Huibo Wang,Pei Wang,Yu Ding,Mingshen Sun,Yiming Jing,Ran Duan,Long Li,Yulong Zhang,Tao Wei,Zhigiang Lin

DOI: https://doi.org/10.1145/3319535.3354241

2019-01-01

Abstract:Intel Software Guard eXtension (SGX), a hardware supported trusted execution environment (TEE), is designed to protect security critical applications. However, it does not terminate traditional memory corruption vulnerabilities for the software running inside enclave, since enclave software is still developed with type unsafe languages such as C/C++. This paper presents RUST-SGX, an efficient and layered approach to exterminating memory corruption for software running inside SGX enclaves. The key idea is to enable the development of enclave programs with an efficient memory safe system language Rust with a RUST-SGX SDK by solving the key challenges of how to (1) make the SGX software memory safe and (2) meanwhile run as efficiently as with the SDK provided by Intel. We therefore propose to build RUST-SGX atop Intel SGX SDK, and tame unsafe components with formally proven memory safety. We have implemented RUST-SGX and tested with a series of benchmark programs. Our evaluation results show that RUST-SGX imposes little extra overhead (less than 5% with respect to the SGX specific features and services compared to software developed by Intel SGX SDK), and meanwhile have stronger memory safety.

Zheng Wei,Wu Ying,Wu Xiaoxue,Feng Chen,Sui Yulei,Luo Xiapu,Zhou Yajin

DOI: https://doi.org/10.1007/s11704-019-9096-y

IF: 2.6688

2020-01-01

Frontiers of Computer Science

Abstract:This paper presents a comprehensive survey on the development of Intel SGX (software guard extensions) processors and its applications. With the advent of SGX in 2013 and its subsequent development, the corresponding research works are also increasing rapidly. In order to get a more comprehensive literature review related to SGX, we have made a systematic analysis of the related papers in this area. We first search through five large-scale paper retrieval libraries by keywords (i.e., ACM Digital Library, IEEE/IET Electronic Library, SpringerLink, Web of Science, and Elsevier Science Direct). We read and analyze a total of 128 SGX-related papers. The first round of extensive study is conducted to classify them. The second round of intensive study is carried out to complete a comprehensive analysis of the paper from various aspects. We start with the working environment of SGX and make a conclusive summary of trusted execution environment (TEE). We then focus on the applications of SGX. We also review and study multifarious attack methods to SGX framework and some recent security improvements made on SGX. Finally, we summarize the advantages and disadvantages of SGX with some future research opportunities. We hope this review could help the existing and future research works on SGX and its application for both developers and users.

Huibo Wang,Mingshen Sun,Qian Feng,Pei Wang,Tongxin Li,Yu Ding

DOI: https://doi.org/10.48550/arXiv.2005.05996

2020-05-12

Cryptography and Security

Abstract:Intel SGX Guard eXtensions (SGX), a hardware-supported trusted execution environment (TEE), is designed to protect security-sensitive applications. However, since enclave applications are developed with memory unsafe languages such as C/C++, traditional memory corruption is not eliminated in SGX. Rust-SGX is the first toolkit providing enclave developers with a memory-language. However, Rust is considered a Systems language and has become the right choice for concurrent applications and web browsers. Many application domains such as Big Data, Machine Learning, Robotics, Computer Vision are more commonly developed in the python programming language. Therefore, Python application developers cannot benefit from secure enclaves like Intel SGX and rust-SGX. To fill this gap, we propose Python-SGX, which is a memory-safe SGX SDK providing enclave developers a memory-safe Python development environment. The key idea is to enable memory-safe Python language in SGX by solving the following key challenges: (1) defining a memory-safe Python interpreter (2)replacing unsafe elements of Python interpreter with safe ones,(3) achieving comparable performance to non-enclave Python applications, and (4) not introducing any unsafe new code or libraries into SGX. We propose to build Python-SGX with PyPy, a Python interpreter written by RPython, which is a subset of Python, and tame unsafe parts in PyPy by formal verification, security hardening, and memory safe language. We have implemented python-SGX and tested it with a series of benchmarks programs. Our evaluation results show that Python-SGX does not cause significant overhead.

Yuan Chen,Jiaqi Li,Guorui Xu,Yajin Zhou,Zhi Wang,Cong Wang,Kui Ren

2022-01-01

Abstract:Since its debut, SGX has been used to secure various types of applications. However, existing systems usually assume a trusted enclave and ignore the security issues caused by an untrusted enclave. For instance, a vulnerable (or even malicious) third-party enclave can be exploited to attack the host application and the rest of the system. In this paper, we propose an efficient mechanism to confine an untrusted enclave's behaviors. In particular, the threats of an untrusted enclave come from the enclave-host asymmetries, which can be abused to access arbitrary memory regions of its host application, jump to any code location after leaving the enclave and forge the stack register to manipulate the saved context. Our solution breaks such asymmetries and establishes mutual distrust between the host application and the enclave. Specifically, it leverages Intel MPK for efficient memory isolation and the x86 single-step debugging mechanism to capture the exiting event of the enclave. Then it performs the integrity check of the jump target and the stack pointer. We have implemented a prototype system and solved two practical challenges. The evaluation with multiple micro-benchmarks and representative real-world applications demonstrated the effectiveness and the efficiency of our system, with less than 4% performance overhead.

Hongliang Tian,Yong Zhang,Chunxiao Xing,Shoumeng Yan

DOI: https://doi.org/10.1145/3075564.3075572

2017-01-01

Abstract:Intel Software Guard Extensions (SGX) is an emerging trusted hardware technology. SGX enables user-level code to allocate regions of trusted memory, called enclaves, where the confidentiality and integrity of code and data are guaranteed. While SGX offers strong security for applications, one limitation of SGX is the lack of system call support inside enclaves, which leads to a non-trivial, refactoring effort when protecting existing applications with SGX. To address this issue, previous works have ported existing library OSes to SGX. However, these library OSes are suboptimal in terms of security and performance since they are designed without taking into account the characteristics of SGX.

Jinhua Cui,Jason Zhijingcheng Yu,Shweta Shinde,Prateek Saxena,Zhiping Cai

DOI: https://doi.org/10.1145/3460120.3484821

2021-10-13

Abstract:Exceptions are a commodity hardware functionality which is central to multi-tasking OSes as well as event-driven user applications. Normally, the OS assists the user application by lifting the semantics of exceptions received from hardware to program-friendly user signals and exception handling interfaces. However, can exception handlers work securely in user enclaves, such as those enabled by Intel SGX, where the OS is not trusted by the enclave code? In this paper, we introduce a new attack called SmashEx which exploits the OS-enclave interface for asynchronous exceptions in SGX. It demonstrates the importance of a fundamental property of safe atomic execution that is required on this interface. In the absence of atomicity, we show that asynchronous exception handling in SGX enclaves is complicated and prone to re-entrancy vulnerabilities. Our attacks do not assume any memory errors in the enclave code, side channels, or application-specific logic flaws. We concretely demonstrate exploits that cause arbitrary disclosure of enclave private memory and code-reuse (ROP) attacks in the enclave. We show reliable exploits on two widely-used SGX runtimes, Intel SGX SDK and Microsoft Open Enclave, running OpenSSL and cURL libraries respectively. We tested a total of 14 frameworks, including Intel SGX SDK and Microsoft Open Enclave, 10 of which are vulnerable. We discuss how the vulnerability manifests on both SGX1-based and SGX2-based platforms. We present potential mitigation and long-term defenses for SmashEx.

Cryptography and Security

Wenhao Wang,Linke Song,Benshan Mei,Shuang Liu,Shijun Zhao,Shoumeng Yan,XiaoFeng Wang,Dan Meng,Rui Hou

2024-10-24

Abstract:Integrity is critical for maintaining system security, as it ensures that only genuine software is loaded onto a machine. Although confidential virtual machines (CVMs) function within isolated environments separate from the host, it is important to recognize that users still encounter challenges in maintaining control over the integrity of the code running within the trusted execution environments (TEEs). The presence of a sophisticated operating system (OS) raises the possibility of dynamically creating and executing any code, making user applications within TEEs vulnerable to interference or tampering if the guest OS is compromised. To address this issue, this paper introduces NestedSGX, a framework which leverages virtual machine privilege level (VMPL), a recent hardware feature available on AMD SEV-SNP to enable the creation of hardware enclaves within the guest VM. Similar to Intel SGX, NestedSGX considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested. To seamlessly protect existing applications, NestedSGX aims for compatibility with Intel SGX by simulating SGX leaf functions. We have also ported the SGX SDK and the Occlum library OS to NestedSGX, enabling the use of existing SGX toolchains and applications in the system. Performance evaluations show that context switches in NestedSGX take about 32,000 -- 34,000 cycles, approximately $1.9\times$ -- $2.1\times$ higher than that of Intel SGX. NestedSGX incurs minimal overhead in most real-world applications, with an average overhead below 2% for computation and memory intensive workloads and below 15.68% for I/O intensive workloads.

Cryptography and Security,Hardware Architecture

Baowen Xu,Bei Chu,Hongcheng Fan,Yang Feng 0003

DOI: https://doi.org/10.1007/978-981-99-6222-8_37

2023-01-01

Abstract:Memory safety is a critical concern in software development, as related issues often lead to program crashes, vulnerabilities, and security breaches, leading to severe consequences for applications and systems. This paper provides a detailed analysis of how Rust effectively addresses memory safety concerns. The paper first introduces the concepts of ownership, reference and lifetime in Rust, highlighting how they contribute to ensuring memory safety. It then delves into an examination of common memory safety issues and how they manifest in popular programming languages. Rust’s solutions to these issues are compared to those of other languages, emphasizing the benefits of using Rust for enhanced memory safety. In conclusion, this paper offers a comprehensive exploration of prevalent memory safety issues in programming and demonstrates how Rust effectively addresses them. With its encompassing mechanisms and strict rules, Rust proves to be a reliable choice for developers aiming to achieve enhanced memory safety in their programming endeavors.

Zhenyang Dai,Shuang Liu,Vilhelm Sjöberg,Xupeng Li,Yu Chen,Wenhao Wang,Yuekai Jia,Sean Noble Anderson,Laila Elbeheiry,Shubham Sondhi,Yu Zhang,Zhaozhong Ni,Shoumeng Yan,Ronghui Gu,Zhengyu He

DOI: https://doi.org/10.1145/3620665.3640398

2024-01-01

Abstract:As trusted execution environments (TEE) have become the corner stone for secure cloud computing, it is critical that they are reliable and enforce proper isolation, of which a key ingredient is spatial isolation. Many TEEs are implemented in software such as hypervisors for flexibility, and in a memory-safe language, namely Rust to alleviate potential memory bugs. Still, even if memory bugs are absent from the TEE, it may contain semantic errors such as mis-configurations in its memory subsystem which breaks spatial isolation.

Donghui Yu,Jianqiang Wang,Haoran Fang,Ya Fang,Yuanyuan Zhang

DOI: https://doi.org/10.1145/3607199.3607215

2023-01-01

Abstract:Intel SGX provides protected memory called enclave to secure the private user data against corrupted or malicious OS environment. However, several researches have shown that the SGX applications suffer from memory corruption vulnerabilities, thus leading to critical information leakage. Detecting memory corruption vulnerability in SGX applications can be cumbersome. Existing works either use symbolic execution or formal methods to analyze the enclave library, which is known to be inefficient and errors prone. Fuzzing, an effective and efficient vulnerability detection method is rarely used in SGX and has limitations. In this paper, we present SEnFuzzer, an automatic on-device fuzzing framework targeting SGX application memory corruption vulnerability detection. We designed an information feedback mechanism to convert the enclave environment from a black-box to a grey-box which is used to facilitate the fuzzing and the result analysis. To deal with the complex enclave interfaces, we thoroughly analyzed the ECALL and OCALL interface information in the EDL file to generate specific fuzz driver as well as OCALL hook mechanism to increase the fuzzing efficiency. We implemented SEnFuzzer prototype and evaluated it on 20 academic and industrial SGX applications such as mbedTLS-SGX and StealthDB. SEnFuzzer successfully found 51 bugs and vulnerabilities in their latest version.

Yang Chen,Jianfeng Jiang,Shoumeng Yan,Hui Xu

DOI: https://doi.org/10.1109/issre59848.2023.00022

2023-01-01

Abstract:Intel SGX is a promising TEE technique that can protect programs running in user space from being maliciously accessed by the host operating system. Although it provides hardware access control and memory encryption, improper implementation of a code snippet running inside an enclave can still leak private data. While existing research mainly detects bugs of enclave code, this paper serves as a first attempt to study the privacy leakage issues caused by pointer misuse. In particular, we focus on explicit pointer declarations that may incur data copy from trusted to untrusted spaces, and we summarize five common patterns of such leakage code. Further, we propose a novel approach to detect these patterns based on static sparse taint analysis. Our approach starts from suspicious pointers of predefined patterns and performs forward analysis to recognize all taint sinks. It then backward analyzes the values being leaked through these sinks and checks if their identifiers are sensitive. We have implemented a prototype, namely STELLA, and conducted real-world experiments with dozens of open-source SGX programs. Results show that STELLA found 80 new leakage issues previously unknown in 13 projects. We hope our work can remind SGX developers of pointer misuse issues and inspire better designs toward mitigating the problem.

Rodolfo Silva,Pedro Barbosa,Andrey Brito

DOI: https://doi.org/10.48550/arXiv.1710.11423

2017-10-31

Abstract:Intel(R) Software Guard eXtensions (SGX) is a hardware-based technology for ensuring security of sensitive data from disclosure or modification that enables user-level applications to allocate protected areas of memory called enclaves. Such memory areas are cryptographically protected even from code running with higher privilege levels. This memory protection can be used to develop secure and dependable applications, but the technology has some limitations: ($i$) the code of an enclave is visible at load time, ($ii$) libraries used by the code must be statically linked, and ($iii$) the protected memory size is limited, demanding page swapping to be done when this limit is exceeded. We present DynSGX, a privacy preserving tool that enables users and developers to dynamically load and unload code to be executed inside SGX enclaves. Such a technology makes possible that developers use public cloud infrastructures to run applications based on sensitive code and data. Moreover, we present a series of experiments that assess how applications dynamically loaded by DynSGX perform in comparison to statically linked applications that disregard privacy of the enclave code at load time.

Cryptography and Security

Liheng Chen,Zheming Li,Zheyu Ma,Yuan Li,Baojian Chen,Chao Zhang

DOI: https://doi.org/10.14722/ndss.2024.24819

2024-01-01

Abstract:Intel's Software Guard Extensions (SGX) offers an isolated execution environment, known as an enclave, where everything outside the enclave is considered potentially malicious, including non-enclave memory region, peripherals, and the operating system.Despite its robust attack model, the code running within enclaves is still prone to common memory corruption vulnerabilities.Moreover, such an attack model may introduce new threats or amplify existing ones.For instance, any direct memory access to untrusted memory from within an enclave can lead to Time-of-Check-Time-of-Use (TOCTOU) bugs since attackers are capable of controlling the whole untrusted memory.Moreover, null-pointer dereference may have a more severe security impact since the zero page controlled by the operating system is also considered malicious.Current fuzzing solutions, such as SGXFuzz and FuzzSGX, have limitations detecting such SGX-specific vulnerabilities.In this paper, we propose EnclaveFuzz, a multi-dimension structure-aware fuzzing framework that analyzes enclave sources to extract input structures and correlations, then generates fuzz harnesses that can produce valid inputs to pass sanity checks.To conduct multi-dimensional fuzzing, EnclaveFuzz creates data for all three input dimensions of an enclave, including both parameters and return values that enter an enclave, as well as direct untrusted memory access from within an enclave.To detect more types of vulnerabilities, we design a new sanitizer to detect both SGX-specific vulnerabilities and typical memory corruption vulnerabilities.Lastly, we provide a custom SDK to accelerate the fuzzing process and execute the enclave without the need for special hardware.To verify the effectiveness of our solution, we applied our work to test 20 real-world open-source enclaves and found 162 bugs in 14 of them.

Yuanpeng Wang,Ziqi Zhang,Ningyu He,Zhineng Zhong,Shengjian Guo,Qinkun Bao,Ding Li,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1145/3576915.3623213

2023-01-01

Abstract:Intel Security Guard Extensions (SGX) have shown effectiveness in critical data protection. Recent symbolic execution-based techniques reveal that SGX applications are susceptible to memory corruption vulnerabilities. While existing approaches focus on conventional memory corruption in ECalls of SGX applications, they overlook an important type of SGX dedicated vulnerability: cross-boundary pointer vulnerabilities. This vulnerability is critical for SGX applications since they heavily utilize pointers to exchange data between secure enclaves and untrusted environments. Unfortunately, none of the existing symbolic execution approaches can effectively detect cross-boundary pointer vulnerabilities due to the lack of an SGX-specific analysis model that properly handles three unique features of SGX applications: Multi-entry Arbitrary-order Execution, Stateful Execution, and Context-aware Pointers. To address such problems, we propose a new analysis model named Global State Transition Graph with Context Aware Pointers (GSTG-CAP) that simulates properties-preserving execution behaviors for SGX applications and drives symbolic execution for vulnerability detection. Based on GSTG-CAP, we build a novel symbolic execution-based vulnerability detector named SYMGX to detect cross-boundary pointer vulnerabilities. According to our evaluation, SYMGX can find 30 0-DAY vulnerabilities in 14 open-source projects, three of which have been confirmed by developers. SYMGX also outperforms two state-of-the-art tools, COIN and TeeRex, in terms of effectiveness, efficiency, and accuracy.

Boqin Qin,Yilun Chen,Haopeng Liu,Hua Zhang,Qiaoyan Wen,Linhai Song,Yiying Zhang

DOI: https://doi.org/10.1109/tse.2024.3380393

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Rust is a relatively new programming language designed for systems software development. Its objective is to combine the safety guarantees typically associated with high-level languages with the performance efficiency often found in executable programs implemented in low-level languages. The core design of Rust is a set of strict safety rules enforced through compile-time checks. However, to support more low-level controls, Rust also allows programmers to bypass its compiler checks by writing unsafe code. As the adoption of Rust grows in the development of safety-critical software, it becomes increasingly important to understand what safety issues may elude Rust’s compiler checks and manifest in real Rust programs.In this paper, we conduct a comprehensive, empirical study of Rust safety issues by close, manual inspection of 70 memory bugs, 100 concurrency bugs, and 110 programming errors leading to unexpected execution panics from five open-source Rust projects, five widely-used Rust libraries, and two online security databases. Our study answers three important questions: what memory-safety issues real Rust programs have, what concurrency bugs Rust programmers make, and how unexpected panics in Rust programs are caused. Our study reveals interesting real-world Rust program behaviors and highlights new issues made by Rust programmers. Building upon the findings of our study, we design and implement five static detectors. After being applied to the studied Rust programs and another 12 selected Rust projects, our checkers pinpoint 96 previously unknown bugs and report a negligible number of false positives, confirming their effectiveness and the value of our empirical study.

Boqin Qin,Yilun Chen,Zeming Yu,Linhai Song,Yiying Zhang

DOI: https://doi.org/10.1145/3385412.3386036

2020-01-01

Abstract:Rust is a young programming language designed for systems software development. It aims to provide safety guarantees like high-level languages and performance efficiency like low-level languages. The core design of Rust is a set of strict safety rules enforced by compile-time checking. To support more low-level controls, Rust allows programmers to bypass these compiler checks to write unsafe code. It is important to understand what safety issues exist in real Rust programs and how Rust safety mechanisms impact programming practices. We performed the first empirical study of Rust by close, manual inspection of 850 unsafe code usages and 170 bugs in five open-source Rust projects, five widely-used Rust libraries, two online security databases, and the Rust standard library. Our study answers three important questions: how and why do programmers write unsafe code, what memory-safety issues real Rust programs have, and what concurrency bugs Rust programmers make. Our study reveals interesting real-world Rust program behaviors and new issues Rust programmers make. Based on our study results, we propose several directions of building Rust bug detectors and built two static bug detectors, both of which revealed previously unknown bugs.

Supraja Sridhara,Andrin Bertschi,Benedict Schlüter,Shweta Shinde

2024-04-22

Abstract:User programs recover from hardware exceptions and respond to signals by executing custom handlers that they register specifically for such events. We present SIGY attack, which abuses this programming model on Intel SGX to break the confidentiality and integrity guarantees of enclaves. SIGY uses the untrusted OS to deliver fake hardware events and injects fake signals in an enclave at any point. Such unintended execution of benign program-defined handlers in an enclave corrupts its state and violates execution integrity. 7 runtimes and library OSes (OpenEnclave, Gramine, Scone, Asylo, Teaclave, Occlum, EnclaveOS) are vulnerable to SIGY. 8 languages supported in Intel SGX have programming constructs that are vulnerable to SIGY. We use SIGY to demonstrate 4 proof of concept exploits on webservers (Nginx, Node.js) to leak secrets and data analytics workloads in different languages (C and Java) to break execution integrity.

Cryptography and Security

Yuxia Cheng,Qing Wu,Bei Wang,Wenzhi Chen

DOI: https://doi.org/10.1007/978-3-319-69471-9_4

2017-01-01

Abstract:Protecting data security and privacy is one of the top concerns in the public cloud. As the cloud infrastructure is complex, and it is difficult for cloud users to gain trust. Particularly, how to guarantee the confidentiality and integrity of in-memory user private data in untrusted cloud faces big challenges. The in-memory data is typically used for online processing that requires high performance and plaintext access in CPU, therefore simple data encryption is infeasible for in-memory data security protection. In this paper, we propose a secure in-memory data cache scheme based on the memcached key-value store system and leverage the new trusted Intel SGX processors to protect sensitive operations. Firstly, we build a secure enclave and design a trusted channel protocol using remote attestation mechanism. Secondly, we propose a cache server partitioning method that decouples the sensitive key-value operations with enclave protection. Thirdly, we implement a secure client library to maintain the original cache semantics for application compatibility. The experimental result showed that the proposed solutions achieves comparable performance with the traditional key-value store systems, while improves the level of data security in untrusted cloud.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

2016-01-01

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, e.g., smart hardware, wearable devices, mobile devices. Typically, these devices use universal hardware and software to connect with public network by internet, and are probably open to security threats from Trojan, virus and other malware. As a result, not only personal sensitive data is threatened, economic interests in industry are also compromised. To address the run-time security problems efficiently, first a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Last, both analytical and experimental evaluations are given in the end. The experimental results demonstrate that the proposed security scheme is effective and feasible.