign sanitized enclave and restore secrets after initializingEncrypt all nonessential functions
Use remote attestationUse both local and remote storage
11 / 23
![Page 36: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/36.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Our Solution
Sign sanitized enclave and restore secrets after initializingEncrypt all nonessential functionsUse remote attestation
Use both local and remote storage
11 / 23
![Page 37: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/37.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Our Solution
Sign sanitized enclave and restore secrets after initializingEncrypt all nonessential functionsUse remote attestationUse both local and remote storage
11 / 23
![Page 38: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/38.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Overview
Enclave
Runtime Restorer
Sanitizer
secret.so
dummy.so
secret enclavecode
Compiler,Linker
Compiler,Linker
dummy enclave code
secret.so
sanitized.so
secretdata
Dummy Enclave Code Generation
Normal Enclave Code Generation
Runtime Secret Enclave Code Restoration
12 / 23
![Page 39: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/39.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Remote vs. Local Data
Secret Data
13 / 23
![Page 40: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/40.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Remote vs. Local Data
Secret Data
13 / 23
![Page 41: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/41.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Remote vs. Local Data
Secret Key
Secret Data
14 / 23
![Page 42: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/42.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Remote vs. Local Data
Secret Key
Secret Data
14 / 23
![Page 43: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/43.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Remote vs. Local Data
Secret Key
Secret Data
14 / 23
![Page 44: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/44.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
15 / 23
![Page 45: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/45.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
1
15 / 23
![Page 46: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/46.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
1
2
15 / 23
![Page 47: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/47.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
metadata
secretdata
metadata
1
2
3
15 / 23
![Page 48: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/48.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
metadata
secretdata
metadata
1
2
3
4
15 / 23
![Page 49: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/49.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
secretdata
metadata
1
2
3
4
5
15 / 23
![Page 50: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/50.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
secretdata
metadata
1
2
3
4
5
6
15 / 23
![Page 51: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/51.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Remote Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
secretdata
metadata
sealed secret data
1
2
3
4
5
6
7
15 / 23
![Page 52: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/52.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
metadata
encrypted secret data
16 / 23
![Page 53: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/53.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
metadata
1
encrypted secret data
16 / 23
![Page 54: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/54.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
metadata
1
2
encrypted secret data
16 / 23
![Page 55: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/55.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
metadata
metadata
1
2
3
encrypted secret data
16 / 23
![Page 56: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/56.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
metadata
metadata
1
2
3
encrypted secret data
4
16 / 23
![Page 57: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/57.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
metadata
1
2
35
encrypted secret data
4
16 / 23
![Page 58: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/58.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
metadata
1
2
35 6
encrypted secret data
4
16 / 23
![Page 59: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/59.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Design - Local Data
Authentication Server
User Platform
Application
Enclave
Untrusted Code
FileSystem
secretdata
metadata
metadata
sealed secret data
1
2
35 6
7
encrypted secret data
4
16 / 23
![Page 60: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/60.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Benchmarks
Original LOC w/ SGX LOC w/ SGXELIDE TC TC Sanitized SanitizedBenchmarks LOC UC TC UC TC Functions Bytes Functions Bytes
AES 802 472 427 522 540 185 75999 15 3840DES 473 463 372 513 485 179 75455 9 3296Sha1 315 423 251 473 364 179 73791 9 1632Shas 2417 1529 1240 1579 1353 224 80127 54 79682048 413 551 192 601 305 208 76351 38 4448Biniax 3523 3582 193 3632 306 208 76351 38 4448Crackme 48 316 93 366 206 182 73711 12 1536
17 / 23
![Page 61: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/61.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Sanitization/Restoration Time
Remote Data Local DataSanitize Stand. Restore Stand. Sanitize Stand. Restore Stand.
Benchmarks Time Dev. Time Dev. Time Dev. Time Dev.AES 0.09 0.01 4.06 0.54 0.15 0.01 3.76 0.20DES 0.09 0.01 3.99 0.52 0.14 0.01 3.97 0.75Sha1 0.09 0.01 3.67 0.35 0.14 0.01 3.97 0.98Shas 0.09 0.00 4.06 0.53 0.15 0.01 4.26 0.972048 0.09 0.01 3.78 0.52 0.15 0.01 3.73 0.28Biniax 0.09 0.00 4.44 0.61 0.15 0.01 4.32 0.92Crackme 0.09 0.01 3.53 0.28 0.15 0.00 3.54 0.78
18 / 23
![Page 62: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/62.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Overhead - Remote Data
AES DESSha1
ShasCrackme
99%
100%
101%
102%
103%
104%
105%
Rel
ativ
ePe
rform
ance
w/ SGX
w/ SGXELIDE
19 / 23
![Page 63: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/63.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
SGXELIDE Overhead - Local Data
AES DESSha1
ShasCrackme
99%
100%
101%
102%
103%
104%
105%
Rel
ativ
ePe
rform
ance
w/ SGX
w/ SGXELIDE
20 / 23
![Page 64: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/64.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!
How do we defend against malicious enclaves?How do we protect vulnerable enclaves?How does this influence side-channel attacks?
Limitations and future workFramework not completely transparentWould be useful to test SGXELIDE with large-scale softwareFramework is proof-of-concept and not production ready
21 / 23
![Page 65: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/65.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!How do we defend against malicious enclaves?
How do we protect vulnerable enclaves?How does this influence side-channel attacks?
Limitations and future workFramework not completely transparentWould be useful to test SGXELIDE with large-scale softwareFramework is proof-of-concept and not production ready
21 / 23
![Page 66: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/66.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!How do we defend against malicious enclaves?How do we protect vulnerable enclaves?
How does this influence side-channel attacks?
Limitations and future workFramework not completely transparentWould be useful to test SGXELIDE with large-scale softwareFramework is proof-of-concept and not production ready
21 / 23
![Page 67: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/67.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!How do we defend against malicious enclaves?How do we protect vulnerable enclaves?How does this influence side-channel attacks?
Limitations and future workFramework not completely transparentWould be useful to test SGXELIDE with large-scale softwareFramework is proof-of-concept and not production ready
21 / 23
![Page 68: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/68.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!How do we defend against malicious enclaves?How do we protect vulnerable enclaves?How does this influence side-channel attacks?
Limitations and future work
Framework not completely transparentWould be useful to test SGXELIDE with large-scale softwareFramework is proof-of-concept and not production ready
21 / 23
![Page 69: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/69.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!How do we defend against malicious enclaves?How do we protect vulnerable enclaves?How does this influence side-channel attacks?
Limitations and future workFramework not completely transparent
Would be useful to test SGXELIDE with large-scale softwareFramework is proof-of-concept and not production ready
21 / 23
![Page 70: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/70.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!How do we defend against malicious enclaves?How do we protect vulnerable enclaves?How does this influence side-channel attacks?
Limitations and future workFramework not completely transparentWould be useful to test SGXELIDE with large-scale software
Framework is proof-of-concept and not production ready
21 / 23
![Page 71: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/71.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Discussions
SGXELIDE enclaves are self-modifying!How do we defend against malicious enclaves?How do we protect vulnerable enclaves?How does this influence side-channel attacks?
Limitations and future workFramework not completely transparentWould be useful to test SGXELIDE with large-scale softwareFramework is proof-of-concept and not production ready
21 / 23
![Page 72: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/72.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Conclusion
SGXELIDE
Presented framework for SGX that ensures code confidentialitySanitize enclave and dynamically restore code at runtimeEvaluated SGXELIDE’s performance with SGX benchmarks wedevelopedShowed SGXELIDE has very little overhead with no performancepenalty after restoration
SGXELIDE Sourcegithub.com/utds3lab/sgxelide
22 / 23
![Page 73: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/73.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Conclusion
SGXELIDE
Presented framework for SGX that ensures code confidentialitySanitize enclave and dynamically restore code at runtimeEvaluated SGXELIDE’s performance with SGX benchmarks wedevelopedShowed SGXELIDE has very little overhead with no performancepenalty after restoration
SGXELIDE Sourcegithub.com/utds3lab/sgxelide
22 / 23
![Page 74: SgxElide: Enabling Enclave Code Secrecy via Self-Modificationlin.3021/file/CGO18-slides.pdfIntroduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist](https://reader036.vdocuments.us/reader036/viewer/2022071219/6057da07d8ecdf0f9b01b479/html5/thumbnails/74.jpg)
Introduction Background and Overview Design and Implementation Evaluation Conclusion
Thank You
Enclave
Runtime
RestorerSanitizer
secret.so
dummy.so
secret enclavecode
Compiler,
Linker
Compiler,
Linker
dummy enclave code
secret.so
sanitized.so
secretdata
Dummy Enclave Code Generation
Normal Enclave Code Generation
Runtime Secret Enclave Code Restoration
outer enclave inner enclave
metadata
[email protected]/utds3lab/sgxelide
23 / 23