Towards Memory Safe Enclave Programming with Rust-SGX

less than 1 minute read

Published:

Reading notes of (CCS’19) Towards Memory Safe Enclave Programming with Rust-SGX.

Background

Current TEE (like Intel SGX) does not terminate traditional memory corruption vulnerabilities. ASLR does not eliminate memory attack.

Biondo: “SGX runtime inherently contains memory regions whose addresses are fixed.”

Contribution

Rust-SGX makes SGX software memory safe and less than 5% overhead.

Threat-Model

Rust-SGX shares the same threat model as does Intel SGX.

Challenges

  • Port SGX APIs
  • Unwanted Rust features: unsafe and FFI
  • Inevitable assembly codes

Techniques

  • To achieve safe memory management, a high-level wrapper for all C/C++ SGX data structure allocated on the heap is introduced. Therefore, releasing of C/C++ objects is delegated to the lifetime semantics of Rust.
  • Defines conversion semantics to achieve safe memory access of C/C++ objects. These conversion are implemented within Rust type systems.
  • Rust trait ContiguousMemory to enable safe memory access of raw bytes in Rust-SGX.

Insights

  • Will Rust finally eliminate all memory corruption? Perhaps.
  • Languages have been proved to be a choice to achieve more secure systems.

You May Also Enjoy

ARM Permission Indirection

3 minute read

Published:

In 2022, ARM introduced a new way to control memory permissions. Instead of directly encoding the permission in the Translation Table Entry (TTE), fields in the TTEs are used to index into an array of permissions specified in a register. This indirection provides greater flexibility, greater encoding density and enables the representation of new permissions.

Build Kernel Module from a Customized Kernel

1 minute read

Published:

In recent projects, we need to hack on Linux Kernel with various customization on multiple architectures. However, common distros like Fedora/Debian/Centos will not provide compatible kernel development headers (staffs under /lib/modules/$version) required by building kernel modules.

Run Debian in QEMU

3 minute read

Published:

One need we recently met was to directly trigger syscalls in QEMU. To achieve this, we have to run Linux with pre-installed dev tools such as vim and gcc, and most importantly, package managers like apt. Thanks to debootstrap, such a subsystem can be setup within minutes.

Faster Compression by zstd

less than 1 minute read

Published:

Recently I was required to transfer a bulk of data containing millions of sparse files, where the archive and compression algorithms became a must yet bottleneck to my server. A compression algorithm with full parallelism, zstd, can better address the problem. Some tips are recorded in post.