SGXElide:通过自我修改启用飞地代码保密

Proceedings of the 2018 International Symposium on Code Generation and Optimization Pub Date : 2018-02-24 DOI:10.1145/3168833

Erick Bauman, Huibo Wang, Mingwei Zhang, Zhiqiang Lin

{"title":"SGXElide:通过自我修改启用飞地代码保密","authors":"Erick Bauman, Huibo Wang, Mingwei Zhang, Zhiqiang Lin","doi":"10.1145/3168833","DOIUrl":null,"url":null,"abstract":"Intel SGX provides a secure enclave in which code and data are hidden from the outside world, including privileged code such as the OS or hypervisor. However, by default, enclave code prior to initialization can be disassembled and therefore no secrets can be embedded in the binary. This is a problem for developers wishing to protect code secrets. This paper introduces SGXElide, a nearly-transparent framework that enables enclave code confidentiality. The key idea is to treat program code as data and dynamically restore secrets after an enclave is initialized. SGXElide can be integrated into any enclave, providing a mechanism to securely decrypt or deliver the secret code with the assistance of a developer-controlled trusted remote party. We have implemented SGXElide atop a recently released version of the Linux SGX SDK, and our evaluation with a number of programs shows that SGXElide can be used to protect the code secrecy of practical applications with no overhead after enclave initialization.","PeriodicalId":103558,"journal":{"name":"Proceedings of the 2018 International Symposium on Code Generation and Optimization","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":"{\"title\":\"SGXElide: enabling enclave code secrecy via self-modification\",\"authors\":\"Erick Bauman, Huibo Wang, Mingwei Zhang, Zhiqiang Lin\",\"doi\":\"10.1145/3168833\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intel SGX provides a secure enclave in which code and data are hidden from the outside world, including privileged code such as the OS or hypervisor. However, by default, enclave code prior to initialization can be disassembled and therefore no secrets can be embedded in the binary. This is a problem for developers wishing to protect code secrets. This paper introduces SGXElide, a nearly-transparent framework that enables enclave code confidentiality. The key idea is to treat program code as data and dynamically restore secrets after an enclave is initialized. SGXElide can be integrated into any enclave, providing a mechanism to securely decrypt or deliver the secret code with the assistance of a developer-controlled trusted remote party. We have implemented SGXElide atop a recently released version of the Linux SGX SDK, and our evaluation with a number of programs shows that SGXElide can be used to protect the code secrecy of practical applications with no overhead after enclave initialization.\",\"PeriodicalId\":103558,\"journal\":{\"name\":\"Proceedings of the 2018 International Symposium on Code Generation and Optimization\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-02-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"27\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2018 International Symposium on Code Generation and Optimization\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3168833\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2018 International Symposium on Code Generation and Optimization","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3168833","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 27

摘要

英特尔SGX提供了一个安全的飞地，其中代码和数据对外部世界隐藏，包括特权代码，如操作系统或管理程序。但是，默认情况下，初始化之前的enclave代码可以被反汇编，因此没有秘密可以嵌入到二进制文件中。对于希望保护代码秘密的开发人员来说，这是一个问题。本文介绍了SGXElide，这是一个几乎透明的框架，可以实现enclave代码的机密性。其关键思想是将程序代码视为数据，并在enclave初始化后动态恢复秘密。SGXElide可以集成到任何enclave中，提供一种机制，在开发人员控制的可信远程方的帮助下安全地解密或交付秘密代码。我们已经在最近发布的Linux SGX SDK版本上实现了SGXElide，我们对许多程序的评估表明，SGXElide可以用于保护实际应用程序的代码机密性，并且在enclave初始化之后没有开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SGXElide: enabling enclave code secrecy via self-modification

Intel SGX provides a secure enclave in which code and data are hidden from the outside world, including privileged code such as the OS or hypervisor. However, by default, enclave code prior to initialization can be disassembled and therefore no secrets can be embedded in the binary. This is a problem for developers wishing to protect code secrets. This paper introduces SGXElide, a nearly-transparent framework that enables enclave code confidentiality. The key idea is to treat program code as data and dynamically restore secrets after an enclave is initialized. SGXElide can be integrated into any enclave, providing a mechanism to securely decrypt or deliver the secret code with the assistance of a developer-controlled trusted remote party. We have implemented SGXElide atop a recently released version of the Linux SGX SDK, and our evaluation with a number of programs shows that SGXElide can be used to protect the code secrecy of practical applications with no overhead after enclave initialization.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2018 International Symposium on Code Generation and Optimization

自引率

0.00%

发文量