Yu Ding, Ran Duan , Long Li , Yueqiang Cheng , Lenx Wei
Rust SGX SDK: Towards Memory Safety in Intel SGX
CONTENTS
Why SGX?
PART ONE
1
Why Rust?
PART TWO
2
Rust SGX SDK
PART THREE
3
PART 1Why SGX?
Why SGX
War in memory
• Ring3vsRing0• Ring0vsHypervisor(Ring-1)• HypervisorvsSMM(Ring-2)• SMMvsAMT/ME(Ring-3)
Why SGX
War in memory
Why SGX
Hardwarebasedtrustedexecutionenvironment
• IntelSystemManagementMode• IntelManagementEngine• TrustedPlatformModule(TPM)• AMDPlatformSecurityProcessor• DRTM(DynamicRootofTrustforMeasurement)• ARMTrustzone• IntelTrustedExecutionTechnology• IntelSGX
Why SGX:Memory Encryption Engine
WithoutSGX SGXEnforced
Figures are from Intel ISCA'15 SGX Turtorial
Why SGX:Root of Trust
• HardwareEnforcedSecurity:MEE• RemoteAttestationSupport:BuildtrustwithIntel• DataSealing:Transfer/storedata
PART 2Why Rust?
• Guaranteesmemorysafety• Nodataracing• Blazinglyfast
EndorsedbyMozilla,competingwithGoandSwift
MasterpiecesinRust• Redox:ARustOperatingSystemhttps://www.redox-os.org• TheServoBrowserEnginehttps://servo.org
Why Rust:Rust Programming Language
Why Rust:Excellent Performance
Why Rust:Strong Checkers
• Borrow、Ownership、Lifetime
fn main() {
let a = String::from("book"); // a owns "book"
let b = a; // transfer ownership
println!("a = {}", a); // Error! a is not owner
}
• “Onewriter,ormultiplereader”guaranteedbyRust• Keepeachvariable'sownership、lifetimeinmind
—Fightagainstborrowchecker
PART 3Rust SGX SDK
• Privatekeys• Userprivacy(healthdata/personaldataetc.)• RawBlu-rayvideostream• DRMenforcement
IntelSGXisdesignedtoprotectsecretdata
SGX Needs Memory Safety Guarantees
But,onlyC/C++ SDKisavailable.ShouldbeveryveryverycarefulwhenwritingSGXenclavesinC/C++• Bufferoverflow… Yes!• Return-oriented-programming… Yes!• Use-after-free… Yes!• Dataracing… Yes!
Memorybugsareexploitable!
IntelSGXEnclave
UnauthorizedMemAccess
MalformedInput
• Memorycorruptionvulnerabilityisexploitable• Codeneedstobeaudited
CodeinTrustedExecutionEnginemaybevulnerable
SGX Needs Memory Safety Guarantees
• Providebestsecurityguarantees• ProvidelatestSGXAPIsbyIntel
TobetterprotectsecretsinSGX,weneedmemorysafety
OurSolution:IntelSGX+RustProgrammingLanguage
• UseIntelSGXfordataprotection• DevelopIntelSGXenclavesinRust• DevelopIntelSGXuntrustedcomponentsinRust*• More details in https://github.com/baidu/rust-sgx-sdk
• Memorysafetyguarantees• Goodfunctionality
Goals
Hybrid Memory-Safe Architecture: Rules-of-thumb
• IntelSGXlibraryiswritteninC/C++
Challenges
Memorysafetyrule-of-thumbforhybridmemory-safearchitecturedesigning1. Unsafecomponentsshouldbeappropriatelyisolatedandmodularized,
andthesizeshouldbesmall(orminimized).2. Unsafecomponentsshouldnotweakenthesafe,especially,publicAPIs
anddatastructures.3. Unsafecomponentsshouldbeclearlyidentifiedandeasilyupgraded.
Overview without Rust SGX SDK
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK:v0.1.0, v0.2.0
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK:v0.9.0
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK:An Overview
Rust SGX SDK:Hello the world
• Untrustedpart
• Enclave
Rust SGX SDK:v0.9.0
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK:v0.9.0
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK:v0.9.0
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK:v0.9.0
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK:v0.9.0
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
EDLFile
Rust SGX SDK:Partition
Question:WhichpartofaprogramshouldbeinsideSGXenclave?• Decryption/Encryptionusingprivatekey• Sealdata/Unsealdata• Analysisonsecretdata• …
However,mostSGXdevelopersarenotSGXexperts,notexperiencedinpartitionanSGXapp.
Good and NG Examplesnode-secureworker, wolfSSL SGX Samples
• In-enclave DukTape Javascript engine• Remote Attestation on bootstrap• Seal all outputs
Node-secureworker [GOOD]
• In-enclave SSL connection• Pass in-enclave pointer as argument
WolfSSL SGX Sample [NG]
WOLFSSL* enc_wolfSSL_new([user_check] WOLFSSL_CTX* ctx);
Tamper the ctx pointer may:1) misguide app2) cause DOS
Rust SGX SDK:Partition by SDK
OurGoals
• Partitionbasiclibrariescorrectly• Provideaneasy-to-useinterface• LetdevelopersfeeleasyinprogrammingIntelSGXenclaves
Rust SGX SDK:Short summary
1. The MemorysafetyisnecessarytoIntelSGXenclaves.
2. RustSGXSDKisvaluableandpromising• AllowstoprogrammingIntelSGXEnclavesinRust.• Intendstobuildupahybridmemory-safearchitecturewithRustand
IntelSGXlibraries.• Providesaseriesofcrates(libraries),suchasRust-stylestd,alloc etc,
andIntel-SGX-stylecrypto,seal,protected_fs etc.• Partitionsthebasiclibrariescorrectly.
ChallengesWhat we do?
Intel SGX : Limitations
Dynamicloading?NO!Staticlinking!
Systemcall?NO!Weneedpartition!
Threadingmodel?Different!Redefinethread/sync!
Exception/Signal?New!Reimplement exception/signal!
CPUIDinstruction?NOinSGXv1RDTSCinstruction?NOinSGXv1
Rust SGX SDK : Dependency
Rustbinariesdependsonlibc bydefault(linux-x86_64,dynamicloading)
Intelprovidesstatictrustedlibc (tlibc.a)forIntelSGXenclave• SGXfeaturesareprovidedinotherstaticlibraries
RustSGXSDKstaticallylinktoIntelSGXlibraries
Rust SGX SDK : Partition and Interacting with OS
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
Rust SGX SDK : Partition and Interacting with OS
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
OCALLFeaturefunction
Rust SGX SDK : Partition and Interacting with OS
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
OCALLFeaturefunction
FeaturefunctiondefinitioninEDL
Rust SGX SDK : Partition and Interaction with OS
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
OCALLFeaturefunction
FeaturefunctiondefinitioninEDL RuststyleAPI
Rust SGX SDK : Partition and Interaction with OSInenclavesource• println!(”Hello QConf!”);
Insgx_tstd,macroareexpandedandinvokeio API:• println! => print! => sgx_tstd::io::_print()
sgx_tstd::io maintainsaglobalStdout objectandmakesitaLineWriter• fn stdout_init() -> Arc<SgxReentrantMutex<RefCell<LineWriter<Maybe<StdoutRaw>>>>>
StdoutRaw isawrapperstructureofsgx_tstd::sys::Stdoutimpl Stdout {
pub fn write(&self, data: &[u8]) -> io::Result<usize> {…u_stdout_ocall(&mut result as * mut isize as * mut usize, data.as_ptr() as * const c_void,cmp::min(data.len(), max_len()))};
Rust SGX SDK : Partition and Interaction with OSInenclavesource• println!(”Hello QConf!”);
Insgx_tstd,macroareexpandedandinvokeio API:• println! => print! => sgx_tstd::io::_print()
sgx_tstd::io maintainsaglobalStdout objectandmakesitaLineWriter• fn stdout_init() -> Arc<SgxReentrantMutex<RefCell<LineWriter<Maybe<StdoutRaw>>>>>
StdoutRaw isawrapperstructureofsgx_tstd::sys::Stdoutimpl Stdout {
pub fn write(&self, data: &[u8]) -> io::Result<usize> {…u_stdout_ocall(&mut result as * mut isize as * mut usize, data.as_ptr() as * const c_void,cmp::min(data.len(), max_len()))};
DefinedinEDLfile
Rust SGX SDK : Partition and Interaction with OS
FeaturefunctiondefinitioninEDLfilestdio.edlenclave {
untrusted {size_t u_stdin_ocall([out, size=nbytes] void *buf, size_t nbytes); size_t u_stdout_ocall([in, size=nbytes] const void *buf, size_t nbytes);size_t u_stderr_ocall([in, size=nbytes] const void *buf, size_t nbytes);
};};
UntrustedRun-timelibrarysgx_urts implementsthefeaturefunctions
#[no_mangle]pub extern "C" fn u_stdout_ocall(buf: * const libc::c_void, nbytes: libc::size_t) -> libc::size_t{
unsafe { libc::write(libc::STDOUT_FILENO, buf, nbytes) as libc::size_t}}
Rust SGX SDK : Partition and Interaction with OS
SGXcontextswitch
EnclaveECALLGATEECALLGATEECALLGATE
OCALLGATEOCALLGATEOCALLGATE
Untrusted
ocall(bar)
ecall(foo)
u_stdout_ocall u_stdout_ocall
println!
Rust SGX SDK : Threading by Sample
LinuxThreadLinuxThreadLinuxThread
SGXEnclave
SGXThread
SGXworkerfunction
SGXThread
SGXworkerfunction
SGXThread
SGXworkerfunction
SGXGlobalDataStructures
UserSpace
KernelSpacetask_struct task_struct task_struct ksgxswpdtask
SGXCore
SGXCore
SGXCore Core CPU
“Re-entry”usingTCSpool
TCSPolicy• BOUND vsUNBOUND
TCSNUM• MaxSGXTCSnumber
Rust SGX SDK:Major Differences
Rust IntelSGXinC RustSGX
MutexMutex::new(0);
sgx_thread_mutex_tstruct{sgx_thread_mutex_tmutex;uint32_tn;};
SgxMutexSgxMutex::new(0);
ThreadPosixThread
"Re-entry"Bound:sticktopthreadUnbound:randompick
"Re-entry"Bound:sticktopthreadUnbound:randompick
Thread-LocalStorageThreadLocal::new();ctor/dtorsupported
get_thread_data()BOUND:noctor/dtor
UNBOUND:noctor/dtor
thread_local!BOUND:ctor/dtor
UNBOUND:noctor/dtor
Rust SGX SDK:Exceptions and Signals
ExceptionHandling• Implement panic-unwindmechanism
• UnwindsafelyinRuststyle• Implementstackbacktrace mechanism
• (optional)DumpcallstackonpanickingSignals• IntelSGX:AEXmechanism,exceptionhandlerregistration• RustSGXSDK
• Re-exporthandler_register andhandler_unregister function• Providehandlerstosomesigs
• CPUID/RDTSCetc
How to use?It's easy!
• Mostofstd'sfeaturesaresupported.• Partiallysupportofstd::fs,std::os,std::path,std::sync,std::thread• Nosupportofstd::env,std::net,std::process,std::time
std=>sgx_tstd
Rust SGX SDK:Features
IntelSGXrelatedlibraries• sgx_tcrypto,sgx_tdh,sgx_tkey_exchange,sgx_tprotected_fs,sgx_trts,sgx_tse,sgx_tseal,
sgx_tservice
Ruststylelibraries• sgx_alloc,sgx_rand,sgx_serialize,sgx_tunittest,sgx_types
Supportivelibrariesinuntrustedworld• sgx_ubacktrace,sgx_urts,sgx_ustdio
Rust SGX SDK:Porting Rust Crates to Intel SGX
1.AdddependencyinCargo.tomlsgx_tstd = { path = "path/to/sgx_tstd" }
2.Changetoano_stdenvironmentinlib.rs#[no_std]
3.Includesgx_tstd innamespaceofstdextern crate sgx_tstd as std;
4.FixallincompatibleusageMutex => SgxMutex
5.Usesgx_tstd asusualuse std::vec::Vec;
ReplacedependencyofRust'sstdtosgx_tstd
Rust SGX SDK:An Easy-to-use SDK
• Shippedwithadockerimage
—docker pull baiduxlab/sgx-rust
• CompleteRust-styledocuments
— https://dingelish.github.io/
• Richcodesamples—hello-rust, file, backtrace, hugemem(31.75GB), local attestation, remote attestation, data sealing, serialization, threading, unit testing, 3rd party code samples
• SupportlatestIntelSGXSDK(v1.9)• SupportlatestRustnightlybuild• Abetterchoicethansgx-utils(libenclave)
Rust SGX SDK:Now and Future
• RecommendedbyIntel,adoptedbychain.com
FrenchAlternativeEnergiesandAtomicEnergyCommission(CEA)winsiDash’17competitionusingRustSGXSDK
Rust SGX SDK:Now and Future
• Future
• Newtarget:x86_64-unknown-linux_sgx• Supportruststyle#[test]• std::net• std::time• PortingRust'sringtoSGX• PortingRust'srustlstoSGX
• GettingHot!