COSMIX: A compiler-based system for secure memory instrumentation and execution in Enclaves

Meni Orenbach, Yan Michalevsky, Christof Fetzer, Mark Silberstein

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Hardware secure enclaves are increasingly used to run complex applications. Unfortunately, existing and emerging enclave architectures do not allow secure and efficient implementation of custom page fault handlers. This limitation impedes in-enclave use of secure memory-mapped files and prevents extensions of the application memory layer commonly used in untrusted systems, such as transparent memory compression or access to remote memory. CoSMIX is a Compiler-based system for Secure Memory Instrumentation and eXecution of applications in secure enclaves. A novel memory store abstraction allows implementation of application-level secure page fault handlers that are invoked by a lightweight enclave runtime. The CoSMIX compiler instruments the application memory accesses to use one or more memory stores, guided by a global instrumentation policy or code annotations without changing application code. The CoSMIX prototype runs on Intel SGX and is compatible with popular SGX execution environments, including SCONE and Graphene. Our evaluation of several production applications shows how CoSMIX improves their security and performance by recompiling them with appropriate memory stores. For example, unmodified Redis and Memcached key-value stores achieve about 2× speedup by using a self-paging memory store while working on datasets up to 6× larger than the enclave’s secure memory. Similarly, annotating a single line of code in a biometric verification server changes it to store its sensitive data in Oblivious RAM and makes it resilient against SGX side-channel attacks.

Original languageEnglish
Title of host publicationProceedings of the 2019 USENIX Annual Technical Conference, USENIX ATC 2019
Pages555-570
Number of pages16
ISBN (Electronic)9781939133038
StatePublished - 2019
Event2019 USENIX Annual Technical Conference, USENIX ATC 2019 - Renton, United States
Duration: 10 Jul 201912 Jul 2019

Publication series

NameProceedings of the 2019 USENIX Annual Technical Conference, USENIX ATC 2019

Conference

Conference2019 USENIX Annual Technical Conference, USENIX ATC 2019
Country/TerritoryUnited States
CityRenton
Period10/07/1912/07/19

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'COSMIX: A compiler-based system for secure memory instrumentation and execution in Enclaves'. Together they form a unique fingerprint.

Cite this