CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs

Abstract: Intel SGX aims to provide the confidentiality of user data on untrusted cloud machines. However, applications that process confidential user data may contain bugs that leak information or be programmed maliciously to collect user data. Existing research that attempts to solve this problem does not consider multi-client isolation in a single enclave. We show that by not supporting such in-enclave isolation, they incur considerable slowdown when concurrently processing multiple clients in different enclave proce… Show more

“…In addition to the increased TCB, the memory access occurring in the enclave must be verified by instrumented instructions, causing extra performance costs. A recent study [28] reports that the software-based confinement incurs a slowdown of an average of 12.43%, up to 24.89% compared to native execution because it requires 23.52% more instructions.…”

“…Similar to STOCKADE, Ryoan decomposed a cloud application into distributed enclaves with the software sandboxing and SW-encrypted channels. Chancel [28] proposes multi-client software fault isolation through binary instrumentation and read-only shared memory between threads. It supports multiple isolated threads within an enclave.…”

“…It supports multiple isolated threads within an enclave. Several studies accommodate hardware features (Intel MPX or MPK) under software control for multi-domain SFI scheme [28,68,81,82]. Occlum [82] and Enclavedom [68] provide isolated compartments within a sandboxed enclave using Intel MPX or MPK.…”

“…Such uni-directional protection can endanger the rest of the system if the enclave code is malicious. To address such vulnerability, the prior study proposed to employ a heavy software sandboxing running with user codes inside an enclave [28,50,57,68,82]. Second, enclaves require to use operating system services via system calls, but the secure interaction via system calls must be considered.…”

“…The interaction of the bi-enclave and operating system can be forced to go through the monitor enclave to process the system calls only if they are valid. The key difference from the prior approaches [28,50,57,68,82,96] is that the monitor is isolated both from the bi-enclave and from the operating system, which provides stronger protection for the system call verification and return value validation. The codes running in the monitor enclave are attested by both the bi-enclave and operating system, providing verified monitoring operations by the two entities.…”

Stockade: Hardware Hardening for Distributed Trusted Sandboxes

“…In addition to the increased TCB, the memory access occurring in the enclave must be verified by instrumented instructions, causing extra performance costs. A recent study [28] reports that the software-based confinement incurs a slowdown of an average of 12.43%, up to 24.89% compared to native execution because it requires 23.52% more instructions.…”

“…Similar to STOCKADE, Ryoan decomposed a cloud application into distributed enclaves with the software sandboxing and SW-encrypted channels. Chancel [28] proposes multi-client software fault isolation through binary instrumentation and read-only shared memory between threads. It supports multiple isolated threads within an enclave.…”

“…It supports multiple isolated threads within an enclave. Several studies accommodate hardware features (Intel MPX or MPK) under software control for multi-domain SFI scheme [28,68,81,82]. Occlum [82] and Enclavedom [68] provide isolated compartments within a sandboxed enclave using Intel MPX or MPK.…”

“…Such uni-directional protection can endanger the rest of the system if the enclave code is malicious. To address such vulnerability, the prior study proposed to employ a heavy software sandboxing running with user codes inside an enclave [28,50,57,68,82]. Second, enclaves require to use operating system services via system calls, but the secure interaction via system calls must be considered.…”

“…The interaction of the bi-enclave and operating system can be forced to go through the monitor enclave to process the system calls only if they are valid. The key difference from the prior approaches [28,50,57,68,82,96] is that the monitor is isolated both from the bi-enclave and from the operating system, which provides stronger protection for the system call verification and return value validation. The codes running in the monitor enclave are attested by both the bi-enclave and operating system, providing verified monitoring operations by the two entities.…”

Stockade: Hardware Hardening for Distributed Trusted Sandboxes

One System Call Hook to Rule All TEE OSes in the Cloud

COMURICE: Closing Source Code Leakage in Cloud-Based Compiling via Enclave