s gx e lide enabling enclave code secrecy via self
play

S GX E LIDE : Enabling Enclave Code Secrecy via Self-Modification - PowerPoint PPT Presentation

S GX E LIDE : Enabling Enclave Code Secrecy via Self-Modification Erick Bauman 1 , Huibo Wang 1 , Mingwei Zhang 2 , Zhiqiang Lin 1 , 3 1 University of Texas at Dallas 2 Intel Labs 3 The Ohio State University CGO 2018 Introduction Background and


  1. S GX E LIDE : Enabling Enclave Code Secrecy via Self-Modification Erick Bauman 1 , Huibo Wang 1 , Mingwei Zhang 2 , Zhiqiang Lin 1 , 3 1 University of Texas at Dallas 2 Intel Labs 3 The Ohio State University CGO 2018

  2. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX 2 / 23

  3. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Intel SGX Provides secure enclaves 3 / 23

  4. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Intel SGX Provides secure enclaves Memory regions isolated from all other code 3 / 23

  5. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Intel SGX Provides secure enclaves Memory regions isolated from all other code Cannot be accessed by OS or hypervisor 3 / 23

  6. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX App App App Operating System Hypervisor Hardware Trusted 4 / 23

  7. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX App App App Operating System Hypervisor Hardware Trusted 4 / 23

  8. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Disk Enclave Code Data 5 / 23

  9. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Enclave Code Data Disk Enclave Code Data 5 / 23

  10. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Attest Enclave Code Data Disk Enclave Code Data 5 / 23

  11. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Attest Enclave Code Data Disk Data Integrity Enclave Code Data 5 / 23

  12. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Attest Enclave Code Data Disk Data Integrity Enclave Code Integrity Code Data 5 / 23

  13. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Attest Enclave Secret Code Data Data Disk Data Integrity Enclave Code Integrity Code Data 5 / 23

  14. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Attest Enclave Secret Secret Code Data Data Data Disk Data Integrity Enclave Code Integrity Data Confidentiality Code Data 5 / 23

  15. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Attest Enclave ? Secret Secret Code Data Data Code Disk Data Integrity Enclave Code Integrity Data Confidentiality Code Data 5 / 23

  16. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX Client Application Attest Enclave ? Secret Secret Code Data Data Code Disk Data Integrity Enclave Code Integrity Data Confidentiality Code Data Code Confidentiality 5 / 23

  17. Introduction Background and Overview Design and Implementation Evaluation Conclusion Intel SGX “The enclave file can be disassembled, so the algorithms used by the enclave developer will not remain secret.” –SGX SDK Manual 6 / 23

  18. Introduction Background and Overview Design and Implementation Evaluation Conclusion S GX E LIDE Definition Elide: To leave out or omit 7 / 23

  19. Introduction Background and Overview Design and Implementation Evaluation Conclusion Challenges Enclaves must be signed and unmodified until initialization 8 / 23

  20. Introduction Background and Overview Design and Implementation Evaluation Conclusion Challenges Enclaves must be signed and unmodified until initialization The entire enclave cannot be encrypted 8 / 23

  21. Introduction Background and Overview Design and Implementation Evaluation Conclusion Challenges Enclaves must be signed and unmodified until initialization The entire enclave cannot be encrypted Any secrets cannot be stored in the enclave 8 / 23

  22. Introduction Background and Overview Design and Implementation Evaluation Conclusion Challenges Enclaves must be signed and unmodified until initialization The entire enclave cannot be encrypted Any secrets cannot be stored in the enclave There should be minimal toolchain changes 8 / 23

  23. Introduction Background and Overview Design and Implementation Evaluation Conclusion Main Idea Redact (or sanitize ) secrets and restore at runtime 9 / 23

  24. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist 10 / 23

  25. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) 10 / 23

  26. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted 10 / 23

  27. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer 10 / 23

  28. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes 10 / 23

  29. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes Whitelist 10 / 23

  30. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes Whitelist Only specify code that must not be redacted 10 / 23

  31. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes Whitelist Only specify code that must not be redacted Applicable to any enclave 10 / 23

  32. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes Whitelist Only specify code that must not be redacted Applicable to any enclave No need for developer to mark secrets 10 / 23

  33. Introduction Background and Overview Design and Implementation Evaluation Conclusion Blacklist vs. Whitelist Blacklist User specifies secrets (e.g. annotations) Minimizes code that must be encrypted Burden of annotating secrets on developer Risk of mistakes Whitelist Only specify code that must not be redacted Applicable to any enclave No need for developer to mark secrets More code must be encrypted 10 / 23

  34. Introduction Background and Overview Design and Implementation Evaluation Conclusion Our Solution Sign sanitized enclave and restore secrets after initializing 11 / 23

  35. Introduction Background and Overview Design and Implementation Evaluation Conclusion Our Solution Sign sanitized enclave and restore secrets after initializing Encrypt all nonessential functions 11 / 23

  36. Introduction Background and Overview Design and Implementation Evaluation Conclusion Our Solution Sign sanitized enclave and restore secrets after initializing Encrypt all nonessential functions Use remote attestation 11 / 23

  37. Introduction Background and Overview Design and Implementation Evaluation Conclusion Our Solution Sign sanitized enclave and restore secrets after initializing Encrypt all nonessential functions Use remote attestation Use both local and remote storage 11 / 23

  38. Introduction Background and Overview Design and Implementation Evaluation Conclusion S GX E LIDE Overview dummy Compiler, dummy.so enclave Enclave Linker code sanitized.so Runtime secret.so Dummy Enclave Code Generation Sanitizer secret Restorer data Compiler, secret secret.so enclave Linker code Runtime Secret Enclave Code Restoration Normal Enclave Code Generation 12 / 23

  39. Introduction Background and Overview Design and Implementation Evaluation Conclusion Remote vs. Local Data Secret Data 13 / 23

  40. Introduction Background and Overview Design and Implementation Evaluation Conclusion Remote vs. Local Data Secret Data 13 / 23

  41. Introduction Background and Overview Design and Implementation Evaluation Conclusion Remote vs. Local Data Secret Key Secret Data 14 / 23

Recommend


More recommend