research-article

SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution

Authors:

Xiangqun ChenAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 2710 - 2724

https://doi.org/10.1145/3576915.3623213

Published: 21 November 2023 Publication History

Abstract

Intel Security Guard Extensions (SGX) have shown effectiveness in critical data protection. Recent symbolic execution-based techniques reveal that SGX applications are susceptible to memory corruption vulnerabilities. While existing approaches focus on conventional memory corruption in ECalls of SGX applications, they overlook an important type of SGX dedicated vulnerability: cross-boundary pointer vulnerabilities. This vulnerability is critical for SGX applications since they heavily utilize pointers to exchange data between secure enclaves and untrusted environments. Unfortunately, none of the existing symbolic execution approaches can effectively detect cross-boundary pointer vulnerabilities due to the lack of an SGX-specific analysis model that properly handles three unique features of SGX applications: Multi-entry Arbitrary-order Execution, Stateful Execution, and Context-aware Pointers. To address such problems, we propose a new analysis model named Global State Transition Graph with Context Aware Pointers (GSTG-CAP) that simulates properties-preserving execution behaviors for SGX applications and drives symbolic execution for vulnerability detection. Based on GSTG-CAP, we build a novel symbolic execution-based vulnerability detector named SYMGX to detect cross-boundary pointer vulnerabilities. According to our evaluation, SYMGX can find 30 0-DAY vulnerabilities in 14 open-source projects, three of which have been confirmed by developers. SYMGX also outperforms two state-of-the-art tools, COIN and TeeRex, in terms of effectiveness, efficiency, and accuracy.

References

[1]

2023. Fix memory range check on ecall #1553. https://github.com/microsoft/CCF /pull/1553.

[2]

Fritz Alder, Jo Van Bulck, Jesse Spielman, David Oswald, and Frank Piessens. 2022. Faulty point unit: ABI poisoning attacks on trusted execution environments. Digital Threats: Research and Practice (DTRAP) 3, 2 (2022), 1--26.

Digital Library

[3]

Ghous Amjad, Seny Kamara, and Tarik Moataz. 2019. Forward and backward private searchable encryption with SGX. In Proceedings of the 12th European Workshop on Systems Security. 1--6.

Digital Library

[4]

Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, Vol. 13. ACM New York, NY, USA.

[5]

Pedro Antonino, Wojciech Aleksander Woloszyn, and AW Roscoe. 2021. Guardian: Symbolic validation of orderliness in SGX enclaves. In Proceedings of the 2021 on Cloud Computing Security Workshop. 111--123.

Digital Library

[6]

asonnino. 2023. Github page of sgx-wallet. https://github.com/asonnino/sgxwallet.

[7]

Gbadebo Ayoade, Vishal Karande, Latifur Khan, and Kevin Hamlen. 2018. Decentralized IoT data management using blockchain and trusted execution environment. In 2018 IEEE International Conference on Information Reuse and Integration (IRI). IEEE, 15--22.

Digital Library

[8]

Qinkun Bao, Zihao Wang, James R Larus, and Dinghao Wu. 2021. Abacus: Precise side-channel analysis. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 797--809.

Digital Library

[9]

Erick Bauman and Zhiqiang Lin. 2016. A Case for Protecting Computer Games With SGX. In Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016. ACM, 4:1--4:6.

Digital Library

[10]

Erick Bauman, Huibo Wang, Mingwei Zhang, and Zhiqiang Lin. 2018. SGXElide: Enabling Enclave Code Secrecy via Self-Modification. In Proceedings of International Symposium on Code Generation and Optimization. Vienna, Austria.

[11]

Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The guard's dilemma: efficient code-reuse attacks against intel {SGX}. In 27th {USENIX} Security Symposium. 1213--1227.

[12]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In WOOT. 11--11.

[13]

Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. 2016. Securekeeper: confidential zookeeper using intel sgx. In Proceedings of the 17th International Middleware Conference. 1--13.

Digital Library

[14]

Sébastien Carré, Adrien Facon, Sylvain Guilley, Sofiane Takarabt, Alexander Schaub, and Youssef Souissi. 2019. Cache-Timing Attack Detection and Prevention: Application to Crypto Libs and PQC. In Constructive Side-Channel Analysis and Secure Design: 10th International Workshop, COSADE 2019, Darmstadt, Germany, April 3--5, 2019, Proceedings 10. Springer, 13--21.

Digital Library

[15]

Swarup Chandra, Vishal Karande, Zhiqiang Lin, Latifur Khan, Murat Kantarcioglu, and Bhavani Thuraisingham. 2017. Securing Data Analytics on SGX With Randomization. In Proceedings of the 22nd European Symposium on Research in Computer Security. Oslo, Norway.

[16]

Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. 2019. Stealing Intel Secrets from SGX Enclaves via Speculative Execution. In Proceedings of the 2019 IEEE European Symposium on Security and Privacy.

[17]

Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. 2020. SAVIOR: Towards Bug-Driven Hybrid Testing. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18--21, 2020. IEEE, 1580--1596.

[18]

Tobias Cloosters, Michael Rodler, and Lucas Davi. 2020. TeeRex: discovery and exploitation of memory corruption vulnerabilities in SGX enclaves. In Proceedings of the 29th USENIX Conference on Security Symposium. 841--858.

[19]

Tobias Cloosters, Johannes Willbold, Thorsten Holz, and Lucas Davi. 2022. {SGXFuzz}: Efficiently Synthesizing Nested Structures for {SGX} Enclave Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22). 3147--3164.

[20]

The Google Corporation. 2023. Asylo. https://asylo.dev.

[21]

The Micosoft Corporation. [n. d.]. Merge pull request from GHSA-525h-wxccf66m. https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fe e9e0b5d0c7a0308fd4d76b.

[22]

The MITRE Corporation. 2020. CVE-2020-15224. Retrieved April 30, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8936

[23]

The MITRE Corporation. 2020. CVE-2020-15224. Retrieved April 30, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15224

[24]

The MITRE Corporation. 2020. CVE-2020-8904. Retrieved April 30, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8904

[25]

The MITRE Corporation. 2020. CVE-2020-8905. Retrieved April 30, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8905

[26]

The MITRE Corporation. 2020. CVE-2020-8935. Retrieved April 30, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8935

[27]

The MITRE Corporation. 2020. CVE-2020-8937. Retrieved April 30, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8937

[28]

The MITRE Corporation. 2020. CVE-2020-8944. Retrieved April 30, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8944

[29]

The Micosoft Corporation. 2023. Open Enclave SDK. https://openenclave.io/sdk.

[30]

Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. Cryptology ePrint Archive (2016).

[31]

Victor Costan, Ilia Lebedev, Srinivas Devadas, et al. 2017. Secure processors part I: background, taxonomy for secure enclaves and Intel SGX architecture. Foundations and Trends® in Electronic Design Automation 11, 1--2 (2017), 1--248.

[32]

Victor Costan, Ilia Lebedev, Srinivas Devadas, et al. 2017. Secure processors part II: Intel SGX security analysis and MIT sanctum architecture. Foundations and Trends® in Electronic Design Automation 11, 3 (2017), 249--361.

[33]

ctz. 2023. Github page of sgx-pwenclave. https://github.com/ctz/sgx-pwenclave.

[34]

Jinhua Cui, Jason Zhijingcheng Yu, Shweta Shinde, Prateek Saxena, and Zhiping Cai. 2021. Smashex: Smashing sgx enclaves using exceptions. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 779--793.

Digital Library

[35]

Rongzhen Cui, Lianying Zhao, and David Lie. 2021. Emilia: Catching Iago in Legacy Code. In NDSS.

[36]

davidgmorais. 2023. Github page of varifiable-election. https://github.com/davidgmorais/verifiable-election.

[37]

dsc-sgx. 2023. Github page of sgx-kmeans. https://github.com/dsc-sgx/sgxkmeans.

[38]

Benny Fuhry, Lina Hirschoff, Samuel Koesnadi, and Florian Kerschbaum. 2020. SeGShare: Secure group file sharing in the cloud using enclaves. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 476--488.

[39]

Shengjian Guo, Yueqi Chen, Peng Li, Yueqiang Cheng, Huibo Wang, Meng Wu, and Zhiqiang Zuo. 2020. SpecuSym: speculative symbolic execution for cache timing leak detection. In ICSE '20: 42nd International Conference on Software Engineering, Seoul, South Korea, 27 June - 19 July, 2020. ACM, 1235--1247.

Digital Library

[40]

Shengjian Guo, Yueqi Chen, Jiyong Yu, Meng Wu, Zhiqiang Zuo, Peng Li, Yueqiang Cheng, and Huibo Wang. 2020. Exposing cache timing side-channel leaks through out-of-order symbolic execution. Proc. ACM Program. Lang. 4, OOPSLA (2020), 147:1--147:32.

Digital Library

[41]

Shengjian Guo, MengWu, and ChaoWang. 2018. Adversarial symbolic execution for detecting concurrency-related cache timing leaks. In Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Lake Buena Vista, FL, USA, November 04-09, 2018. ACM, 377--388.

Digital Library

[42]

Ningyu He, Zhehao Zhao, Jikai Wang, Yubin Hu, Shengjian Guo, Haoyu Wang, Guangtai Liang, Ding Li, Xiangqun Chen, and Yao Guo. 2023. Eunomia: Enabling User-Specified Fine-Grained Search in Symbolically Executing WebAssembly Binaries. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, Seattle, WA, USA, July 17-21, 2023. ACM, 385--397.

Digital Library

[43]

Wenjian He, Wei Zhang, Sanjeev Das, and Yang Liu. 2018. Sgxlinger: A new side-channel attack vector based on interrupt latency against enclave execution. In 2018 IEEE 36th International Conference on Computer Design. IEEE, 108--114.

[44]

HNYuuu. 2023. Github page of SeeWasm. https://github.com/HNYuuu/SeeWasm.

[45]

PLC INTEL. 2014. Intel software guard extensions programming reference.

[46]

Jaehyuk Lee Jinsoo Jang Yeongjin Jang, Nohyun Kwak Yeseul Choi Changho Choi, Taesoo Kim, Marcus Peinado, and Brent Byunghoon Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. (2017).

[47]

Vishal Karande, Erick Bauman, Zhiqiang Lin, and Latifur Khan. 2017. SGX-Log: Securing system logs with SGX. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 19--30.

Digital Library

[48]

Mustakimur Rahman Khandaker, Yueqiang Cheng, Zhi Wang, and Tao Wei. 2020. COIN attacks: On insecurity of enclave untrusted interfaces in SGX. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 971--985.

Digital Library

[49]

Deokjin Kim, Daehee Jang, Minjoon Park, Yunjong Jeong, Jonghwan Kim, Seokjin Choi, and Brent Byunghoon Kang. 2019. SGX-LEGO: Fine-grained SGX controlledchannel attack and its countermeasure. computers & security 82 (2019), 118--139.

[50]

Taehoon Kim, Joongun Park, Jaewook Woo, Seungheun Jeon, and Jaehyuk Huh. 2019. Shieldstore: Shielded in-memory key-value storage with sgx. In Proceedings of the Fourteenth EuroSys Conference 2019. 1--15.

Digital Library

[51]

kudelskisecurity. 2023. Github page of sgx-reencrypt. https://github.com/kudel skisecurity/sgx-reencrypt.

[52]

landoxy. 2023. Github page of intel-sgx-deep-learning. https://github.com/lando xy/intel-sgx-deep-learning.

[53]

Fan Lang, Wei Wang, Lingjia Meng, Jingqiang Lin, Qiongxiao Wang, and Linli Lu. 2022. MoLE: Mitigation of Side-channel Attacks against SGX via Dynamic Data Location Escape. In Proceedings of the 38th Annual Computer Security Applications Conference. 978--988.

Digital Library

[54]

Weijie Liu, Wenhao Wang, Hongbo Chen, XiaoFeng Wang, Yaosong Lu, Kai Chen, Xinyu Wang, Qintao Shen, Yi Chen, and Haixu Tang. 2021. Practical and efficient in-enclave verification of privacy compliance. In 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 413--425.

[55]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. 2013. Innovative instructions and software model for isolated execution. Hasp@ isca 10, 1 (2013).

[56]

Mitar Milutinovic, Warren He, Howard Wu, and Maxinder Kanwal. 2016. Proof of luck: An efficient blockchain consensus protocol. In proceedings of the 1st Workshop on System Software for Trusted Execution. 1--6.

Digital Library

[57]

Mohammad Hasanzadeh Mofrad and Adam Lee. 2017. Leveraging Intel SGX to create a nondisclosure cryptographic library. arXiv preprint arXiv:1705.04706 (2017).

[58]

Kit Murdock, David Oswald, Flavio D Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. 2020. Plundervolt: Software-based fault injection attacks against Intel SGX. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1466--1482.

[59]

occlum. 2023. Github page of sgx_protect_file. https://github.com/occlum/sgx_ protect_file.

[60]

Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. EnclaveDB: A secure database using SGX. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 264--278.

[61]

Jaak Randmets. 2021. An overview of vulnerabilities and mitigations of intel sgx applications. URL: https://cyber. ee/research/reports/D-2-116-An-Overview-of-Vulnerabilities-and-Mitigations-of-Inte l-SGX-Applications. pdf (2021).

[62]

Joseph Redmon. 2013--2016. Darknet: Open Source Neural Networks in C. http://pjreddie.com/darknet/.

[63]

rscosta. 2023. Github page of SGXCryptoFile. https://github.com/rscosta/SGXCr yptoFile.

[64]

Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In NDSS.

[65]

Hovav Shacham, E Buchanan, R Roemer, and S Savage. 2008. Return-oriented programming: Exploits without code injection. Black Hat USA Briefings (August 2008) (2008).

[66]

Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, and Latifur Khan. 2017. A Practical Encrypted Data Analytic Framework With Trusted Processors. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS'17). Dallas, TX.

Digital Library

[67]

Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB Linux Applications With SGX Enclaves. In NDSS.

[68]

Yan Shoshitaishvili, RuoyuWang, Christopher Salls, Nick Stephens, Mario Polino, Audrey Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In IEEE Symposium on Security and Privacy.

[69]

Claudio Soriente, Ghassan Karame, Wenting Li, and Sergey Fedorov. 2019. Replicatee: Enabling seamless replication of sgx enclaves in the cloud. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 158--171.

[70]

SRI-CSL. 2023. Github page of wllvm. https://github.com/SRI-CSL/wholeprogram-llvm.

[71]

Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D Garcia, and Frank Piessens. 2019. A tale of two worlds: Assessing the vulnerability of enclave shielding runtimes. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1741--1758.

Digital Library

[72]

Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A practical attack framework for precise enclave execution control. In Proceedings of the 2nd Workshop on System Software for Trusted Execution. 1--6.

Digital Library

[73]

Huibo Wang, Erick Bauman, Vishal Karande, Zhiqiang Lin, Yueqiang Cheng, and Yinqian Zhang. 2019. Running Language Interpreters Inside SGX: A Lightweight, Legacy-Compatible Script Code Hardening Approach. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (Asia CCS '19). 114--121.

Digital Library

[74]

Huibo Wang, Pei Wang, Yu Ding, Mingshen Sun, Yiming Jing, Ran Duan, Long Li, Yulong Zhang, Tao Wei, and Zhiqiang Lin. 2019. Towards Memory Safe Enclave Programming with Rust-SGX. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[75]

Shuai Wang, Wenhao Wang, Qinkun Bao, Pei Wang, Xiao Feng Wang, and Dinghao Wu. 2017. Binary code retrofitting and hardening using SGX. In Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation. 43--49.

Digital Library

[76]

Yongzhi Wang, Lingtong Liu, Cuicui Su, Jiawen Ma, Lei Wang, Yibo Yang, Yulong Shen, Guangxia Li, Tao Zhang, and Xuewen Dong. 2017. CryptSQLite: Protecting data confidentiality of SQLite with intel SGX. In 2017 International Conference on Networking and Network Applications (NaNA). IEEE, 303--308.

[77]

Nico Weichbrodt, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza. 2016. Async-Shock: Exploiting synchronisation bugs in Intel SGX enclaves. In Computer Security-ESORICS 2016: 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part I 21. Springer, 440--457.

[78]

Bin Cedric Xing, Mark Shanahan, and Rebekah Leslie-Hurd. 2016. Intel® software guard extensions (Intel® SGX) software support for dynamic memory allocation inside an enclave. Proceedings of the Hardware and Architectural Support for Security and Privacy 2016 (2016), 1--9.

[79]

Shixuan Zhao, Mengyuan Li, Yinqian Zhang, and Zhiqiang Lin. 2022. vSGX: Virtualizing SGX Enclaves on AMD SEV. In Proceedings of the 2022 IEEE Symposium on Security and Privacy. San Francisco, CA.

[80]

Wenjia Zhao, Kangjie Lu, Yong Qi, and Saiyu Qi. 2020. Mptee: Bringing flexible and efficient memory protection to intel sgx. In Proceedings of the Fifteenth European Conference on Computer Systems. 1--15.

Digital Library

[81]

Wenchao Zhou, Yifan Cai, Yanqing Peng, ShengWang, Ke Ma, and Feifei Li. 2021. Veridb: An sgx-based verifiable database. In Proceedings of the 2021 International Conference on Management of Data. 2182--2194.

Digital Library

[82]

zyktrcn. 2023. Github page of sgx-rsa. https://github.com/zyktrcn/sgx_rsa.

Cited By

He NZhao ZGuan HWang JPeng SLi DWang HChen XGuo YChristakis MPradel M(2024)SeeWasm: An Efficient and Fully-Functional Symbolic Execution Engine for WebAssembly BinariesProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3685300(1816-1820)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3685300
Alder FDaniel LOswald DPiessens FVan Bulck J(2024)Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00090(4163-4181)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00090

Index Terms

SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution
1. Security and privacy

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
SGX-Bomb: Locking Down the Processor via Rowhammer Attack
SysTEX'17: Proceedings of the 2nd Workshop on System Software for Trusted Execution

Intel Software Guard Extensions (SGX) provides a strongly isolated memory space, known as an enclave, for a user process, ensuring confidentiality and integrity against software and hardware attacks. Even the operating system and hypervisor cannot ...
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution

Fuzz testing has proven successful in finding security vulnerabilities in large programs. However, traditional fuzz testing tools have a well-known common drawback: they are ineffective if most generated inputs are rejected at the early stage of program ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

the National Key R\&D of China
the National Natural Science Foundation of China

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
411
Total Downloads

Downloads (Last 12 months)411
Downloads (Last 6 weeks)23

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

He NZhao ZGuan HWang JPeng SLi DWang HChen XGuo YChristakis MPradel M(2024)SeeWasm: An Efficient and Fully-Functional Symbolic Execution Engine for WebAssembly BinariesProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3685300(1816-1820)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3685300
Alder FDaniel LOswald DPiessens FVan Bulck J(2024)Pandora: Principled Symbolic Validation of Intel SGX Enclave Runtimes2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00090(4163-4181)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00090

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents