Visible to the public Binary Code Retrofitting and Hardening Using SGX

TitleBinary Code Retrofitting and Hardening Using SGX
Publication TypeConference Paper
Year of Publication2017
AuthorsWang, Shuai, Wang, Wenhao, Bao, Qinkun, Wang, Pei, Wang, XiaoFeng, Wu, Dinghao
Conference NameProceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5395-3
Keywordsbinary instrumentation, composability, Metrics, Operating Systems Security, pubcrawl, Resiliency, Safe Coding, SGX, software security
Abstract

Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable files inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege. In this work, we describe techniques that provide practical and efficient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retrofit the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efficiency of the proposed technique.

URLhttp://doi.acm.org/10.1145/3141235.3141244
DOI10.1145/3141235.3141244
Citation Keywang_binary_2017