Guardian: Symbolic Validation of Orderliness in SGX Enclaves

Modern processors can offer hardware primitives that allow a process to run in isolation. These primitives implement a trusted execution environment (TEE) in which a program can run such that the integrity and confidentiality of its execution are guaranteed. Intel's Software Guard eXtensions (SGX) is an example of such primitives and its isolated processes are called enclaves. These guarantees, however, can be easily thwarted if the enclave has not been properly designed. Its interface with the untrusted software stack is a perhaps the largest attack surface that adversaries can exploit; unintended interactions with untrusted code can expose the enclave to memory corruption attacks, for instance. In this paper, we propose a notion of an orderly enclave which splits its behaviour into the following execution phases: entry, secure, ocall, and exit. Each of them imposes a set of restrictions that enforce a particular policy of access to untrusted memory and, in some cases, sanitisation conditions. A violation of these policies and conditions might indicate an undesired interaction with untrusted data/code or a lack of sanitisation, both of which can be harnessed to perpetrate attacks against the enclave. We also introduce Guardian: an open-source tool that uses symbolic execution to carry out the validation of an enclave against our notion of an orderly enclave; in this process, it also looks for some other typical attack primitives. We discuss how our approach can prevent and flag enclave vulnerabilities that have been identified in the literature. Moreover, we have evaluated how our approach fares in the analysis of some enclave samples. In this process, Guardian identified some security issues previously undetected in some of these samples that were acknowledged and fixed by the corresponding maintainers.