2019 EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments
EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments. arXiv, 2019 v1, 2020 v2.
Overview
Problem: unmodified application in a library OS container (TEE libOS) is a large in-enclave TCB, can introduce bugs or vulnerabilities from third party codes.
Solution: A privilege separation system for large-TCB TEE applications.
- Partitions an enclave into multiple regions, and enforce per-region access rules;
- Partition at the granularity of individual in-enclave functions.
- Using Intel SGX for enclave, using Intel MPK for memory tagging.
- Protect internal libOS management data structures against tampering by application-level code.
- At every libOS system call, EnclaveDom then only grant access to those internal data structures which the syscall needs to perform its task.
Challenges:
- Privilege separation using enclave is hard to be made efficient; Partition an enclave is also not easy;
- EnclaveDom: do not split one enclave into two enclaves; but use MPX to control the access to different memory regions in a single enclave;
- Challenging to share sensitive data between regions with different privileges;
- EnclaveDom: use hardware-assisted memory tagging – assigning tags to enclave pages.
Key Techniques
- Combination of Intel SGX and Intel MPX.
Evaluation
Using Graphene-SGX library OS;
Microbenchmarks: LMBench.
Execution Performance on lat_syscall benchmark.
Memory overhead.
Some thoughts
Can we do the same thing?
- Yes. we can do the same thing. seems straight forward to build this prototype.
Any questions?
- How about two functions occupy a same page but these two have different privilege?