Pridwen: Universally Hardening SGX Programs via Load-Time Synthesis
- Fan Sang ,
- Ming-Wei Shih ,
- Sangho Lee ,
- Xiaokuan Zhang ,
- Michael Steiner ,
- Mona Vij ,
- Taesoo Kim
2022 USENIX Annual Technical Conference (ATC 2022) |
A growing class of threats to Intel Software Guard Extensions (SGX) is Side-Channel Attacks (SCAs). As a response, numerous countermeasures have been proposed. However, it is hard to incorporate them to protect SGX programs against multiple SCAs simultaneously. A naïve combination of distinct countermeasures does not work in practice because some of them are 1) undeployable in target environments lacking dependent hardware features, 2) redundant if there are already defenses with similar functionalities, and 3) incompatible with each other by design or implementation. Identifying all of such conditions and preparing potential workarounds before deployment are challenging, primarily when an SGX program targets multiple platforms that abstract or manipulate their configurations.
PRIDWEN is a framework that selectively applies essential SCA countermeasures when loading an SGX program based on the configurations of the target execution platform. PRIDWEN allows a developer to deploy a program in the form of WebAssembly (Wasm). Upon receiving a Wasm binary, PRIDWEN probes the current hardware configuration, synthesizes a program (i.e., a native binary) with an optimal set of countermeasures, and validates the final binary. PRIDWEN supports both software-only and hardware-assisted countermeasures, and our evaluations show PRIDWEN efficiently, faithfully synthesizes multiple benchmark programs and real-world applications while securing them against multiple SCAs.