skip to main content
10.1145/3141235.3141244acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article
Public Access

Binary Code Retrofitting and Hardening Using SGX

Published: 03 November 2017 Publication History

Abstract

Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable files inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege.
In this work, we describe techniques that provide practical and efficient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retrofit the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efficiency of the proposed technique.

References

[1]
2014. Intel Software Guard Extensions Programming Reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf/. (2014). Order Number: 329298-002, October 2014.
[2]
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L Stillwell, David Goltzsche, David Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 2016 USENIX Symposium on Operating Systems Design and Implementation (OSDI '16). 689--703.
[3]
Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. ByteWeight: Learning to Recognize Functions in Binary Code. In Proceedings of the 23rd USENIX Conference on Security Symposium.
[4]
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with Haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015), 8.
[5]
Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17).
[6]
Bryan Buck and Jeffrey K. Hollingsworth. An API for Runtime Code Patching. Int. J. of High Performance Computing Applications 14, 4 (????), 317--329.
[7]
Juan Caballero and Zhiqiang Lin. 2016. Type Inference on Executables. ACM Comput. Surv. 48, 4, Article 65 (May 2016), 65:1--65:35 pages.
[8]
Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. 2017. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 7--18.
[9]
Mohammad H. Mofrad, Adam Lee, and Spencer L. Gray. 2017. Leveraging Intel SGX to Create a Nondisclosure Cryptographic library. (2017). http://arxiv.org/abs/1705.04706
[10]
Marcus Hähnel, Weidong Cui, and Marcus Peinado. 2017. High-Resolution Side Channels for Untrusted Operating Systems. In Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC 17). 299--312.
[11]
Laune C. Harris and Barton P. Miller. 2005. Practical Analysis of Stripped Binary Code. SIGARCH Comput. Archit. News 33, 5 (2005), 63--68.
[12]
Hex-Rays. 2014. IDA Pro: a cross-platform multi-processor disassembler. (2014).
[13]
Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. 2016. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In Proceedings of the 2016 USENIX Symposium on Operating Systems Design and Implementation (OSDI '16). 533--549.
[14]
Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, and Dongsu Han. Enhancing Security and Privacy of Tor's Ecosystem by Using Trusted Execution Environments. In Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI '17). 145--161.
[15]
Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In Proceedings of the 26th USENIX Security Symposium.
[16]
Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, PierreLouis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, Christof Fetzer, and Peter Pietzuch. 2017. Glamdring: Automatic application partitioning for Intel SGX. In Proceedings of 2017 USENIX Annual Technical Conference (USENIX ATC '17).
[17]
Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. CacheZoom: How SGX amplifies the power of cache attacks. In International Conference on Cryptographic Hardware and Embedded Systems (CHES '17).
[18]
Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious Multi-Party Machine Learning on Trusted Processors. In Proceedings of 2016 USENIX Security Symposium. 619--636.
[19]
Meni Orenbach, Pavel Lifshits, Marina Minkin, and Mark Silberstein. 2017. Eleos: ExitLess OS Services for SGX Enclaves. In Proceedings of the 2017 European Conference on Computer Systems. 238--253.
[20]
Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2012. Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (S&P '12). 601--615.
[21]
Pixel (Pascal Rigaux). 2017. HexEdit. (2017). http://rigaux.org/hexedit.html
[22]
J. H. Saltzer and M. D. Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (Sept 1975), 1278--1308.
[23]
Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In Proceedings of 2015 IEEE Symposium on Security and Privacy (S&P '15). IEEE, 38--54.
[24]
Ming-Wei Shih, Mohan Kumar, Taesoo Kim, and Ada Gavrilovska. 2016. S-NFV: Securing NFV states by using SGX. In Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. ACM, 45--48.
[25]
Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS '17.)
[26]
Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing Functions in Binaries with Neural Networks. In Proceedings of the 24th USENIX Conference on Security Symposium (SEC '15). 611--626.
[27]
Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. PANOPLY: Low-TCB Linux Applications With SGX Enclaves. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium.
[28]
Chia-Che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A practical library OS for unmodified applications on SGX. In Proceedings of the 2017 USENIX Annual Technical Conference.
[29]
Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, and Giovanni Vigna. 2017. Ramblr: Making Reassembly Great Again. In Proceedings of the 2017 Symposium on Network and Distributed System Security (NDSS '17).
[30]
Shuai Wang, Pei Wang, and Dinghao Wu. 2015. Reassembleable Disassembling. In Proceedings of the 24th USENIX Security Symposium (USENIX Security '15).
[31]
Shuai Wang, Pei Wang, and Dinghao Wu. 2016. Uroboros: Instrumenting Stripped Binaries with Static Reassembling. In Proceedings of the IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER '16).
[32]
Shuai Wang, Pei Wang, and Dinghao Wu. 2017. Semantics-Aware Machine Learning for Function Recognition in Binary Code. In Proceedings of the 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME '17).
[33]
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. 2017. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.
[34]
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of 2015 IEEE Symposium on Security and Privacy (S&P '15). IEEE, 640--656.

Cited By

View all
  • (2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
  • (2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
  • (2023)SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic ExecutionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623213(2710-2724)Online publication date: 15-Nov-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
FEAST '17: Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation
November 2017
78 pages
ISBN:9781450353953
DOI:10.1145/3141235
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. binary instrumentation
  2. sgx
  3. software security

Qualifiers

  • Research-article

Funding Sources

Conference

CCS '17
Sponsor:

Acceptance Rates

Overall Acceptance Rate 4 of 4 submissions, 100%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)86
  • Downloads (Last 6 weeks)13
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
  • (2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
  • (2023)SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic ExecutionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623213(2710-2724)Online publication date: 15-Nov-2023
  • (2023)SAPPX: Securing COTS Binaries with Automatic Program Partitioning for Intel SGX2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00016(148-159)Online publication date: 9-Oct-2023
  • (2022)Compiler-Aided Development of Trusted Enclaves with RustProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538972(1-10)Online publication date: 23-Aug-2022
  • (2022)SRX–Secure Data Backup and Recovery for SGX ApplicationsIEEE Access10.1109/ACCESS.2022.316248910(35901-35918)Online publication date: 2022
  • (2022) PriSIEMJournal of Network and Computer Applications10.1016/j.jnca.2022.103397203:COnline publication date: 1-Jul-2022
  • (2021)ADAM-CS: Advanced Asynchronous Monotonic Counter Service2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00053(426-437)Online publication date: Jun-2021
  • (2020)Building and maintaining a third-party library supply chain for productive and secure SGX enclave developmentProceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice10.1145/3377813.3381348(100-109)Online publication date: 27-Jun-2020
  • (2019)BDA: practical dependence analysis for binary executables by unbiased whole-program path sampling and per-path abstract interpretationProceedings of the ACM on Programming Languages10.1145/33605633:OOPSLA(1-31)Online publication date: 10-Oct-2019
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media