Binary code retrofiting and hardening using SGX

Shuai Wang, Wenhao Wang, Qinkun Bao, Pei Wang, Xiao Feng Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable fles inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege. In this work, we describe techniques that provide practical and efcient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retroft the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efciency of the proposed technique.

Original languageEnglish (US)
Title of host publicationFEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017
PublisherAssociation for Computing Machinery, Inc
Pages43-49
Number of pages7
ISBN (Electronic)9781450353953
DOIs
StatePublished - Nov 3 2017
Event2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017 - Dallas, United States
Duration: Nov 3 2017 → …

Publication series

NameFEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017

Other

Other2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017
CountryUnited States
CityDallas
Period11/3/17 → …

Fingerprint

Binary codes
Hardening
Cryptography
Semantics
Data storage equipment
Trusted computing

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality

Cite this

Wang, S., Wang, W., Bao, Q., Wang, P., Wang, X. F., & Wu, D. (2017). Binary code retrofiting and hardening using SGX. In FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017 (pp. 43-49). (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017). Association for Computing Machinery, Inc. https://doi.org/10.1145/3141235.3141244
Wang, Shuai ; Wang, Wenhao ; Bao, Qinkun ; Wang, Pei ; Wang, Xiao Feng ; Wu, Dinghao. / Binary code retrofiting and hardening using SGX. FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. Association for Computing Machinery, Inc, 2017. pp. 43-49 (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017).
@inproceedings{f9a13ef9e9e64b32957f0d4e8b680517,
title = "Binary code retrofiting and hardening using SGX",
abstract = "Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable fles inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege. In this work, we describe techniques that provide practical and efcient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retroft the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efciency of the proposed technique.",
author = "Shuai Wang and Wenhao Wang and Qinkun Bao and Pei Wang and Wang, {Xiao Feng} and Dinghao Wu",
year = "2017",
month = "11",
day = "3",
doi = "10.1145/3141235.3141244",
language = "English (US)",
series = "FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017",
publisher = "Association for Computing Machinery, Inc",
pages = "43--49",
booktitle = "FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017",

}

Wang, S, Wang, W, Bao, Q, Wang, P, Wang, XF & Wu, D 2017, Binary code retrofiting and hardening using SGX. in FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017, Association for Computing Machinery, Inc, pp. 43-49, 2nd Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2017, Dallas, United States, 11/3/17. https://doi.org/10.1145/3141235.3141244

Binary code retrofiting and hardening using SGX. / Wang, Shuai; Wang, Wenhao; Bao, Qinkun; Wang, Pei; Wang, Xiao Feng; Wu, Dinghao.

FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. Association for Computing Machinery, Inc, 2017. p. 43-49 (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Binary code retrofiting and hardening using SGX

AU - Wang, Shuai

AU - Wang, Wenhao

AU - Bao, Qinkun

AU - Wang, Pei

AU - Wang, Xiao Feng

AU - Wu, Dinghao

PY - 2017/11/3

Y1 - 2017/11/3

N2 - Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable fles inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege. In this work, we describe techniques that provide practical and efcient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retroft the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efciency of the proposed technique.

AB - Trusted Execution Environment (TEE) is designed to deliver a safe execution environment for software systems. Intel Software Guard Extensions (SGX) provides isolated memory regions (i.e., SGX enclaves) to protect code and data from adversaries in the untrusted world. While existing research has proposed techniques to execute entire executable fles inside enclave instances by providing rich sets of OS facilities, one notable limitation of these techniques is the unavoidably large size of Trusted Computing Base (TCB), which can potentially break the principle of least privilege. In this work, we describe techniques that provide practical and efcient protection of security sensitive code components in legacy binary code. Our technique dissects input binaries into multiple components which are further built into SGX enclave instances. We also leverage deliberately-designed binary editing techniques to retroft the input binary code and preserve the original program semantics. Our tentative evaluations on hardening AES encryption and decryption procedures demonstrate the practicability and efciency of the proposed technique.

UR - http://www.scopus.com/inward/record.url?scp=85037108142&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85037108142&partnerID=8YFLogxK

U2 - 10.1145/3141235.3141244

DO - 10.1145/3141235.3141244

M3 - Conference contribution

AN - SCOPUS:85037108142

T3 - FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017

SP - 43

EP - 49

BT - FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017

PB - Association for Computing Machinery, Inc

ER -

Wang S, Wang W, Bao Q, Wang P, Wang XF, Wu D. Binary code retrofiting and hardening using SGX. In FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017. Association for Computing Machinery, Inc. 2017. p. 43-49. (FEAST 2017 - Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017). https://doi.org/10.1145/3141235.3141244