{"id":645018,"date":"2020-03-23T09:38:54","date_gmt":"2020-03-23T16:38:54","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-research-item&#038;p=645018"},"modified":"2020-03-23T09:38:54","modified_gmt":"2020-03-23T16:38:54","slug":"panoply-low-tcb-linux-applications-with-sgx-enclaves-2","status":"publish","type":"msr-research-item","link":"https:\/\/www.microsoft.com\/en-us\/research\/publication\/panoply-low-tcb-linux-applications-with-sgx-enclaves-2\/","title":{"rendered":"Panoply: Low-TCB Linux Applications With SGX Enclaves"},"content":{"rendered":"<p>Intel SGX, a new security capability in emerging<br \/>\nCPUs, allows user-level application code to execute in hardware isolated<br \/>\nenclaves. Enclave memory is isolated from all other<br \/>\nsoftware on the system, even from the privileged OS or hypervisor.<br \/>\nWhile being a promising hardware-rooted building block,<br \/>\nenclaves have severely limited capabilities, such as no native<br \/>\naccess to system calls and standard OS abstractions. These OS<br \/>\nabstractions are used ubiquitously in real-world applications.<br \/>\nIn this paper, we present a new system called PANOPLY which<br \/>\nbridges the gap between the SGX-native abstractions and the<br \/>\nstandard OS abstractions which feature-rich, commodity Linux<br \/>\napplications require. PANOPLY provides a new abstraction called a<br \/>\nmicro-container (or a \u201cmicron\u201d), which is a unit of code and data<br \/>\nisolated in SGX enclaves. Microns expose the standard POSIX<br \/>\nabstractions to application logic, including access to filesystems,<br \/>\nnetwork, multi-threading, multi-processing and thread synchronization<br \/>\nprimitives. Further, PANOPLY enforces a strong integrity<br \/>\nproperty for the inter-enclave interactions, ensuring that the<br \/>\nexecution of the application follows the legitimate control and<br \/>\ndata-flow even if the OS misbehaves. Thus, commodity Linux<br \/>\napplications can enhance security by splitting their application<br \/>\nlogic in one or more microns, or by importing micron-libraries,<br \/>\nwith little effort. In contrast to previous systems that enable<br \/>\ncomparable richness, PANOPLY offers two orders of magnitude<br \/>\nlower TCB (about 20 KLOC in total), more than half of which<br \/>\nis boiler-plate and can be automatically verified in the future.<br \/>\nWe demonstrate how PANOPLY enables much stronger security<br \/>\nin 4 real-world applications \u2014 including Tor, OpenSSL, and web<br \/>\nservices \u2014 which can base security on hardware-root of trust.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intel SGX, a new security capability in emerging CPUs, allows user-level application code to execute in hardware isolated enclaves. Enclave memory is isolated from all other software on the system, even from the privileged OS or hypervisor. While being a promising hardware-rooted building block, enclaves have severely limited capabilities, such as no native access to [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"footnotes":""},"msr-content-type":[3],"msr-research-highlight":[],"research-area":[13558],"msr-publication-type":[193716],"msr-product-type":[],"msr-focus-area":[],"msr-platform":[],"msr-download-source":[],"msr-locale":[268875],"msr-field-of-study":[],"msr-conference":[],"msr-journal":[],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-645018","msr-research-item","type-msr-research-item","status-publish","hentry","msr-research-area-security-privacy-cryptography","msr-locale-en_us"],"msr_publishername":"","msr_edition":"","msr_affiliation":"","msr_published_date":"2017-3","msr_host":"","msr_duration":"","msr_version":"","msr_speaker":"","msr_other_contributors":"","msr_booktitle":"","msr_pages_string":"","msr_chapter":"","msr_isbn":"","msr_journal":"","msr_volume":"","msr_number":"","msr_editors":"","msr_series":"","msr_issue":"","msr_organization":"","msr_how_published":"","msr_notes":"","msr_highlight_text":"","msr_release_tracker_id":"","msr_original_fields_of_study":"","msr_download_urls":"","msr_external_url":"","msr_secondary_video_url":"","msr_longbiography":"","msr_microsoftintellectualproperty":0,"msr_main_download":"","msr_publicationurl":"","msr_doi":"","msr_publication_uploader":[{"type":"url","viewUrl":"false","id":"false","title":"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2019\/03\/panoply_ndss17.pdf","label_id":"243109","label":0}],"msr_related_uploader":"","msr_attachments":[],"msr-author-ordering":[{"type":"text","value":"Shweta Shinde, Dat Le Tien","user_id":0,"rest_url":false},{"type":"edited_text","value":"Shruti Tople","user_id":39003,"rest_url":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/microsoft-research\/v1\/researchers?person=Shruti Tople"},{"type":"text","value":"Prateek Saxena","user_id":0,"rest_url":false}],"msr_impact_theme":[],"msr_research_lab":[],"msr_event":[],"msr_group":[],"msr_project":[],"publication":[],"video":[],"download":[],"msr_publication_type":"inproceedings","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/645018"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-research-item"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/645018\/revisions"}],"predecessor-version":[{"id":645021,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/645018\/revisions\/645021"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=645018"}],"wp:term":[{"taxonomy":"msr-content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-content-type?post=645018"},{"taxonomy":"msr-research-highlight","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-highlight?post=645018"},{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=645018"},{"taxonomy":"msr-publication-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-publication-type?post=645018"},{"taxonomy":"msr-product-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-product-type?post=645018"},{"taxonomy":"msr-focus-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-focus-area?post=645018"},{"taxonomy":"msr-platform","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-platform?post=645018"},{"taxonomy":"msr-download-source","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-download-source?post=645018"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=645018"},{"taxonomy":"msr-field-of-study","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-field-of-study?post=645018"},{"taxonomy":"msr-conference","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-conference?post=645018"},{"taxonomy":"msr-journal","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-journal?post=645018"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=645018"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=645018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}