research-article

Building and maintaining a third-party library supply chain for productive and secure SGX enclave development

Authors:

Yiming JingAuthors Info & Claims

ICSE-SEIP '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice

Pages 100 - 109

https://doi.org/10.1145/3377813.3381348

Published: 18 September 2020 Publication History

Abstract

The big data industry is facing new challenges as concerns about privacy leakage soar. One of the remedies to privacy breach incidents is to encapsulate computations over sensitive data within hardware-assisted Trusted Execution Environments (TEE). Such TEE-powered software is called secure enclaves. Secure enclaves hold various advantages against competing for privacy-preserving computation solutions. However, enclaves are much more challenging to build compared with ordinary software. The reason is that the development of TEE software must follow a restrictive programming model to make effective use of strong memory encryption and segregation enforced by hardware. These constraints transitively apply to all third-party dependencies of the software. If these dependencies do not officially support TEE hardware, TEE developers have to spend additional engineering effort in porting them. High development and maintenance cost is one of the major obstacles against adopting TEE-based privacy protection solutions in production.

In this paper, we present our experience and achievements with regard to constructing and continuously maintaining a third-party library supply chain for TEE developers. In particular, we port a large collection of Rust third-party libraries into Intel SGX, one of the most mature trusted computing platforms. Our supply chain accepts upstream patches in a timely manner with SGX-specific security auditing. We have been able to maintain the SGX ports of 159 open-source Rust libraries with reasonable operational costs. Our work can effectively reduce the engineering cost of developing SGX enclaves for privacy-preserving data processing and exchange.

References

[1]

[n. d.]. Asylo: An open and flexible framework for enclave applications. https://asylo.dev/

[2]

[n. d.]. Open Enclave SDK. https://openenclave.io/sdk/

[3]

Brian Anderson, Lars Bergstrom, Manish Goregaokar, Josh Matthews, Keegan McAllister, Jack Moffitt, and Simon Sapin. 2016. Engineering the Servo Web Browser Engine Using Rust. In Proceedings of the 38th International Conference on Software Engineering Companion (ICSE '16). ACM, 81--89.

Digital Library

[4]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI '16). USENIX Association, 689--703.

Digital Library

[5]

Marek Baranowski, Shaobo He, and Zvonimir Rakamarić. 2018. Verifying Rust Programs with SMACK. In Proceedings of the 16th International Symposium on Automated Technology for Verification and Analysis (ATVA '18). Springer, 528--535.

[6]

Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol, and Stephanie A Shankles. 2015. Supply chain risk management practices for federal information systems and organizations. NIST Special Publication 800, 161 (2015), 32.

[7]

Chia che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC '17). USENIX Association, 645--658.

[8]

Stephen Checkoway and Hovav Shacham. 2013. Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '13). ACM, 253--264.

Digital Library

[9]

Tianqi Chen, Thierry Moreau, Ziheng Jiang, Lianmin Zheng, Eddie Yan, Haichen Shen, Meghan Cowan, Leyuan Wang, Yuwei Hu, Luis Ceze, Carlos Guestrin, and Arvind Krishnamurthy. 2018. TVM: An Automated End-to-End Optimizing Compiler for Deep Learning. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI '18). USENIX Association, 578--594.

[10]

Robert Ellison, Christopher Alberts, Rita Creel, Audrey Dorofee, and Carol Woody. 2010. Software Supply Chain Risk Management: From Products to Systems of Systems. Technical Report CMU/SEI-2010-TN-026. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9377

[11]

Robert Ellison, John Goodenough, Charles Weinstock, and Carol Woody. 2010. Evaluating and Mitigating Software Supply Chain Security Risks. Technical Report CMU/SEI-2010-TN-016. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9337

[12]

Adrien Ghosn, James R. Larus, and Edouard Bugnion. 2019. Secured Routines: Language-based Construction of Trusted Execution Environments. In 2019 USENIX Annual Technical Conference (USENIX ATC '19). USENIX Association, 571--586.

[13]

Dan Goodin. 2018. Widely used open source software contained bitcoin-stealing backdoor. https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/

[14]

Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2017. RustBelt: Securing the Foundations of the Rust Programming Language. Proc. ACM Program. Lang. 2, POPL, Article 66 (Dec. 2017), 34 pages.

Digital Library

[15]

Thomas Knauth, Michael Steiner, Somnath Chakrabarti, Li Lei, Cedric Xing, and Mona Vij. 2018. Integrating remote attestation with transport layer security. arXiv preprint arXiv:1801.05863 ( 2018).

[16]

Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna. 2018. MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). ACM, New York, NY, USA, 1714--1730.

Digital Library

[17]

Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, Christof Fetzer, and Peter Pietzuch. 2017. Glamdring: Automatic Application Partitioning for Intel SGX. In Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC '17). USENIX Association, 285--298.

[18]

Yin Liu, Kijin An, and Eli Tilevich. 2018. RT-Trust: Automated Refactoring for Trusted Execution under Real-Time Constraints. In Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences (GPCE 2018). Association for Computing Machinery, New York, NY, USA, 175âĂŞ187.

Digital Library

[19]

Matt Miller. 2019. Trends, Challenges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape. https://github.com/microsoft/MSRC-Security-Research/blob/master/presentations/2019_02_BlueHatIL/2019_01%20-%20BlueHatIL%20-%20Trends%2C%20challenge%2C%20and%20shifts%20in%20software%20vulnerability%20mitigation.pdf

[20]

Audris Mockus. 2019. Insights from Open Source Software Supply Chains (Keynote). In Proceedings of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE '19). ACM, 3--3.

Digital Library

[21]

J Yates Monteith and John D McGregor. 2013. Exploring Software Supply Chains from a Technical Debt Perspective. In Proceedings of the 4th International Workshop on Managing Technical Debt (MTD '13). IEEE, 32--38.

[22]

John Rushby. 1981. Design and Verification of Secure Systems. In Proceedings of the 8th ACM Symposium on Operating Systems Principles (SOSP '81). ACM,12--21.

Digital Library

[23]

Rohit Sinha, Sriram Rajamani, and Sanjit A. Seshia. 2017. A Compiler and Verifier for Page Access Oblivious Computation. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE '17). ACM, 649--660.

[24]

Huibo Wang, Pei Wang, Yu Ding, Mingshen Sun, Yiming Jing, Ran Duan, Long Li, Yulong Zhang, Tao Wei, and Zhiqiang Lin. 2019. Towards Memory Safe Enclave Programming with Rust-SGX. In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS '19). ACM. To appear.

Digital Library

[25]

Jun Wang, Mingyi Zhao, Qiang Zeng, Dinghao Wu, and Peng Liu. 2015. Risk Assessment of Buffer "Heartbleed" Over-Read Vulnerabilities. In Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '15). IEEE, 555--562.

[26]

Shuai Wang, Wenhao Wang, Qinkun Bao, Pei Wang, XiaoFeng Wang, and Dinghao Wu. 2017. Binary code retrofitting and hardening using SGX. In Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation (FEAST '17). ACM, 43--49.

Digital Library

[27]

Minghui Zhou, Qingying Chen, Audris Mockus, and Fengguang Wu. 2017. On the Scalability of Linux Kernel Maintainers' Work. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE '17). ACM, 27--37.

Digital Library

Cited By

Van Schaik SSeto AYurek TBatori AAlBassam BGenkin DMiller ARonen EYarom YGarman C(2024)SoK: SGX.Fail: How Stuff Gets eXposed2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00260(4143-4162)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00260
Chen HChen HSun MLi KChen ZWang XCalandrino JTroncoso C(2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620502
Zhan DYu XZhang HYe L(2023)ErrHunter: Detecting Error-Handling Bugs in the Linux Kernel Through Systematic Static AnalysisIEEE Transactions on Software Engineering10.1109/TSE.2022.316015549:2(684-698)Online publication date: 1-Feb-2023
https://doi.org/10.1109/TSE.2022.3160155
Show More Cited By

Index Terms

Building and maintaining a third-party library supply chain for productive and secure SGX enclave development
1. Security and privacy
  1. Security in hardware
    1. Tamper-proof and tamper-resistant designs
  2. Software and application security
2. Software and its engineering
  1. Software creation and management
    1. Software development process management
      1. Risk management
  2. Software notations and tools
    1. Software libraries and repositories

Recommendations

Towards Memory Safe Enclave Programming with Rust-SGX
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Intel Software Guard eXtension (SGX), a hardware supported trusted execution environment (TEE), is designed to protect security critical applications. However, it does not terminate traditional memory corruption vulnerabilities for the software running ...
Secure IoT Stream Data Management and Analytics with Intel SGX
SafeConfig '17: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense

Data streams from numerous Internet of Things (IoT) devices, such as medical, home and personal systems, may contain sensitive and confidential information that may need protection against attacks from external adversaries. Beyond addressing challenges ...
SnakeGX: A Sneaky Attack Against SGX Enclaves
Applied Cryptography and Network Security
Abstract
Intel Software Guard eXtension (SGX) is a technology to create enclaves (i.e., trusted memory regions) hardware isolated from a compromised operating system. Recently, researchers showed that unprivileged adversaries can mount code-reuse attacks ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE-SEIP '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice

June 2020

258 pages

ISBN:9781450371230

DOI:10.1145/3377813

General Chairs:
Gregg Rothermel
North Carolina State University
,
Doo-Hwan Bae
KAIST, South Korea

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

KIISE: Korean Institute of Information Scientists and Engineers
IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 September 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '20

Sponsor:

SIGSOFT

ICSE '20: 42nd International Conference on Software Engineering

June 27 - July 19, 2020

Seoul, South Korea

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
238
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)10

Reflects downloads up to 24 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Van Schaik SSeto AYurek TBatori AAlBassam BGenkin DMiller ARonen EYarom YGarman C(2024)SoK: SGX.Fail: How Stuff Gets eXposed2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00260(4143-4162)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00260
Chen HChen HSun MLi KChen ZWang XCalandrino JTroncoso C(2023)A verified confidential computing as a service framework for privacy preservationProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620502(4733-4750)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620502
Zhan DYu XZhang HYe L(2023)ErrHunter: Detecting Error-Handling Bugs in the Linux Kernel Through Systematic Static AnalysisIEEE Transactions on Software Engineering10.1109/TSE.2022.316015549:2(684-698)Online publication date: 1-Feb-2023
https://doi.org/10.1109/TSE.2022.3160155
Lantz DBoeira FAsplund M(2023)Towards Self-monitoring Enclaves: Side-Channel Detection Using Performance CountersSecure IT Systems10.1007/978-3-031-22295-5_7(120-138)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-22295-5_7
Dreissig FRöckl JMüller T(2022)Compiler-Aided Development of Trusted Enclaves with RustProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538972(1-10)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3538972
Payet ÉPearce DSpoto F(2022)On the Termination of Borrow Checking in Featherweight RustNASA Formal Methods10.1007/978-3-031-06773-0_22(411-430)Online publication date: 24-May-2022
https://dl.acm.org/doi/10.1007/978-3-031-06773-0_22
Wang PBangert JKern C(2021)If It's Not Secure, It Should Not CompileProceedings of the 43rd International Conference on Software Engineering10.1109/ICSE43902.2021.00123(1360-1372)Online publication date: 22-May-2021
https://dl.acm.org/doi/10.1109/ICSE43902.2021.00123
Grodowitz MPena LDunham CZhong DShamis PPoole S(2021)Two-Chains: High Performance Framework for Function Injection and Execution2021 IEEE International Conference on Cluster Computing (CLUSTER)10.1109/Cluster48925.2021.00049(377-387)Online publication date: Sep-2021
https://doi.org/10.1109/Cluster48925.2021.00049

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents