OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX

Program obfuscation is a popular cryptographic construct with a wide range of uses such as IP theft prevention. Although cryptographic solutions for program obfuscation impose impractically high overheads, a recent breakthrough in systematically leveraging trusted hardware has shown promise. However, the existing solution is based on special-purpose trusted hardware, restricting its use-cases to a limited few. In this paper, we first study if such obfuscation is feasible based on commodity trusted hardware, Intel SGX, and we observe that certain important security considerations are not afforded by commodity hardware. In particular, we found that existing obfuscation/obliviousness schemes are insecure if directly applied to the SGX environment mainly due to the side-channel limitations. To this end, we present OBFSCURO, the first system providing program obfuscation using commodity trusted hardware, Intel SGX. The key idea is to leverage ORAMbased operations to perform secure code execution and data access. Initially, OBFSCURO transforms the regular program layout into a side-channel-secure and ORAM-compatible layout. Then, OBFSCURO ensures that its ORAM controller always performs data oblivious accesses in order to protect itself from the side-channel attacks. Furthermore, OBFSCURO ensures that the program is secure from timing-based attacks by ensuring that the program always runs for a pre-configured time interval. Along the way, OBFSCURO also introduces a systematic optimization such as register-based ORAM stash. We provide a thorough security analysis of OBFSCURO along with empirical attack evaluations showing that OBFSCURO can protect the SGX program execution from being leaked by access pattern-based and timing-based channels. We also provide a detailed performance benchmark results in order to show the practical aspects of OBFSCURO.