An Evaluation of Methods to Port Legacy Code to SGX Enclaves
The Intel Security Guard Extensions (SGX) architecture enables the abstraction
of enclaved execution, using which an application can protect its code and data
from powerful adversaries, including system software that executes with the
highest processor privilege. While the Intel SGX architecture exports an ISA
with low-level instructions that enable applications to create enclaves, the
task of writing applications using this ISA has been left to the software
community.
We consider the problem of porting legacy applications to SGX enclaves. In the
approximately four years to date since the Intel SGX became commercially
available, the community has developed three different models to port
applications to enclaves—the library OS, the library wrapper, and the
instruction wrapper models.
In this paper, we conduct an empirical evaluation of the merits and costs of
each model. We report on our attempt to port a handful of real-world
application benchmarks (including OpenSSL, Memcached, a Web server and a Python
interpreter) to SGX enclaves using prototypes that embody each of the above
models. Our evaluation focuses on the merits and costs of each of these models
from the perspective of the effort required to port code under each of these
models, the effort to re-engineer an application to work with enclaves, the
security offered by each model, and the runtime performance of the applications
under these models.
Tue 10 NovDisplayed time zone: (UTC) Coordinated Universal Time change
08:30 - 09:00 | |||
08:30 2mTalk | An Evaluation of Methods to Port Legacy Code to SGX Enclaves Research Papers Kripa Shanker Indian Institute of Science, Bangalore, Arun Joseph Indian Institute of Science, India, Vinod Ganapathy Indian Institute of Science, India DOI Pre-print File Attached | ||
08:33 1mTalk | How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach Journal First Chaima Abid University of Michigan, Marouane Kessentini University of Michigan, Vahid Alizadeh DePaul University, Mouna Dhaouadi University of Michigan, Rick Kazman University of Hawai‘i at Mānoa | ||
08:35 1mTalk | Improving Cybersecurity Hygiene through JIT Patching Industry Papers DOI | ||
08:37 1mTalk | Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems Research Papers Salah Ghamizi University of Luxembourg, Luxembourg, Maxime Cordy University of Luxembourg, Luxembourg, Martin Gubri University of Luxembourg, Luxembourg, Mike Papadakis University of Luxembourg, Luxembourg, Andrey Boystov University of Luxembourg, Luxembourg, Yves Le Traon University of Luxembourg, Luxembourg, Anne Goujon BGL BNP Paribas, Luxembourg DOI Pre-print | ||
08:39 1mTalk | SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed Research Papers Pan Bian Renmin University of China, China, Bin Liang Renmin University of China, China, Jianjun Huang Renmin University of China, China, Wenchang Shi Renmin University of China, China, Xidong Wang Renmin University of China, China, Jian Zhang Institute of Software at Chinese Academy of Sciences, China DOI | ||
08:41 1mTalk | Taking the Middle Path: Learning About Security Through Online Social Interaction Journal First Tamara Lopez The Open University, Thein Tun , Arosha K Bandara The Open University, Mark Levine Lancaster University, Bashar Nuseibeh The Open University (UK) & Lero (Ireland), Helen Sharp The Open University | ||
08:43 17mTalk | Conversations on Security Research Papers Frederico Araujo IBM T.J. Watson Research Center, New York, USA, Kripa Shanker Indian Institute of Science, Bangalore, Pan Bian Renmin University of China, China, Salah Ghamizi SntT - University of Luxembourg, Tamara Lopez The Open University, Chaima Abid University of Michigan, M: Ben Hermann Technical University Dortmund | ||