On (the Lack of) Code Confidentiality in Trusted Execution Environments

12/15/2022
by   Ivan Puddu, et al.
0

Trusted Execution Environments (TEEs) have been proposed as a solution to protect code confidentiality in scenarios where computation is outsourced to an untrusted operator. We study the resilience of such solutions to side-channel attacks in two commonly deployed scenarios: when a confidential code is a native binary that is shipped and executed within a TEE and when the confidential code is an intermediate representation (IR) executed on top of a runtime within a TEE. We show that executing IR code such as WASM bytecode on a runtime executing in a TEE leaks most IR instructions with high accuracy and therefore reveals the confidential code. Contrary to IR execution, native execution is much less susceptible to leakage and largely resists even the most powerful side-channel attacks. We evaluate native execution leakage in Intel SGX and AMD SEV and experimentally demonstrate end-to-end instruction extraction on Intel SGX, with WASM bytecode as IR executed within WAMR, a hybrid between a JIT compiler and interpreter developed by Intel. Our experiments show that IR code leakage from such systems is practical and therefore question the security claims of several commercial solutions which rely on TEEs+WASM for code confidentiality.

READ FULL TEXT

page 1

page 3

research
06/08/2022

Attestation Mechanisms for Trusted Execution Environments Demystified

Attestation is a fundamental building block to establish trust over soft...
research
04/14/2022

An Exploratory Study of Attestation Mechanisms for Trusted Execution Environments

Attestation is a fundamental building block to establish trust over soft...
research
06/17/2022

WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone

WebAssembly (Wasm) is a novel low-level bytecode format that swiftly gai...
research
05/01/2023

Montsalvat: Intel SGX Shielding for GraalVM Native Images

The popularity of the Java programming language has led to its wide adop...
research
08/09/2022

STELLA: Sparse Taint Analysis for Enclave Leakage Detection

Intel SGX (Software Guard Extension) is a promising TEE (trusted executi...
research
07/11/2019

R Melts Brains -- An IR for First-Class Environments and Lazy Effectful Arguments

The R programming language combines a number of features considered hard...
research
01/12/2018

Speculose: Analyzing the Security Implications of Speculative Execution in CPUs

Whenever modern CPUs encounter a conditional branch for which the condit...

Please sign up or login with your details

Forgot password? Click here to reset