Abstract
Intel Software Guard Extensions (SGX) is a recent technology from Intel that makes it possible to execute security-critical parts of an application in a so-called SGX enclave, an isolated area of the system that is shielded from all other software (including the OS and/or hypervisor). SGX was designed with the objective of making it relatively straightforward to take a single module of an existing C application, and put that module in an enclave. The SGX SDK includes tooling to semi-automatically generate wrappers for an enclaved C module. The wrapped enclave can then easily be linked to the legacy application that uses the module.
However, when the enclaved module and the surrounding application share a part of the heap and exchange pointers (a very common case in C programs), the generation of these wrappers requires programmer annotations and is error-prone – it is easy to introduce security vulnerabilities or program crashes.
This paper proposes a separation logic based language for specifying the interface of the enclaved C module, and shows how such an interface specification can be used to automatically generate secure wrappers that avoid these vulnerabilities and crashes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Intel\(\copyright \) software guard extensions programming reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. Accessed 31 May 2016
Agten, P., Jacobs, B., Piessens, F.: Sound modular verification of C code executing in an unverified context. In: POPL 2015 (2015)
Agten, P., Strackx, R., Jacobs, B., Piessens, F.: Secure compilation to modern processors. In: CSF 2012 (2012)
Brasser, F., El Mahjoub, B., Sadeghi, A.R., Wachsmann, C., Koeberl, P.: Tytan: Tiny trust anchor for tiny devices. In: DAC 2015 (2015)
Dimoulas, C., New, M.S., Findler, R.B., Felleisen, M.: Oh lord, please don’t let contracts be misunderstood (functional pearl). In: ICFP 2016 (2016)
Huq, N.: PoS RAM scraper malware: Past, present, and future. Technical report, Trend Micro (2015)
Intel: Intel Software Guard Extensions Developer Guide (2017). https://software.intel.com/en-us/node/703016
Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: Verifast: A powerful, sound, predictable, fast verifier for C and Java. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 41–55. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20398-5_4
Jacobs, B., Smans, J., Piessens, F.: A quick tour of the verifast program verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17164-2_21
Kemerlis, V.P., Polychronakis, M., Keromytis, A.D.: ret2dir: Rethinking kernel isolation. In: USENIX Security (2014)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: S&P 2010 (2010)
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: EuroSys 2008 (2008)
McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: HASP 2013 (2013)
Noorman, J., Agten, P., Daniels, W., Strackx, R., Van Herrewege, A., Huygens, C., Preneel, B., Verbauwhede, I., Piessens, F.: Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In: 22nd USENIX Security symposium, pp. 479–494. USENIX Association (2013)
Noorman, J., Bulck, J.V., Mühlberg, J.T., Piessens, F., Maene, P., Preneel, B., Verbauwhede, I., Götzfried, J., Müller, T., Freiling, F.: Sancus 2.0: A low-cost security architecture for IoT devices. ACM Trans. Priv. Secur. 20(3) (2017)
Parkinson, M., Bierman, G.: Separation logic and abstraction. In: POPL 2005 (2005)
Parno, B., Lorch, J.R., Douceur, J.R., Mickens, J., McCune, J.M.: Memoir: Practical state continuity for protected modules. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, pp. 379–394. IEEE Computer Society (2011)
Patrignani, M., Agten, P., Strackx, R., Jacobs, B., Clarke, D., Piessens, F.: Secure compilation to protected module architectures. In: TOPLAS 2014 (2014)
Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: LICS 2002 (2002)
Sinha, R., Rajamani, S., Seshia, S., Vaswani, K.: Moat: Verifying confidentiality of enclave programs. In: CCS 2015 (2015)
Strackx, R., Jacobs, B., Piessens, F.: Ice: a passive, high-speed, state-continuity scheme. In: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC 2014), pp. 106–115. ACM (2014)
Strackx, R., Piessens, F.: Ariadne: A minimal approach to state continuity. In: Proceedings of the 25th USENIX Security Symposium, pp. 875–892. USENIX Association (2016)
Vogels, F., Jacobs, B., Piessens, F.: Featherweight verifast. Logical Methods Comput. Sci. 11(3), 1–57 (2015)
Acknowledgments
Raoul Strackx holds a Postdoctoral mandate from the Research Foundation - Flanders (FWO). This research is partially funded by project grants from the Research Fund KU Leuven, and from the Research Foundation - Flanders (FWO).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
van Ginkel, N., Strackx, R., Piessens, F. (2017). Automatically Generating Secure Wrappers for SGX Enclaves from Separation Logic Specifications. In: Chang, BY. (eds) Programming Languages and Systems. APLAS 2017. Lecture Notes in Computer Science(), vol 10695. Springer, Cham. https://doi.org/10.1007/978-3-319-71237-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-71237-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71236-9
Online ISBN: 978-3-319-71237-6
eBook Packages: Computer ScienceComputer Science (R0)