TY - GEN
T1 - Preventing enclave malware with intermediate enclaves on semi-honest cloud platforms
AU - Moon, Soo Jung
AU - Park, Hoorin
AU - Lee, Wonjun
N1 - Funding Information:
ACKNOWLEDGMENT This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2019R1A2C2088812).
Publisher Copyright:
© 2021 IEEE.
PY - 2021/1
Y1 - 2021/1
N2 - Threats to data processing in the cloud computing environment are increasing with emerging cloud applications. Intel Software Guard Extensions (SGX) implements a Trusted Execution Environment (TEE) through hardware-based isolation, which can enhance the security of cloud applications by providing a separate secure space that does not reveal its interior. A trusted memory area isolated by SGX, so-called enclave, protects the confidential code and data from any other software, including highly privileged system software. However, the adversary also benefits from isolation by inserting malicious code into the enclave where the system cannot detect it. Existing studies suggest various measures to deal with enclave malware, but these are based on an underlying assumption that the system must be trusted, which does not apply to the semi-honest cloud platform. To this end, we propose a novel method, named Interclave, that protects the system from enclave malware in the cloud computing environment without trusting any component other than the intermediate enclave. Interclave forces every ECALL and OCALL of a suspicious enclave to be executed through an intermediate enclave. This prevents the malicious behavior of enclave malware such as code-reuse attacks that modify the stack or register values associated with the program's execution address. Interclave stores and restores all stack and register values before and after the execution of the suspicious enclave, ensuring the integrity of these values. Our implementation is done with slight code modifications which occupy only a little storage capacity without complicated hardware changes.
AB - Threats to data processing in the cloud computing environment are increasing with emerging cloud applications. Intel Software Guard Extensions (SGX) implements a Trusted Execution Environment (TEE) through hardware-based isolation, which can enhance the security of cloud applications by providing a separate secure space that does not reveal its interior. A trusted memory area isolated by SGX, so-called enclave, protects the confidential code and data from any other software, including highly privileged system software. However, the adversary also benefits from isolation by inserting malicious code into the enclave where the system cannot detect it. Existing studies suggest various measures to deal with enclave malware, but these are based on an underlying assumption that the system must be trusted, which does not apply to the semi-honest cloud platform. To this end, we propose a novel method, named Interclave, that protects the system from enclave malware in the cloud computing environment without trusting any component other than the intermediate enclave. Interclave forces every ECALL and OCALL of a suspicious enclave to be executed through an intermediate enclave. This prevents the malicious behavior of enclave malware such as code-reuse attacks that modify the stack or register values associated with the program's execution address. Interclave stores and restores all stack and register values before and after the execution of the suspicious enclave, ensuring the integrity of these values. Our implementation is done with slight code modifications which occupy only a little storage capacity without complicated hardware changes.
KW - Enclave malware
KW - Intel SGX
KW - Semi-honest cloud platform
UR - http://www.scopus.com/inward/record.url?scp=85102966410&partnerID=8YFLogxK
U2 - 10.1109/BigComp51126.2021.00050
DO - 10.1109/BigComp51126.2021.00050
M3 - Conference contribution
AN - SCOPUS:85102966410
T3 - Proceedings - 2021 IEEE International Conference on Big Data and Smart Computing, BigComp 2021
SP - 226
EP - 232
BT - Proceedings - 2021 IEEE International Conference on Big Data and Smart Computing, BigComp 2021
A2 - Unger, Herwig
A2 - Kim, Jinho
A2 - Kang, U
A2 - So-In, Chakchai
A2 - Du, Junping
A2 - Saad, Walid
A2 - Ha, Young-guk
A2 - Wagner, Christian
A2 - Bourgeois, Julien
A2 - Sathitwiriyawong, Chanboon
A2 - Kwon, Hyuk-Yoon
A2 - Leung, Carson
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE International Conference on Big Data and Smart Computing, BigComp 2021
Y2 - 17 January 2021 through 20 January 2021
ER -