OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain,...
Transcript of OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain,...
![Page 1: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/1.jpg)
OpenSGX: An Open Platform for SGX Research
Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim,
Brent Byunghoon Kang, Dongsu Han
1
![Page 2: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/2.jpg)
Trusted Execution Environment (TEE)
2
• Hardware technologies for trusted computing
– Isolated execution: integrity of code, confidentiality
– To protect application from untrusted platform
![Page 3: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/3.jpg)
Trusted Execution Environment (TEE)
3
• Hardware technologies for trusted computing
– Isolated execution: integrity of code, confidentiality
– To protect application from untrusted platform
![Page 4: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/4.jpg)
Trusted Execution Environment (TEE)
4
• Hardware technologies for trusted computing
– Isolated execution: integrity of code, confidentiality
– To protect application from untrusted platform
![Page 5: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/5.jpg)
Trusted Execution Environment (TEE)
5
• Hardware technologies for trusted computing
– Isolated execution: integrity of code, confidentiality
– To protect application from untrusted platform
![Page 6: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/6.jpg)
Trusted Execution Environment (TEE)
6
• Hardware technologies for trusted computing
– Isolated execution: integrity of code, confidentiality
– To protect application from untrusted platform
• Practical limitations of TEEs
– Trusted Platform Module (TPM) : Poor performance
– ARM TrustZone : Compatibility (only for embedded devices)
![Page 7: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/7.jpg)
Intel SGX
7
• An extension of x86 Instruction Set Architecture (ISA)
– Offers native performance, Compatibility with x86
– Application keeps its data/code inside the “enclave”
Operating System (untrusted)
Application (untrusted)
Enclave
Skylake CPU
![Page 8: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/8.jpg)
Intel SGX
8
• An extension of x86 Instruction Set Architecture (ISA)
– Offers native performance, Compatibility with x86
– Application keeps its data/code inside the “enclave”
Operating System (untrusted)
Application (untrusted)
Enclave
DataCode
Skylake CPU
![Page 9: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/9.jpg)
Intel SGX 101: Isolated Execution
• Smallest attack surface by reducing TCB (App + processor)• Protect app’s secret from untrusted privilege software
9
AddressSpace
Enclave
PhysicalMemory
EPC
Encryptedcode/data
CPU Package
![Page 10: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/10.jpg)
Intel SGX 101: Isolated Execution
• Smallest attack surface by reducing TCB (App + processor)• Protect app’s secret from untrusted privilege software
10
AddressSpace
Enclave
PhysicalMemory
EPC
Encryptedcode/data
CPU Package
Memory EncryptionEngine (MEE)
![Page 11: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/11.jpg)
Intel SGX 101: Isolated Execution
• Smallest attack surface by reducing TCB (App + processor)• Protect app’s secret from untrusted privilege software
11
AddressSpace
Enclave
PhysicalMemory
EPC
Encryptedcode/data
CPU Package
Memory EncryptionEngine (MEE)
![Page 12: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/12.jpg)
Intel SGX 101: Isolated Execution
• Smallest attack surface by reducing TCB (App + processor)• Protect app’s secret from untrusted privilege software
12
AddressSpace
Enclave
PhysicalMemory
EPC
Encryptedcode/data
CPU Package
Memory EncryptionEngine (MEE)
Processor Key
![Page 13: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/13.jpg)
Intel SGX 101: Isolated Execution
• Smallest attack surface by reducing TCB (App + processor)• Protect app’s secret from untrusted privilege software
13
AddressSpace
Enclave
PhysicalMemory
EPC
Encryptedcode/data
CPU Package
Memory EncryptionEngine (MEE)
Snooping
Processor Key
![Page 14: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/14.jpg)
Intel SGX 101: Isolated Execution
• Smallest attack surface by reducing TCB (App + processor)• Protect app’s secret from untrusted privilege software
14
AddressSpace
Enclave
Access from OS/VMM
PhysicalMemory
EPC
Encryptedcode/data
CPU Package
Memory EncryptionEngine (MEE)
Snooping
Processor Key
![Page 15: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/15.jpg)
Intel SGX 101: Remote attestation
1515
• Attest an application on remote platform
– Check the integrity of enclave (hash of code/data pages)
– Verify whether enclave is running on real SGX CPU
– Can establish a “secure channel” between enclaves
Application Enclave
Quoting Enclave
Remote platformUser platform
1. Request
ApplicationChallenger
Enclave
AttestationVerification
EPID key
Ephemeral
2. Create REPORT
3. Sign with EPID group key(Create QUOTE)
4. Send QUOTE
5. Verify
![Page 16: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/16.jpg)
Intel SGX 101: Remote attestation
1616
• Attest an application on remote platform
– Check the integrity of enclave (hash of code/data pages)
– Verify whether enclave is running on real SGX CPU
– Can establish a “secure channel” between enclaves
Application Enclave
Quoting Enclave
Remote platformUser platform
1. Request
ApplicationChallenger
Enclave
AttestationVerification
EPID key
Ephemeral
2. Create REPORT
3. Sign with EPID group key(Create QUOTE)
4. Send QUOTE
5. Verify
Intel SGX brings new opportunities for
enhancing security of applications
![Page 17: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/17.jpg)
SGX Research: Current Status
• Pioneering research: Adopting SGX on cloud computing (Haven [OSDI14], VC3 [S&P15])
• Confidentiality verification of SGX program (Moat [CCS15])
• Adopts SGX on networking [HotNets15]
17
![Page 18: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/18.jpg)
SGX Research: Current Status
• However, software technologies for SGX lag behind their hardware counterpart
18
SGX CPU and SDK is now available! But..
• Specification for SGX [revision 1 & 2] is not fully available on the SGX hardware (only functionalities in revision 1)
• SGX technology has a complex license model
![Page 19: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/19.jpg)
OpenSGX: Design Goal
19
• Offers a complete platform for SGX research
– To explore software and hardware design space of SGX
– To develop and evaluate SGX-enabled applications
![Page 20: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/20.jpg)
OpenSGX: Design Goal
20
• Offers a complete platform for SGX research
– To explore software and hardware design space of SGX
– To develop and evaluate SGX-enabled applications
• Fills non-trivial issues on SGX software components
– Support for system software and user-level APIs
– Familiar programming model and interface
– Secure design to defend against potential attack vectors(e.g., Iago attacks)
![Page 21: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/21.jpg)
OpenSGX: Design Goal
21
• Offers a complete platform for SGX research
– To explore software and hardware design space of SGX
– To develop and evaluate SGX-enabled applications
• Fills non-trivial issues on SGX software components
– Support for system software and user-level APIs
– Familiar programming model and interface
– Secure design to defend against potential attack vectors(e.g., Iago attacks)
• Non goal : security guarantee
![Page 22: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/22.jpg)
BinaryTranslation
OpenSGX: Approach
22
• Using userspace emulation of QEMU
– Binary translation to support SGX instructions
– QEMU helper routine to implement complex instructions
Helper routine- Set registers- OperatesSGX instructions
QEMUHost (single address space)
Wrapper
Lib
Stack
Heap
Enclave
Code
Data
EPC
EPC
EPC
EPCEPC
…
…
enclu(){…
asm(“.byte 0x0f”“.byte 0x01”“.byte 0xd7”“rax=entry”
…}
Entry point
…if(opcode ==
0x0f01d7) {helper_enclu();
}…
RIP
![Page 23: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/23.jpg)
BinaryTranslation
OpenSGX: Approach
23
• Using userspace emulation of QEMU
– Binary translation to support SGX instructions
– QEMU helper routine to implement complex instructions
Helper routine- Set registers- OperatesSGX instructions
QEMUHost (single address space)
Wrapper
Lib
Stack
Heap
Enclave
Code
Data
EPC
EPC
EPC
EPCEPC
…
…
enclu(){…
asm(“.byte 0x0f”“.byte 0x01”“.byte 0xd7”“rax=entry”
…}
Entry point
…if(opcode ==
0x0f01d7) {helper_enclu();
}…
RIP
![Page 24: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/24.jpg)
OpenSGX: Component Overview
24
• Emulated SGX hardware
SGX QEMU (HW emulation)
![Page 25: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/25.jpg)
OpenSGX: Component Overview
25
• Emulated SGX hardware
SGX OS Emulation
SGX QEMU (HW emulation)
• OS emulation layer
![Page 26: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/26.jpg)
OpenSGX: Component Overview
26
• Emulated SGX hardware
SGX OS Emulation
SGX QEMU (HW emulation)
SGX Libraries
Trampoline
Stub
• OS emulation layer
• OpenSGX user library
![Page 27: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/27.jpg)
OpenSGX: Component Overview
27
• Emulated SGX hardware
SGX OS Emulation
SGX QEMU (HW emulation)
OpenSGXtoolchain
SGX Libraries
Trampoline
Stub
• OS emulation layer
• OpenSGX user library
• OpenSGX toolchain
![Page 28: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/28.jpg)
OpenSGX: Component Overview
28
• Emulated SGX hardware • Enclave loader
SGX OS Emulation
SGX QEMU (HW emulation)
OpenSGXtoolchain
Enclaveloader
SGX Libraries
Trampoline
Stub
Runtimelibrary
• OS emulation layer
• OpenSGX user library
• OpenSGX toolchain
![Page 29: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/29.jpg)
OpenSGX: Component Overview
29
• Emulated SGX hardware • Enclave loader
SGX OS Emulation
SGX QEMU (HW emulation)
OpenSGXtoolchain
Enclaveloader
SGX Libraries
Trampoline
Stub
Runtimelibrary
EnclaveDebugger
Performance Monitor
• OS emulation layer
• OpenSGX user library
• OpenSGX toolchain
• Enclave debugger
• Performance monitor
![Page 30: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/30.jpg)
OpenSGX: Component Overview
30
• Emulated SGX hardware • Enclave loader
SGX OS Emulation
SGX QEMU (HW emulation)
Enclave Program
OpenSGXtoolchain
Enclaveloader
SGX Libraries
Trampoline
Stub
Runtimelibrary
EnclaveDebugger
Performance Monitor
• OS emulation layer
• OpenSGX user library
• OpenSGX toolchain
• Enclave debugger
• Performance monitor
![Page 31: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/31.jpg)
OpenSGX: Component Overview
31
• Emulated SGX hardware • Enclave loader
SGX OS Emulation
SGX QEMU (HW emulation)
Enclave Program
OpenSGXtoolchain
Enclaveloader
SGX Libraries
Trampoline
Stub
Runtimelibrary
EnclaveDebugger
Performance Monitor
• OS emulation layer
• OpenSGX user library
• OpenSGX toolchain
• Enclave debugger
• Performance monitor
void enclave_main(){char *hello = “hello sgx!\n”;sgx_enclave_wriate(hello, strlen(hello));sgx_exit(NULL);
}
$ opensgx hello.sgx hello.confhello sgx!
Codeenclave_main()
Data“hello sgx\n”
0x0000EPC1
0x1000EPC2
Entry point : SigStruct: …
![Page 32: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/32.jpg)
OpenSGX: Component Overview
32
• Emulated SGX hardware • Enclave loader
SGX OS Emulation
SGX QEMU (HW emulation)
Enclave Program
OpenSGXtoolchain
Enclaveloader
SGX Libraries
Trampoline
Stub
Runtimelibrary
EnclaveDebugger
Performance Monitor
• OS emulation layer
• OpenSGX user library
• OpenSGX toolchain
• Enclave debugger
• Performance monitor
void enclave_main(){char *hello = “hello sgx!\n”;sgx_enclave_wriate(hello, strlen(hello));sgx_exit(NULL);
}
$ opensgx hello.sgx hello.confhello sgx!
Codeenclave_main()
Data“hello sgx\n”
0x0000EPC1
0x1000EPC2
Entry point : SigStruct: …
![Page 33: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/33.jpg)
Hardware Emulation
33
• Emulates all data structures(e.g., EPCM) and processor key
• EPC Memory management
– Direct mapping on virtual memory
– Access protection: Instrument memory access
![Page 34: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/34.jpg)
Hardware Emulation
34
• Emulates all data structures(e.g., EPCM) and processor key
• EPC Memory management
– Direct mapping on virtual memory
– Access protection: Instrument memory access
Virtual address space
![Page 35: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/35.jpg)
Hardware Emulation
35
• Emulates all data structures(e.g., EPCM) and processor key
• EPC Memory management
– Direct mapping on virtual memory
– Access protection: Instrument memory access
EPC_begin
EPC_end
Virtual address space
![Page 36: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/36.jpg)
Hardware Emulation
36
• Emulates all data structures(e.g., EPCM) and processor key
• EPC Memory management
– Direct mapping on virtual memory
– Access protection: Instrument memory access
EPC_begin
EPC_end
enclave_begin
enclave_end
Virtual address space
2. Prohibit others enclaves’ EPC to current enclave’s EPC
1. Prohibit access from host to EPC
![Page 37: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/37.jpg)
Hardware Emulation
37
• Emulates all data structures(e.g., EPCM) and processor key
• EPC Memory management
– Direct mapping on virtual memory
– Access protection: Instrument memory access
EPC_begin
EPC_end
enclave_begin
enclave_end
QEMU’s translation routine
…Case (Load | Store) {
}…
Virtual address space
2. Prohibit others enclaves’ EPC to current enclave’s EPC
1. Prohibit access from host to EPC
![Page 38: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/38.jpg)
Instruction Support
38
• OpenSGX supports most instructions specified
– 21 out of 24 instructions
– Except for debugging related instructions (e.g., EDBGRD)
– Instead, it offers rich environment for debugging since it is a “software emulator” (e.g., GDB stub)
![Page 39: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/39.jpg)
Instruction Support
39
• OpenSGX supports most instructions specified
– 21 out of 24 instructions
– Except for debugging related instructions (e.g., EDBGRD)
– Instead, it offers rich environment for debugging since it is a “software emulator” (e.g., GDB stub)
• Provides simple C APIs which wraps assembly code
– User-level instructions (ENCLU) : accessible to user-level APIs
– Super-level instructions (ENCLS) : Requires system support
![Page 40: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/40.jpg)
OS Emulation Layer
40
• Emulate OS to execute the privileged SGX instructions
– Bootstrapping (EPC allocation)
– Enclave initialization & page translation
– Dynamic EPC page allocation
System call Description
sys_sgx_init() Allocate EPC memory region
sys_init_enclave() Create an enclave, Add and measure EPC pages
sys_add_epc() Allocates a new EPC page to the running enclave
sys_stat_enclave() Obtains the enclave statistics
![Page 41: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/41.jpg)
OS Emulation Layer
41
• Emulate OS to execute the privileged SGX instructions
– Bootstrapping (EPC allocation)
– Enclave initialization & page translation
– Dynamic EPC page allocation
System call Description
sys_sgx_init() Allocate EPC memory region
sys_init_enclave() Create an enclave, Add and measure EPC pages
sys_add_epc() Allocates a new EPC page to the running enclave
sys_stat_enclave() Obtains the enclave statistics
Planning to extend the emulated OS for
the system-level layer
![Page 42: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/42.jpg)
Stub and Trampoline Interface
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
42
![Page 43: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/43.jpg)
Stub and Trampoline Interface
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
43Enclave
Code
Heap
Lib
Emulated OSWrapper
Trampoline
(Shared)
Stub : Shared data to specify the function code and arguments
Trampoline : Shared code to call user-level APIs in the wrapper
Stub
![Page 44: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/44.jpg)
Stub and Trampoline Interface
…
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
44Enclave
Code
Heap
Lib
Emulated OSWrapper
Trampoline
(Shared)
…if (fcode ==
FUNC_MALLOC)alloc_tramp();
…
fcodemcode
argument1
heap_end Stub : Shared data to specify the function code and arguments
Trampoline : Shared code to call user-level APIs in the wrapper
…malloc(100);
…
malloc(){…
sgx_exit(tram);…
}
Stub
![Page 45: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/45.jpg)
Stub and Trampoline Interface
…
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
45Enclave
Code
Heap
Lib
Emulated OSWrapper
Trampoline
(Shared)
…if (fcode ==
FUNC_MALLOC)alloc_tramp();
…
fcodemcode
argument1
heap_end Stub : Shared data to specify the function code and arguments
Trampoline : Shared code to call user-level APIs in the wrapper
Heap
…malloc(100);
…
malloc(){…
sgx_exit(tram);…
}
Stub
FULL!
![Page 46: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/46.jpg)
Stub and Trampoline Interface
…
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
46Enclave
Code
Heap
Lib
Emulated OSWrapper
Trampoline
(Shared)
…if (fcode ==
FUNC_MALLOC)alloc_tramp();
…
fcodemcode
argument1
heap_end Stub : Shared data to specify the function code and arguments
Trampoline : Shared code to call user-level APIs in the wrapper
Heap
…malloc(100);
…
malloc(){…
sgx_exit(tram);…
}
<Specification>fcode : FUNC_MALLOCmcode : EAUGsize: 100
Stub
FULL!
![Page 47: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/47.jpg)
Trampoline and Stub Interface
Stub
…
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
47Enclave
Code…
malloc(100);…
Heap
Lib
malloc(){…
sgx_exit(tram);…
}
Emulated OS
Trampoline
(Shared)
heap_end
EEXIT
FUNC_MALLOCEAUG100
…if (fcode ==
FUNC_MALLOC)alloc_tramp();
…
Wrapper
alloc_tramp() {…
sys_add_epc();…
}
User-levelAPIs to requestsystem calls
![Page 48: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/48.jpg)
Trampoline and Stub Interface
Stub
…
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
48Enclave
Code…
malloc(100);…
Heap
Lib
malloc(){…
sgx_exit(tram);…
}
Emulated OS
int sys_add_epc() {encls(EAUG, …);
…
Trampoline
(Shared)
Call EAUG
heap_end
EEXIT
FUNC_MALLOCEAUG100
…if (fcode ==
FUNC_MALLOC)alloc_tramp();
…
Wrapper
alloc_tramp() {…
sys_add_epc();…
}
User-levelAPIs to requestsystem calls
SystemCall
![Page 49: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/49.jpg)
Trampoline and Stub Interface
Stub
…
“A strict and narrow interface to handle enclave-host
communication using shared data/code”
49Enclave
Code…
malloc(100);…
Heap
Lib
malloc(){…
sgx_exit(tram);…
}
Emulated OS
int sys_add_epc() {encls(EAUG, …);
…
Trampoline
(Shared)
Call EAUGERESUME
EEXIT
FUNC_MALLOCEAUG100
…if (fcode ==
FUNC_MALLOC)alloc_tramp();
…
Wrapper
alloc_tramp() {…
sys_add_epc();…
}
User-levelAPIs to requestsystem calls
SystemCall
heap_end+4K
![Page 50: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/50.jpg)
Evaluation: Tor Network
50
• Redesigns non-trivial application to use OpenSGX
• Tor : volunteer-based anonymity network
![Page 51: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/51.jpg)
Evaluation: Tor Network
51
• Redesigns non-trivial application to use OpenSGX
• Tor : volunteer-based anonymity network
“Defend possible attacks on Tor components when they are compromised by adversaries”
![Page 52: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/52.jpg)
Evaluation: Tor Network
52
• Redesigns non-trivial application to use OpenSGX
• Tor : volunteer-based anonymity network
• Here, defense against network-level attacks on Tor is out of scope
“Defend possible attacks on Tor components when they are compromised by adversaries”
![Page 53: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/53.jpg)
SGX-enabled Tor Design
53
• Design goal
– Protect data/code from adversary
– Reducing Trusted Computing Base
EnclaveExit node (or directory server) Separation
![Page 54: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/54.jpg)
SGX-enabled Tor Design
54
• Design goal
– Protect data/code from adversary
– Reducing Trusted Computing Base
EnclaveExit node (or directory server)
KeyRelay table
gen_key(){…
}encrypt(){
…}
Core operations(e.g., key creation,
encryption, decryption, …)
Separation
![Page 55: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/55.jpg)
SGX-enabled Tor Design
55
• Design goal
– Protect data/code from adversary
– Reducing Trusted Computing Base
EnclaveExit node (or directory server)
KeyRelay table
gen_key(){…
}encrypt(){
…}
Core operations(e.g., key creation,
encryption, decryption, …)
Separation
InteractionRest of Tor operations1. Send/receive packets2. Initialize data structures
…
![Page 56: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/56.jpg)
EnclaveOther Tor nodes
SGX-enabled Tor Design
56
• Design goal
– Protect data/code from adversary
– Reducing Trusted Computing Base
EnclaveExit node (or directory server)
KeyRelay table
gen_key(){…
}encrypt(){
…}
Core operations(e.g., key creation,
encryption, decryption, …)
Separation
InteractionRest of Tor operations1. Send/receive packets2. Initialize data structures
…
Remote Attestation
Interaction
![Page 57: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/57.jpg)
Performance Profiling
57
Code Data Total
OpenSSL 271 89 360
SgxLib 3 1 4
Tor 4 1 5
Total 278 91 369
(Unit: Number of pages)
Required EPC : Less than 2MB
• Performance profiling of Tor exit node
– Using OpenSGX performance monitor
0
200
400
600
800
1000
1200
# o
f in
stru
ctio
ns
(M)
Key generation Consensus creation
Circuit establishment & Service Total
![Page 58: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/58.jpg)
OpenSGX: Current Status
58
• Available at github, released in May 2015
– Available in https://github.com/sslab-gatech/opensgx
– 7 Contributors (Gatech, KAIST, Two sigma, MITRC, …)
– 31 unique cloners, 1,645 Views (Until January, 2016)
• What’s next?
– Binary compatibility with Intel SGX hardware
– Implement unsupported functionalities (e.g., multi-threading)
• Our current community
![Page 59: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/59.jpg)
Our Early Lessons on SGX
59
• Misconceptions on SGX
– SGX for desktop-like environment : Needs secure I/O channel (integration with hardware technology such as Intel IPT)
– Need EPID support for the remote attestation
![Page 60: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/60.jpg)
Our Early Lessons on SGX
60
• Misconceptions on SGX
– SGX for desktop-like environment : Needs secure I/O channel (integration with hardware technology such as Intel IPT)
– Need EPID support for the remote attestation
• Malicious use of Intel SGX
– Malware might be possible by abusing the isolation property
– Fails on traditional signature-based AV programs
![Page 61: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/61.jpg)
Conclusion
61
• We design and implement OpenSGX, fully functional and instruction-compatible SGX emulator
![Page 62: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/62.jpg)
Conclusion
62
• We design and implement OpenSGX, fully functional and instruction-compatible SGX emulator
• As a showcasing application, we develop SGX-enabled Tor to enhance the security and privacy
![Page 63: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/63.jpg)
Conclusion
63
• We design and implement OpenSGX, fully functional and instruction-compatible SGX emulator
• As a showcasing application, we develop SGX-enabled Tor to enhance the security and privacy
• OpenSGX offers opportunities to explore all components of SGX research– Hardware semantics (e.g., encryption scheme of MEE)
– System software, enclave loader and user-level APIs
– Redesigning unforeseen security applications (e.g., Tor)
![Page 64: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/64.jpg)
64
Thanks!Any Questions?
![Page 65: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/65.jpg)
SGX Threat Model
65
“An adversary has control over all software components (including OS and hypervisor) and
hardware except the CPU package”
• Protection against denial-of-service is out of scope
![Page 66: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/66.jpg)
Comparison: Intel SGX vs OpenSGX
66
Intel SGX OpenSGX
Type Hardware Software Emulator
Instructions 16 ENCLS, 8 ENCLU13 ENCLS, 8 ENCLU(Except debugging)
Data structures Specified ○
Paging Page table Direct mapping
System software Not specified User level emulation
User level APIsSDK is available
(Only for Windows)○
![Page 67: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/67.jpg)
OpenSGX User Library
67
• Challenge 1: Facilitate the enclave programming
– Custom in-enclave library : APIs for user-level SGX instructions
– Porting standard C library (glibc)
• Challenge 2: Minimize attack surface between enclave and the potentially malicious host process
– Function call relies on OS features will break an execution of enclave programs
– Such functions open up new attack surfaces (e.g., Iago attacks)
![Page 68: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/68.jpg)
Enclave
Defense against Iago attacks
68
• Iago attacks [ASPLOS’13] : Malicious OS tries to subvert trusted application by incorrect behavior
ex) adds incorrect EPC page for heap
…malloc();
…
Application In-enclave Lib
Emulated OS
Wrapper
Stubheap_end
cur_heap_ptrvoid *malloc(int size){if(cur_heap_ptr
== heap_end) {stub->mcode = EAUG;exit(trampoline);
}
Trampolinemalloc_tramp() {
sys_add_epc();}
enclu(EACCEPT, …);int sys_add_epc() {
…}
BadEPC page
Detect!
![Page 69: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/69.jpg)
Memory State of OpenSGX Program
69
SGX OS Emulation
QEMU SGX
User process (single address space)
ENCLS(e.g., EINIT)
Package InfoEntry pointMeasurement
Key …
SGX Lib
Trampoline
Stub
Wrapper
Lib
Stack
Heap
Enclave Program
Code
Data
EPC
EPC
EPC
EPC
EPC
…
…
Privilegeboundary
System callsboundary
ENCLU(e.g., EENTER)
ENCLU(e.g., EEXIT)
System call (e.g., sys_sgxinit())
![Page 70: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/70.jpg)
Attacks on Tor Components
• Tor network : uses 3-hop onion routing
– Directory servers : Advertise available onion routers (ORs), vote for bad exit nodes
EntryRelay
Exit
When exit node is compromised,(unless end-to-end encryption is used)1. Snooping or tampering of the plain-text2. Break of anonymity : Bad apple attack
70
Directory servers
Tor client
Destination
Tor network
![Page 71: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/71.jpg)
Attacks on Tor Components
• Tor network : uses 3-hop onion routing
– Directory servers : Advertise available onion routers (ORs), vote for bad exit nodes
Directory servers
Tor client
DestinationEntry
Relay
Exit
When directory servers are compromised,1. Tie-breaking attacks while voting2. Admission of malicious ORs
71
Tor network
![Page 72: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/72.jpg)
Performance Profiling: CPU cycles
72
<Directory Server> <Tor Exit Node>
0
3000
6000
9000
12000
15000
18000
# o
f CPU
cycl
es
(M)
Key generation Consensus creation Circuit establishment & Service Total
0
200
400
600
800
1000
1200
# o
f CPU
cycl
es
(M)
OpenSGX Native QEMU OpenSGX Native QEMU
2.8x 2.7x
• ENCLU(EEXIT, ERESUME) calls
• In-enclave library code to handle stub & trampoline interface
![Page 73: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/73.jpg)
Performance Profiling: TCB
• Required EPC size: Less than 2MB for each process
• TCB size : 54% smaller than compared to Tor code base
73
Code Data Total
OpenSSL 270 88 358
SgxLib 3 1 4
Tor 3 1 4
Total 276 90 366
Code Data Total
OpenSSL 271 89 360
SgxLib 3 1 4
Tor 4 1 5
Total 278 91 369
<Directory Server> <Tor Exit Node>
(Unit: Number of pages)
![Page 74: OpenSGX: An Open Platform for SGX Research...OpenSGX: An Open Platform for SGX Research Prerit Jain, Soham Desai, Seongmin Kim*, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin,](https://reader034.fdocuments.in/reader034/viewer/2022042116/5e934d33074b41012d481ac0/html5/thumbnails/74.jpg)
OpenSGX implementation
74
• OpenSGX is an open source project!
– Modified lines of code : 19K
– First released in May, 2015
– 7 Contributors (Gatech, KAIST)
– 31 unique cloners, 1,645 Views (Until January, 2016)
– Available at https://github.com/sslab-gatech/opensgx.git