Preventing enclave malware with intermediate enclaves on semi-honest cloud platforms

Soo Jung Moon, Hoorin Park, Wonjun Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Threats to data processing in the cloud computing environment are increasing with emerging cloud applications. Intel Software Guard Extensions (SGX) implements a Trusted Execution Environment (TEE) through hardware-based isolation, which can enhance the security of cloud applications by providing a separate secure space that does not reveal its interior. A trusted memory area isolated by SGX, so-called enclave, protects the confidential code and data from any other software, including highly privileged system software. However, the adversary also benefits from isolation by inserting malicious code into the enclave where the system cannot detect it. Existing studies suggest various measures to deal with enclave malware, but these are based on an underlying assumption that the system must be trusted, which does not apply to the semi-honest cloud platform. To this end, we propose a novel method, named Interclave, that protects the system from enclave malware in the cloud computing environment without trusting any component other than the intermediate enclave. Interclave forces every ECALL and OCALL of a suspicious enclave to be executed through an intermediate enclave. This prevents the malicious behavior of enclave malware such as code-reuse attacks that modify the stack or register values associated with the program's execution address. Interclave stores and restores all stack and register values before and after the execution of the suspicious enclave, ensuring the integrity of these values. Our implementation is done with slight code modifications which occupy only a little storage capacity without complicated hardware changes.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE International Conference on Big Data and Smart Computing, BigComp 2021
EditorsHerwig Unger, Jinho Kim, U Kang, Chakchai So-In, Junping Du, Walid Saad, Young-guk Ha, Christian Wagner, Julien Bourgeois, Chanboon Sathitwiriyawong, Hyuk-Yoon Kwon, Carson Leung
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages226-232
Number of pages7
ISBN (Electronic)9781728189246
DOIs
Publication statusPublished - 2021 Jan
Event2021 IEEE International Conference on Big Data and Smart Computing, BigComp 2021 - Jeju Island, Korea, Republic of
Duration: 2021 Jan 172021 Jan 20

Publication series

NameProceedings - 2021 IEEE International Conference on Big Data and Smart Computing, BigComp 2021

Conference

Conference2021 IEEE International Conference on Big Data and Smart Computing, BigComp 2021
Country/TerritoryKorea, Republic of
CityJeju Island
Period21/1/1721/1/20

Keywords

  • Enclave malware
  • Intel SGX
  • Semi-honest cloud platform

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Computer Vision and Pattern Recognition
  • Information Systems
  • Signal Processing
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Preventing enclave malware with intermediate enclaves on semi-honest cloud platforms'. Together they form a unique fingerprint.

Cite this