Yuan Chen, Jiaqi Li, Guorui Xu, and Yajin Zhou, Zhejiang University; Zhi Wang, Florida State University; Cong Wang, City University of Hong Kong; Kui Ren, Zhejiang University
Since its debut, SGX has been used to secure various types of applications. However, existing systems usually assume a trusted enclave and ignore the security issues caused by an untrusted enclave. For instance, a vulnerable (or even malicious) third-party enclave can be exploited to attack the host application and the rest of the system. In this paper, we propose an efficient mechanism to confine an untrusted enclave's behaviors. In particular, the threats of an untrusted enclave come from the enclave-host asymmetries, which can be abused to access arbitrary memory regions of its host application, jump to any code location after leaving the enclave and forge the stack register to manipulate the saved context. Our solution breaks such asymmetries and establishes mutual distrust between the host application and the enclave. Specifically, it leverages Intel MPK for efficient memory isolation and the x86 single-step debugging mechanism to capture the exiting event of the enclave. Then it performs the integrity check of the jump target and the stack pointer. We have implemented a prototype system and solved two practical challenges. The evaluation with multiple micro-benchmarks and representative real-world applications demonstrated the effectiveness and the efficiency of our system, with less than 4% performance overhead.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Yuan Chen and Jiaqi Li and Guorui Xu and Yajin Zhou and Zhi Wang and Cong Wang and Kui Ren},
title = {{SGXLock}: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for {SGX}},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1},
address = {Boston, MA},
pages = {4129--4146},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yuan},
publisher = {USENIX Association},
month = aug
}