Symbolic Validation of SGX enclaves using Guardian
Avoid known enclave vulnerabilities by automatically checking for orderliness
- Track: Hardware-Aided Trusted Computing devroom
- Room: D.trusted-hardware
- Day: Saturday
- Start: 12:00
- End: 12:25
- Video with Q&A: D.trusted_hardware
- Video only: D.trusted_hardware
- Chat: Join the conversation!
The confidentiality and integrity guarantees offered by Intel SGX enclaves can be easily thwarted if the enclave has not been properly designed. Its interface with the untrusted software stack is a perhaps the largest attack surface that adversaries can exploit; unintended interactions with untrusted code can expose the enclave to memory corruption attacks, for instance.
We have proposed a notion, called orderliness, that embodies good practice set out by academic papers and the principles of the Intel SGX SDK’s programming model. It is concerned especially with these interactions between the trusted and untrusted worlds. This notion underpins Guardian: an open-source tool that we have created to help enclave developers check their enclaves are orderly before they are deployed. It automatically validates enclaves and reports violations to our notion of orderliness. These violations help find parts of their code that may need changing – they should usually point to an attack primitive.
We have found some security issues in enclaves that had been extensively vetted by other researchers – one of which was crafted by Intel engineers.
Modern processors can offer hardware primitives that allow a process to run in isolation. These primitives implement a trusted execution environment (TEE) in which a program can run in such a way that the integrity and confidentiality of its execution are guaranteed. Intel's Software Guard eXtensions (SGX) is an example of such primitives and its isolated processes are called enclaves. These guarantees, however, can be easily undermined if the enclave has not been properly designed.
We propose a notion of an orderly enclave that splits the enclave’s behaviour into the following execution phases: entry, secure, ocall, and exit. Each of them imposes a set of restrictions that enforce a particular policy of access to untrusted memory and, in some cases, sanitisation conditions. A violation of these policies and conditions might indicate an undesired interaction with untrusted data/code or a lack of sanitisation, both of which can be harnessed to perpetrate attacks against the enclave. We also introduce Guardian: an open-source tool that uses symbolic execution to carry out the validation of an enclave against our notion of an orderly enclave; in this process, it also looks for some other typical attack primitives. We discuss how our approach can prevent and flag enclave vulnerabilities that have been identified in the literature. Moreover, we have evaluated how our approach fares in the analysis of some enclave samples. In this process, Guardian identified some previously undetected security issues in some of these samples. These were subsequently acknowledged and fixed by the corresponding maintainers.
Speakers
Pedro Antonino | |
Wojciech Aleksander Woloszyn |