research-article

Public Access

COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX

Authors:

Mustakimur Rahman Khandaker,

Yueqiang Cheng,

Tao WeiAuthors Info & Claims

ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 971 - 985

https://doi.org/10.1145/3373376.3378486

Published: 13 March 2020 Publication History

Abstract

Intel SGX is a hardware-based trusted execution environment (TEE), which enables an application to compute on confidential data in a secure enclave. SGX assumes a powerful threat model, in which only the CPU itself is trusted; anything else is untrusted, including the memory, firmware, system software, etc. An enclave interacts with its host application through an exposed, enclave-specific, (usually) bi-directional interface. This interface is the main attack surface of the enclave. The attacker can invoke the interface in any order and inputs. It is thus imperative to secure it through careful design and defensive programming.

In this work, we systematically analyze the attack models against the enclave untrusted interfaces and summarized them into the COIN attacks -- Concurrent, Order, Inputs, and Nested. Together, these four models allow the attacker to invoke the enclave interface in any order with arbitrary inputs, including from multiple threads. We then build an extensible framework to test an enclave in the presence of COIN attacks with instruction emulation and concolic execution. We evaluated ten popular open-source SGX projects using eight vulnerability detection policies that cover information leaks, control-flow hijackings, and memory vulnerabilities. We found 52 vulnerabilities. In one case, we discovered an information leak that could reliably dump the entire enclave memory by manipulating the inputs. Our evaluation highlights the necessity of extensively testing an enclave before its deployment.

References

[1]

Alberto Sonnino. 2019. SGX-wallet. https://github.com/asonnino/sgxwallet.

[2]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'keeffe, Mark L Stillwell, et al. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 16). 689--703.

[3]

Andrew Baumann, Marcus Peinado, and Galen Hunt. 2015. Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems (TOCS) 33, 3 (2015), 8.

Digital Library

[4]

Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In USENIX Annual Technical Conference, FREENIX Track, Vol. 41. 46.

Digital Library

[5]

Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The Guard's Dilemma: Efficient codereuse attacks against Intel SGX. In 27th USENIX Security Symposium (USENIX Security 18). 1213--1227.

[6]

Stephen Checkoway and Hovav Shacham. 2013. Iago Attacks: Why the system call API is a bad untrusted RPC interface. In ASPLOS, Vol. 13. 253--264.

Digital Library

[7]

Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H Lai. 2019. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 142--157.

[8]

Xiaoxin Chen, Tal Garfinkel, E Christopher Lewis, Pratap Subrahmanyam, Carl A Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan RK Ports. 2008. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. ACM SIGOPS Operating Systems Review 42, 2 (2008), 2--13.

Digital Library

[9]

Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016, 086 (2016), 1--118.

[10]

Eadom. 2018. Stack memory leak issue from SGX-mbetls project, reported by an independent GitHub user. https://github.com/bl4ck5un/ mbedtls-SGX/issues/13.

[11]

Fan Zhang. 2019. SGX-mbedtls. https://github.com/bl4ck5un/mbedtls- SGX.

[12]

Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. 2017. Iron: functional encryption using Intel SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 765--782.

Digital Library

[13]

G. Beniamini. 2019. FuzzZone. https://github.com/laginimaineb/fuzz_ zone/tree/master/FuzzZone.

[14]

Lee Harrison, Hayawardh Vijayakumar, Rohan Padhye, Koushik Sen, Michael Grace, Rohan Padhye, Caroline Lemieux, Koushik Sen, Laurent Simon, Hayawardh Vijayakumar, et al. 2019. PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation. In Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020)(To Appear).

[15]

Intel. 2019. Intel SSL. https://github.com/intel/intel-sgx-ssl.

[16]

Jim Gordon. 2018. Microsoft* Azure confidential computing with IntelÂ? SGX. https://intel.ly/2Db5x1Z.

[17]

KAIST INA. 2019. SGX-Tor. https://github.com/kaist-ina/SGX-Tor.

[18]

Esmaeil Mohammadian Koruyeh, Khaled N Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre returns! speculation attacks using the return stack buffer. In 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18).

[19]

Kudelski Security. 2019. SGX-Reencrypt. https://github.com/ kudelskisecurity/sgx-reencrypt.

[20]

Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2017. SGXBOUNDS: Memory safety for shielded execution. In Proceedings of the Twelfth European Conference on Computer Systems. ACM, 205--221.

Digital Library

[21]

Large-Scale Data & Systems (LSDS) Group. 2019. TaLoS. https://github. com/lsds/TaLoS.

[22]

Ledger. 2019. BoLoS. https://github.com/LedgerHQ/bolos-enclave.

[23]

Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent ByungHoon Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. In 26th {USENIX} Security Symposium ({USENIX} Security 17). 523--539.

[24]

Sangho Lee and Taesoo Kim. 2017. Leaking uninitialized secure enclave memory via structure padding. arXiv preprint arXiv:1710.09061 (2017).

[25]

Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, et al. 2017. Glamdring: Automatic Application Partitioning for Intel {SGX}. In 2017 {USENIX} Annual Technical Conference ({USENIX} {ATC} 17). 285--298.

[26]

Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, and Carlos Rozas. 2016. Intel® software guard extensions (intel® sgx) support for dynamic memory management inside an enclave. In Proceedings of the Hardware and Architectural Support for Security and Privacy 2016. ACM, 10.

Digital Library

[27]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. 2013. Innovative instructions and software model for isolated execution. Hasp@ isca 10, 1 (2013).

[28]

mitre. 2019. 2019 CWE Top 25 Most Dangerous Software Errors. https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html.

[29]

Nelly Porter, Jason Garms, Sergey Simakov. 2018. Introducing Asylo: an open-source framework for confidential computing. https://bit.ly/ 2YtVwof.

[30]

Rafael Pires, David Goltzsche, Sonia Ben Mokhtar, Sara Bouchenak, Antoine Boutet, Pascal Felber, Rüdiger Kapitza, Marcelo Pasin, and Valerio Schiavoni. 2018. CYCLOSA: Decentralizing PrivateWeb Search Through SGX-Based Browser Extensions0. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE.

[31]

Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. EnclaveDB â?? A secure database using SGX. In To appear in the Proceedings of the IEEE Symposium on Security & Privacy, May 2018. IEEE. https://www.microsoft.com/en-us/research/publication/ enclavedb-a-secure-database-using-sgx/

[32]

Ricardo de Souza Costa. 2019. SGXCryptoFile. https://github.com/ rscosta/SGXCryptoFile.

[33]

Michael Schwarz, Samuel Weiser, and Daniel Gruss. 2019. Practical enclave malware with Intel SGX. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 177--196.

[34]

Secure Systems Group (SSG) at Aalto University. 2019. SGX-migration. https://github.com/SSGAalto/sgx-migration.

[35]

Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In NDSS.

[36]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Presented as part of the 2012 USENIX Annual Technical Conference (USENIX ATC 12). 309--318.

[37]

Rohit Sinha, Sriram Rajamani, Sanjit Seshia, and Kapil Vaswani. 2015. Moat: Verifying confidentiality of enclave programs. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1169--1184.

Digital Library

[38]

Jo Van Bulck, Marina Minkin, OfirWeisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas FWenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 991--1008.

[39]

Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D Garcia, and Frank Piessens. 2019. A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1741--1758.

Digital Library

[40]

Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A practical attack framework for precise enclave execution control. In Proceedings of the 2nd Workshop on System Software for Trusted Execution. ACM, 4.

Digital Library

[41]

Jinwen Wang, Yueqiang Cheng, Qi Li, and Yong Jiang. 2018. Interface- Based Side Channel Attack Against Intel SGX. arXiv preprint arXiv:1811.05378 (2018).

[42]

Nico Weichbrodt, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza. 2016. AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves. In European Symposium on Research in Computer Security. Springer, 440--457.

[43]

Yerzhan Mazhkenov. 2019. SGX-SQLite. https://github.com/yerzhan7/ SGX_SQLite.

Cited By

Zhang XWang JCheng YLi QSun KZheng YZhang NLi X(2024)Interface-Based Side Channel in TEE-Assisted Networked ServicesIEEE/ACM Transactions on Networking10.1109/TNET.2023.329401932:1(613-626)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TNET.2023.3294019
Chen HChen HSun MLi KChen ZWang XCalandrino JTroncoso C(2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620502
Chen SLin ZZhang YCalandrino JTroncoso C(2023)Controlled data races in enclavesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620465(4069-4086)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620465
Show More Cited By

Index Terms

COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX
1. Security and privacy
  1. Formal methods and theory of security
    1. Trust frameworks
  2. Systems security
    1. Vulnerability management
      1. Vulnerability scanners

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
CYSARM'20: Proceedings of the 2nd Workshop on Cyber-Security Arms Race

Systems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core ...
SEnFuzzer: Detecting SGX Memory Corruption via Information Feedback and Tailored Interface Analysis
RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses

Intel SGX provides protected memory called enclave to secure the private user data against corrupted or malicious OS environment. However, several researches have shown that the SGX applications suffer from memory corruption vulnerabilities, thus ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

March 2020

1412 pages

ISBN:9781450371025

DOI:10.1145/3373376

General Chair:
James Larus
EPFL
,
Program Chairs:
Luis Ceze
University of Washington
,
Karin Strauss
Microsoft

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ASPLOS '20

Sponsor:

ASPLOS '20: Architectural Support for Programming Languages and Operating Systems

March 16 - 20, 2020

Lausanne, Switzerland

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
1,585
Total Downloads

Downloads (Last 12 months)321
Downloads (Last 6 weeks)29

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang XWang JCheng YLi QSun KZheng YZhang NLi X(2024)Interface-Based Side Channel in TEE-Assisted Networked ServicesIEEE/ACM Transactions on Networking10.1109/TNET.2023.329401932:1(613-626)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TNET.2023.3294019
Chen HChen HSun MLi KChen ZWang XCalandrino JTroncoso C(2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620502
Chen SLin ZZhang YCalandrino JTroncoso C(2023)Controlled data races in enclavesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620465(4069-4086)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620465
Li XLi FGao M(2023)Flare: A Fast, Secure, and Memory-Efficient Distributed Analytics FrameworkProceedings of the VLDB Endowment10.14778/3583140.358315816:6(1439-1452)Online publication date: 20-Apr-2023
https://dl.acm.org/doi/10.14778/3583140.3583158
Chacon GWilliams CKnechtel JSinanoglu OGratz PSoteriou V(2023)Coherence Attacks and Countermeasures in Interposer-based Chiplet SystemsACM Transactions on Architecture and Code Optimization10.1145/363346121:2(1-25)Online publication date: 20-Nov-2023
https://dl.acm.org/doi/10.1145/3633461
Park JKang SLee SKim TPark JKwon YHuh J(2023)Hardware Hardened Sandbox Enclaves for Trusted Serverless ComputingACM Transactions on Architecture and Code Optimization10.1145/3632954Online publication date: 14-Nov-2023
https://dl.acm.org/doi/10.1145/3632954
Tarkhani ZMadhavapeddy A(2023)Information Flow Tracking for Heterogeneous Compartmentalized SoftwareProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607235(564-579)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607235
Yu DWang JFang HFang YZhang Y(2023)SEnFuzzer: Detecting SGX Memory Corruption via Information Feedback and Tailored Interface AnalysisProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607215(485-498)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607215
Lefeuvre HChisnall DKogias MOlivier PBaumann ACrooks NSchwarzkopf M(2023)Towards (Really) Safe and Fast Confidential I/OProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595913(214-222)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595913
Wang YZhang ZHe NZhong ZGuo SBao QLi DGuo YChen XMeng WJensen CCremers CKirda E(2023)SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic ExecutionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623213(2710-2724)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623213
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents