Proceedings 2021 Network and Distributed System Security Symposium 2021
DOI: 10.14722/ndss.2021.24328
|View full text |Cite
|
Sign up to set email alerts
|

Emilia: Catching Iago in Legacy Code

Abstract: There has been interest in mechanisms that enable the secure use of legacy code to implement trusted code in a Trusted Execution Environment (TEE), such as Intel SGX. However, because legacy code generally assumes the presence of an operating system, this naturally raises the spectre of Iago attacks on the legacy code. We observe that not all legacy code is vulnerable to Iago attacks and that legacy code must use return values from system calls in an unsafe way to have Iago vulnerabilities. Based on this obser… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
11
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
7
1

Relationship

0
8

Authors

Journals

citations
Cited by 11 publications
(11 citation statements)
references
References 22 publications
0
11
0
Order By: Relevance
“…Previous work has discovered that an attacker can compromise the confidentiality and integrity of an enclave by providing malicious system call return values, referred to as Iago attacks [36]. Eliminating such threats requires enclave software to carefully scrutinize system call return values passed into an enclave [30,57,60], with the aid of formal verification [58] or software testing techniques [40]. In addition, enclave runtimes may forget to clean certain registers after a context switch into an enclave, thus opening up the enclave to attacks [29,61].…”
Section: Related Workmentioning
confidence: 99%
“…Previous work has discovered that an attacker can compromise the confidentiality and integrity of an enclave by providing malicious system call return values, referred to as Iago attacks [36]. Eliminating such threats requires enclave software to carefully scrutinize system call return values passed into an enclave [30,57,60], with the aid of formal verification [58] or software testing techniques [40]. In addition, enclave runtimes may forget to clean certain registers after a context switch into an enclave, thus opening up the enclave to attacks [29,61].…”
Section: Related Workmentioning
confidence: 99%
“…Sandboxes using system call delegation have to consider races between sandboxes [49]. In addition, a prior study [47] observed that a Iago attack can occur across multiple components, and thus checking the return value within each enclave individually is not enough to prevent such an attack. In STOCK-ADE, the monitor can track global states among bi-enclaves thus can prevent Iago attacks against connected bi-enclaves.…”
Section: Os Interactions With Bi-enclavementioning
confidence: 99%
“…Second, enclaves require to use operating system services via system calls, but the secure interaction via system calls must be considered. Not only such system call requests must be verified to protect the hosting system [96], but return values must be checked to prevent Iago attacks against the enclave [30,47,85,91]. Finally, the communication channel among enclaves is not provided by the hardware mechanism.…”
Section: Introductionmentioning
confidence: 99%
“…Fuzzers. Cui et al [60] developed Emilia to automatically detect Iago vulnerabilities in legacy applications by fuzzing applications using system call return values. Unlike Emilia, our written-in-Rust fuzzer consists of two parts, of which the kernel part is also active.…”
Section: Related Workmentioning
confidence: 99%