Paper Info
Title
SGXBOUNDS: Memory Safety for Shielded Execution.
Abstract
Shielded execution based on Intel SGX provides strong security guarantees for legacy applications running on untrusted platforms. However, memory safety attacks such as Heartbleed can render the confidentiality and integrity properties of shielded execution completely ineffective. To prevent these attacks, the state-of-the-art memory-safety approaches can be used in the context of shielded execution. In this work, we first showcase that two prominent software- and hardware-based defenses, AddressSanitizer and Intel MPX respectively, are impractical for shielded execution due to high performance and memory overheads. This motivated our design of SGXBounds---an efficient memory-safety approach for shielded execution exploiting the architectural features of Intel SGX. Our design is based on a simple combination of tagged pointers and compact memory layout. We implemented SGXBounds based on the LLVM compiler framework targeting unmodified multithreaded applications. Our evaluation using Phoenix, PARSEC, and RIPE benchmark suites shows that SGXBounds has performance and memory overheads of 17% and 0.1% respectively, while providing security guarantees similar to AddressSanitizer and Intel MPX. We have obtained similar results with SPEC CPU2006 and four real-world case studies: SQLite, Memcached, Apache, and Nginx.
Year
DOI
Venue
2017
10.1145/3064176.3064192
EuroSys
Field
DocType
Citations 
Tagged pointer,Heartbleed,Memory safety,Parsec,AddressSanitizer,Computer science,Intel MPX,Compiler,Spec#,Operating system,Embedded system
Conference
20
PageRank 
References 
Authors
0.79
50
7
Name
Order
Citations
PageRank
Dmitrii Kuvaiskii1586.42
Oleksii Oleksenko2413.50
Sergei Arnautov3956.55
Bohdan Trach4844.18
Pramod Bhatotia541428.94
Pascal A. Felber6108669.47
Christof Fetzer72429172.89