TY - GEN
T1 - Pagoda
T2 - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
AU - Yu, Jiyong
AU - Ge, Xinyang
AU - Jaeger, Trent
AU - Fletcher, Christopher W.
AU - Cui, Weidong
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Code disclosure remains a huge threat to the intellectual property (IP) of any software that is deployed in a remote, untrusted environment. In this threat model, attackers have complete control over the software stack, so software-only solutions for preventing code disclosure have been doomed to fail. A natural alternative is to employ trusted hardware, e.g., an enclave-based architecture such as Intel SGX. However, existing SGX frameworks assume the target application is in the trusted computing base, i.e., free of vulnerabilities which can be exploited to leak code. Making matters worse, simply porting to an enclave-based paradigm is impractical for enterprise-scale applications, incurring large performance overheads and compatibility issues.In this paper, we take a first step towards building a practical, SGX-based code privacy enforcement framework called Pagoda that supports unmodified applications with minimal performance overhead. The key insight of Pagoda is that placing only application code within the enclave prevents arbitrary code accesses, and at the same time avoids the usual performance and compatibility issues stemming from protecting data within enclaves. Pagoda achieves code privacy throughout the application's lifetime, by loading and decrypting encrypted binaries into the enclave, and enforcing eXecute-Only-Memory (XOM) to block arbitrary accesses to the private code during its execution.We have built a prototype of Pagoda for Linux-based systems on Intel SGX. The performance evaluation on SPEC CPU2017 benchmarks shows that Pagoda incurs an average of 2.1% performance overhead when compared to native runs. To demonstrate its compatibility, we show that Pagoda can run a wide range of applications, from common server applications such as Lighttpd and Memcached, to complicated graphical applications such as Quake without any source code modification.
AB - Code disclosure remains a huge threat to the intellectual property (IP) of any software that is deployed in a remote, untrusted environment. In this threat model, attackers have complete control over the software stack, so software-only solutions for preventing code disclosure have been doomed to fail. A natural alternative is to employ trusted hardware, e.g., an enclave-based architecture such as Intel SGX. However, existing SGX frameworks assume the target application is in the trusted computing base, i.e., free of vulnerabilities which can be exploited to leak code. Making matters worse, simply porting to an enclave-based paradigm is impractical for enterprise-scale applications, incurring large performance overheads and compatibility issues.In this paper, we take a first step towards building a practical, SGX-based code privacy enforcement framework called Pagoda that supports unmodified applications with minimal performance overhead. The key insight of Pagoda is that placing only application code within the enclave prevents arbitrary code accesses, and at the same time avoids the usual performance and compatibility issues stemming from protecting data within enclaves. Pagoda achieves code privacy throughout the application's lifetime, by loading and decrypting encrypted binaries into the enclave, and enforcing eXecute-Only-Memory (XOM) to block arbitrary accesses to the private code during its execution.We have built a prototype of Pagoda for Linux-based systems on Intel SGX. The performance evaluation on SPEC CPU2017 benchmarks shows that Pagoda incurs an average of 2.1% performance overhead when compared to native runs. To demonstrate its compatibility, we show that Pagoda can run a wide range of applications, from common server applications such as Lighttpd and Memcached, to complicated graphical applications such as Quake without any source code modification.
KW - Code privacy
KW - Execute Only Memory
KW - Intel SGX
UR - http://www.scopus.com/inward/record.url?scp=85143054620&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85143054620&partnerID=8YFLogxK
U2 - 10.1109/SEED55351.2022.00019
DO - 10.1109/SEED55351.2022.00019
M3 - Conference contribution
AN - SCOPUS:85143054620
T3 - Proceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
SP - 133
EP - 144
BT - Proceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 26 September 2022 through 27 September 2022
ER -