Wojciech Wołoszyn

Follower

Following

Co-author

Public Views

Andrej Dujella

University of Zagreb

Hemin Koyi

Uppsala University

Jana Javornik

University of East London

Armando Marques-Guedes

UNL - New University of Lisbon

Graham Martin

University of Leicester

Gwen Robbins Schug

University of North Carolina at Greensboro

Gabriel Gutierrez-Alonso

University of Salamanca

John Sutton

Macquarie University

Eros Carvalho

Universidade Federal do Rio Grande do Sul

Kevin Arbuckle

Swansea University

Uploads

Papers by Wojciech Wołoszyn

Guardian

by Wojciech Wołoszyn and Pedro Antonino

Proceedings of the 2021 on Cloud Computing Security Workshop, 2021

Modern processors can offer hardware primitives that allow a process to run in isolation. These p... more Modern processors can offer hardware primitives that allow a process to run in isolation. These primitives implement a trusted execution environment (TEE) in which a program can run such that the integrity and confidentiality of its execution are guaranteed. Intel's Software Guard eXtensions (SGX) is an example of such primitives and its isolated processes are called enclaves. These guarantees, however, can be easily thwarted if the enclave has not been properly designed. Its interface with the untrusted software stack is a perhaps the largest attack surface that adversaries can exploit; unintended interactions with untrusted code can expose the enclave to memory corruption attacks, for instance. In this paper, we propose a notion of an orderly enclave which splits its behaviour into the following execution phases: entry, secure, ocall, and exit. Each of them imposes a set of restrictions that enforce a particular policy of access to untrusted memory and, in some cases, sanitisation conditions. A violation of these policies and conditions might indicate an undesired interaction with untrusted data/code or a lack of sanitisation, both of which can be harnessed to perpetrate attacks against the enclave. We also introduce Guardian: a tool that uses symbolic execution to carry out the validation of an enclave against our notion of an orderly enclave; in this process, it also looks for some other typical attack primitives. We discuss how our approach can prevent and flag enclave vulnerabilities that have been identified in the literature. Moreover, we have evaluated how our approach fares in the analysis of some enclave samples. In this process, Guardian identified some security issues previously undetected in some of these samples that were acknowledged and fixed by the corresponding maintainers. CCS CONCEPTS • Security and privacy → Hardware security implementation; Software security engineering.

Download