rust sgx sdk: towards memory safety in intel sgx · 2020-05-26 · • memory safety guarantees •...

Yu Ding, Ran Duan , Long Li , Yueqiang Cheng , Lenx Wei

Rust SGX SDK: Towards Memory Safety in Intel SGX

CONTENTS

Why SGX？

PART ONE

1

Why Rust？

PART TWO

2

Rust SGX SDK

PART THREE

3

PART 1Why SGX？

Why SGX

War in memory

• Ring3vsRing0• Ring0vsHypervisor(Ring-1)• HypervisorvsSMM(Ring-2)• SMMvsAMT/ME(Ring-3)

Why SGX

War in memory

Why SGX

Hardwarebasedtrustedexecutionenvironment

• IntelSystemManagementMode• IntelManagementEngine• TrustedPlatformModule(TPM)• AMDPlatformSecurityProcessor• DRTM(DynamicRootofTrustforMeasurement)• ARMTrustzone• IntelTrustedExecutionTechnology• IntelSGX

Why SGX：Memory Encryption Engine

WithoutSGX SGXEnforced

Figures are from Intel ISCA'15 SGX Turtorial

Why SGX：Root of Trust

• HardwareEnforcedSecurity:MEE• RemoteAttestationSupport:BuildtrustwithIntel• DataSealing:Transfer/storedata

PART 2Why Rust？

• Guaranteesmemorysafety• Nodataracing• Blazinglyfast

EndorsedbyMozilla,competingwithGoandSwift

MasterpiecesinRust• Redox:ARustOperatingSystemhttps://www.redox-os.org• TheServoBrowserEnginehttps://servo.org

Why Rust：Rust Programming Language

Why Rust：Excellent Performance

Why Rust：Strong Checkers

• Borrow、Ownership、Lifetime

fn main() {

let a = String::from("book"); // a owns "book"

let b = a; // transfer ownership

println!("a = {}", a); // Error! a is not owner

}

• “Onewriter,ormultiplereader”guaranteedbyRust• Keepeachvariable'sownership、lifetimeinmind

—Fightagainstborrowchecker

PART 3Rust SGX SDK

• Privatekeys• Userprivacy(healthdata/personaldataetc.)• RawBlu-rayvideostream• DRMenforcement

IntelSGXisdesignedtoprotectsecretdata

SGX Needs Memory Safety Guarantees

But,onlyC/C++ SDKisavailable.ShouldbeveryveryverycarefulwhenwritingSGXenclavesinC/C++• Bufferoverflow… Yes!• Return-oriented-programming… Yes!• Use-after-free… Yes!• Dataracing… Yes!

Memorybugsareexploitable!

IntelSGXEnclave

UnauthorizedMemAccess

MalformedInput

• Memorycorruptionvulnerabilityisexploitable• Codeneedstobeaudited

CodeinTrustedExecutionEnginemaybevulnerable

SGX Needs Memory Safety Guarantees

• Providebestsecurityguarantees• ProvidelatestSGXAPIsbyIntel

TobetterprotectsecretsinSGX,weneedmemorysafety

OurSolution:IntelSGX+RustProgrammingLanguage

• UseIntelSGXfordataprotection• DevelopIntelSGXenclavesinRust• DevelopIntelSGXuntrustedcomponentsinRust*• More details in https://github.com/baidu/rust-sgx-sdk

• Memorysafetyguarantees• Goodfunctionality

Goals

Hybrid Memory-Safe Architecture: Rules-of-thumb

• IntelSGXlibraryiswritteninC/C++

Challenges

Memorysafetyrule-of-thumbforhybridmemory-safearchitecturedesigning1. Unsafecomponentsshouldbeappropriatelyisolatedandmodularized,

andthesizeshouldbesmall(orminimized).2. Unsafecomponentsshouldnotweakenthesafe,especially,publicAPIs

anddatastructures.3. Unsafecomponentsshouldbeclearlyidentifiedandeasilyupgraded.

Overview without Rust SGX SDK

SGXcontextswitch

EnclaveECALLGATEECALLGATEECALLGATE

OCALLGATEOCALLGATEOCALLGATE

Untrusted

ocall(bar)

ecall(foo)

Rust SGX SDK：v0.1.0, v0.2.0

SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)

Rust SGX SDK：v0.9.0

SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)

Rust SGX SDK：An Overview

Rust SGX SDK：Hello the world

• Untrustedpart

• Enclave


SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)


SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)

EDLFile

Rust SGX SDK：Partition

Question:WhichpartofaprogramshouldbeinsideSGXenclave?• Decryption/Encryptionusingprivatekey• Sealdata/Unsealdata• Analysisonsecretdata• …

However,mostSGXdevelopersarenotSGXexperts,notexperiencedinpartitionanSGXapp.

Good and NG Examplesnode-secureworker, wolfSSL SGX Samples

• In-enclave DukTape Javascript engine• Remote Attestation on bootstrap• Seal all outputs

Node-secureworker [GOOD]

• In-enclave SSL connection• Pass in-enclave pointer as argument

WolfSSL SGX Sample [NG]

WOLFSSL* enc_wolfSSL_new([user_check] WOLFSSL_CTX* ctx);

Tamper the ctx pointer may:1) misguide app2) cause DOS

Rust SGX SDK：Partition by SDK

OurGoals

• Partitionbasiclibrariescorrectly• Provideaneasy-to-useinterface• LetdevelopersfeeleasyinprogrammingIntelSGXenclaves

Rust SGX SDK：Short summary

1. The MemorysafetyisnecessarytoIntelSGXenclaves.

2. RustSGXSDKisvaluableandpromising• AllowstoprogrammingIntelSGXEnclavesinRust.• Intendstobuildupahybridmemory-safearchitecturewithRustand

IntelSGXlibraries.• Providesaseriesofcrates(libraries),suchasRust-stylestd,alloc etc,

andIntel-SGX-stylecrypto,seal,protected_fs etc.• Partitionsthebasiclibrariescorrectly.

ChallengesWhat we do?

Intel SGX : Limitations

Dynamicloading?NO!Staticlinking!

Systemcall?NO!Weneedpartition!

Threadingmodel?Different!Redefinethread/sync!

Exception/Signal?New!Reimplement exception/signal!

CPUIDinstruction?NOinSGXv1RDTSCinstruction?NOinSGXv1

Rust SGX SDK : Dependency

Rustbinariesdependsonlibc bydefault(linux-x86_64,dynamicloading)

Intelprovidesstatictrustedlibc (tlibc.a)forIntelSGXenclave• SGXfeaturesareprovidedinotherstaticlibraries

RustSGXSDKstaticallylinktoIntelSGXlibraries

Rust SGX SDK : Partition and Interacting with OS

SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)


SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)

OCALLFeaturefunction


SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)


FeaturefunctiondefinitioninEDL

Rust SGX SDK : Partition and Interaction with OS

SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)


FeaturefunctiondefinitioninEDL RuststyleAPI

Rust SGX SDK : Partition and Interaction with OSInenclavesource• println!(”Hello QConf!”);

Insgx_tstd,macroareexpandedandinvokeio API:• println! => print! => sgx_tstd::io::_print()

sgx_tstd::io maintainsaglobalStdout objectandmakesitaLineWriter• fn stdout_init() -> Arc<SgxReentrantMutex<RefCell<LineWriter<Maybe<StdoutRaw>>>>>

StdoutRaw isawrapperstructureofsgx_tstd::sys::Stdoutimpl Stdout {

pub fn write(&self, data: &[u8]) -> io::Result<usize> {…u_stdout_ocall(&mut result as * mut isize as * mut usize, data.as_ptr() as * const c_void,cmp::min(data.len(), max_len()))};

Rust SGX SDK : Partition and Interaction with OSInenclavesource• println!(”Hello QConf!”);

Insgx_tstd,macroareexpandedandinvokeio API:• println! => print! => sgx_tstd::io::_print()

sgx_tstd::io maintainsaglobalStdout objectandmakesitaLineWriter• fn stdout_init() -> Arc<SgxReentrantMutex<RefCell<LineWriter<Maybe<StdoutRaw>>>>>

StdoutRaw isawrapperstructureofsgx_tstd::sys::Stdoutimpl Stdout {

pub fn write(&self, data: &[u8]) -> io::Result<usize> {…u_stdout_ocall(&mut result as * mut isize as * mut usize, data.as_ptr() as * const c_void,cmp::min(data.len(), max_len()))};

DefinedinEDLfile


FeaturefunctiondefinitioninEDLfilestdio.edlenclave {

untrusted {size_t u_stdin_ocall([out, size=nbytes] void *buf, size_t nbytes); size_t u_stdout_ocall([in, size=nbytes] const void *buf, size_t nbytes);size_t u_stderr_ocall([in, size=nbytes] const void *buf, size_t nbytes);

};};

UntrustedRun-timelibrarysgx_urts implementsthefeaturefunctions

#[no_mangle]pub extern "C" fn u_stdout_ocall(buf: * const libc::c_void, nbytes: libc::size_t) -> libc::size_t{

unsafe { libc::write(libc::STDOUT_FILENO, buf, nbytes) as libc::size_t}}


SGXcontextswitch



Untrusted

ocall(bar)

ecall(foo)

u_stdout_ocall u_stdout_ocall

println!

Rust SGX SDK : Threading by Sample

LinuxThreadLinuxThreadLinuxThread

SGXEnclave

SGXThread

SGXworkerfunction

SGXThread

SGXworkerfunction

SGXThread

SGXworkerfunction

SGXGlobalDataStructures

UserSpace

KernelSpacetask_struct task_struct task_struct ksgxswpdtask

SGXCore

SGXCore

SGXCore Core CPU

“Re-entry”usingTCSpool

TCSPolicy• BOUND vsUNBOUND

TCSNUM• MaxSGXTCSnumber

Rust SGX SDK：Major Differences

Rust IntelSGXinC RustSGX

MutexMutex::new(0);

sgx_thread_mutex_tstruct{sgx_thread_mutex_tmutex;uint32_tn;};

SgxMutexSgxMutex::new(0);

ThreadPosixThread

"Re-entry"Bound:sticktopthreadUnbound:randompick

"Re-entry"Bound:sticktopthreadUnbound:randompick

Thread-LocalStorageThreadLocal::new();ctor/dtorsupported

get_thread_data()BOUND:noctor/dtor

UNBOUND:noctor/dtor

thread_local!BOUND:ctor/dtor

UNBOUND:noctor/dtor

Rust SGX SDK：Exceptions and Signals

ExceptionHandling• Implement panic-unwindmechanism

• UnwindsafelyinRuststyle• Implementstackbacktrace mechanism

• (optional)DumpcallstackonpanickingSignals• IntelSGX:AEXmechanism,exceptionhandlerregistration• RustSGXSDK

• Re-exporthandler_register andhandler_unregister function• Providehandlerstosomesigs

• CPUID/RDTSCetc

How to use?It's easy!

• Mostofstd'sfeaturesaresupported.• Partiallysupportofstd::fs,std::os,std::path,std::sync,std::thread• Nosupportofstd::env,std::net,std::process,std::time

std=>sgx_tstd

Rust SGX SDK：Features

IntelSGXrelatedlibraries• sgx_tcrypto,sgx_tdh,sgx_tkey_exchange,sgx_tprotected_fs,sgx_trts,sgx_tse,sgx_tseal,

sgx_tservice

Ruststylelibraries• sgx_alloc,sgx_rand,sgx_serialize,sgx_tunittest,sgx_types

Supportivelibrariesinuntrustedworld• sgx_ubacktrace,sgx_urts,sgx_ustdio

Rust SGX SDK：Porting Rust Crates to Intel SGX

1.AdddependencyinCargo.tomlsgx_tstd = { path = "path/to/sgx_tstd" }

2.Changetoano_stdenvironmentinlib.rs#[no_std]

3.Includesgx_tstd innamespaceofstdextern crate sgx_tstd as std;

4.FixallincompatibleusageMutex => SgxMutex

5.Usesgx_tstd asusualuse std::vec::Vec;

ReplacedependencyofRust'sstdtosgx_tstd

Rust SGX SDK：An Easy-to-use SDK

• Shippedwithadockerimage

—docker pull baiduxlab/sgx-rust

• CompleteRust-styledocuments

— https://dingelish.github.io/

• Richcodesamples—hello-rust, file, backtrace, hugemem(31.75GB), local attestation, remote attestation, data sealing, serialization, threading, unit testing, 3rd party code samples

• SupportlatestIntelSGXSDK(v1.9)• SupportlatestRustnightlybuild• Abetterchoicethansgx-utils(libenclave)

Rust SGX SDK：Now and Future

• RecommendedbyIntel,adoptedbychain.com

FrenchAlternativeEnergiesandAtomicEnergyCommission(CEA)winsiDash’17competitionusingRustSGXSDK

Rust SGX SDK：Now and Future

• Future

• Newtarget:x86_64-unknown-linux_sgx• Supportruststyle#[test]• std::net• std::time• PortingRust'sringtoSGX• PortingRust'srustlstoSGX

• GettingHot!

rust sgx sdk: towards memory safety in intel sgx · 2020-05-26 · • memory safety guarantees •...

Documents