TY - GEN
T1 - Binary code retrofiting and hardening using SGX
AU - Wang, Shuai
AU - Wang, Wenhao
AU - Bao, Qinkun
AU - Wang, Pei
AU - Wang, Xiao Feng
AU - Wu, Dinghao
N1 - Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/11/3
Y1 - 2017/11/3
N2 - Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable fles inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege. In this work, we describe techniques that provide practical and efcient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retroft the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efciency of the proposed technique.
AB - Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable fles inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege. In this work, we describe techniques that provide practical and efcient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retroft the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efciency of the proposed technique.
UR - https://www.scopus.com/pages/publications/85037108142
UR - https://www.scopus.com/pages/publications/85037108142#tab=citedBy
U2 - 10.1145/3141235.3141244
DO - 10.1145/3141235.3141244
M3 - Conference contribution
AN - SCOPUS:85037108142
T3 - FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017
SP - 43
EP - 49
BT - FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017
PB - Association for Computing Machinery, Inc
T2 - 2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017
Y2 - 3 November 2017
ER -