This repository provides the analysis data for our opinion paper "A Case for Unified ABI Shielding in Intel SGX Runtimes" to appear at the 5th Workshop on System Software for Trusted Execution (SysTEX'22).
Jo Van Bulck, Fritz Alder, and Frank Piessens. "A Case for Unified ABI Shielding in Intel SGX Runtimes," in Proceedings of the 5th Workshop on System Software for Trusted Execution (SysTEX'22).
With hardware support for trusted execution, most notably Intel SGX, becoming widely available, recent years have seen the emergence of numerous shielding runtimes to transparently protect enclave applications in hostile environments. While, at the application level, a wide range of languages and development paradigms are supported by diverse runtimes, shielding responsibilities at the lowest level of the application binary interface (ABI) remain strikingly similar. Particularly, the ABI dictates that certain CPU registers need to be cleansed and initialized via a small, hand-written assembly stub upon every enclave context switch.
This paper and call for action analyzes the ABI sanitization layers of 8 open-source SGX shielding runtimes from industry and academia, categorizes historic vulnerabilities therein, and identifies cross-cutting tendencies and insights. We conclude that there is no technical reason for maintaining separate, often notoriously complex and vulnerable ABI code bases. Moving forward, we outline challenges and opportunities for a single, unified ABI sanitization layer that complies with best practices from software engineering and can be scrutinized and integrated across SGX runtimes.
We reproduce the ABI vulnerability landscape overview from the paper (Table 1)
below. The top rows compare ABI sanitization layers in terms of total lines of
code (as measured on January 20, 2022; using
cloc
) and lines changed since original
release (as reported by git; following renamed/moved files). The third row
distinguishes (aspired) production runtimes from research prototypes.
SGX-SDK | OE | EDP | Gramine | Enarx | GoTEE | SGX-LKL | OpenSGX | |
---|---|---|---|---|---|---|---|---|
LoC ABI stub | 301 | 277 | 248 | 427 | 169 | 239 | 103 | 49 |
LoC changed | 243 | 589 | 187 | 1,840 | 844 | 65 | 47 | 0 |
Production? | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ |
LoC ABI stub. The first row provides static permalinks to the assembly file
that implements ABI shielding for the provided runtime, and which was measured
for the provided LoC count. Note that in the case of OpenEnclave (OE), however,
shielding responsibilities are split over two separate files, and the provided
LoC count is the sum of
enter.S
and
exit.S
.
LoC changed. We provide detailed READMEs with instructions, output logs, and git submodules pointing to the analyzed versions of each runtime in the respective subdirectories.
To checkout the git submodules and reproduce the LoC counts, proceed as follows:
$ ./calculate_line_changes.sh
We reproduce the ABI patch timeline overview from the paper (Table 2) below, with permalinks provided to the respective commits. The top row provides initial commit dates as a reference. The next rows list the dates of the initial patch (and the last revision, if any) for the ABI sanitization responsibilities in the left column, where 📰 and ⭐ indicate vulnerabilities disclosed by the referenced academic study and this work, respectively.
DF = direction flag sanitization; AC = alignment-check flag sanitization; FPU = extended-state sanitization; EXC = exception handler stack pointer initialization.
* This is the release date of the x86_64-fortanix-unknown-sgx
Rust compiler
target. After the paper release, we became aware of the existence of even older
public development versions of the EDP entry code, from
21.04.2016
onwards, which are now also referenced in the EDP directory README.