TY - GEN
T1 - Privagic
T2 - 25th ACM International Middleware Conference, Middleware 2024
AU - Tanigassalame, Subashiny
AU - Pipereau, Yohan
AU - Chader, Adam
AU - Toljaga, Jana
AU - Thomas, Gaël
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/12/2
Y1 - 2024/12/2
N2 - Partitioning a multi-threaded application between a secure and a non-secure memory zone remains a challenge. The current tools rely on data flow analysis techniques, which are unable to handle multi-threaded C or C++ applications. To avoid this limitation, we propose to trade the ease-of-use of data flow analysis for another language construct: explicit secure typing. With secure typing, as with data flow analysis, the developer annotates memory locations that contain sensitive values. However, instead of analyzing how the sensitive values flow, we propose to use these annotations to only check typing rules, such as ensuring that the code never stores a sensitive value in an unsafe memory location. By avoiding data flow analysis, the developer has to annotate more memory locations, but the partitioning tool can handle multi-threaded C and C++ applications. We implemented our explicit secure typing principle in a compiler named Privagic. Privagic takes a legacy application enriched with secure types as input. It outputs an application partitioned for Intel SGX. Our evaluation with micro- and macro-applications shows that (i) explicit secure typing can handle multi-threaded C and C++ applications, (ii) adding explicit secure types requires a modest engineering effort of less than 10 modified lines of codes in our use cases, (iii) using explicit secure typing is more efficient than embedding a complete application in an enclave both in terms of performance and security in our use cases.
AB - Partitioning a multi-threaded application between a secure and a non-secure memory zone remains a challenge. The current tools rely on data flow analysis techniques, which are unable to handle multi-threaded C or C++ applications. To avoid this limitation, we propose to trade the ease-of-use of data flow analysis for another language construct: explicit secure typing. With secure typing, as with data flow analysis, the developer annotates memory locations that contain sensitive values. However, instead of analyzing how the sensitive values flow, we propose to use these annotations to only check typing rules, such as ensuring that the code never stores a sensitive value in an unsafe memory location. By avoiding data flow analysis, the developer has to annotate more memory locations, but the partitioning tool can handle multi-threaded C and C++ applications. We implemented our explicit secure typing principle in a compiler named Privagic. Privagic takes a legacy application enriched with secure types as input. It outputs an application partitioned for Intel SGX. Our evaluation with micro- and macro-applications shows that (i) explicit secure typing can handle multi-threaded C and C++ applications, (ii) adding explicit secure types requires a modest engineering effort of less than 10 modified lines of codes in our use cases, (iii) using explicit secure typing is more efficient than embedding a complete application in an enclave both in terms of performance and security in our use cases.
KW - Trusted computing
KW - code partitioning
KW - secure typing
UR - https://www.scopus.com/pages/publications/85215526318
U2 - 10.1145/3652892.3700759
DO - 10.1145/3652892.3700759
M3 - Conference contribution
AN - SCOPUS:85215526318
T3 - Middleware 2024 - Proceedings of the 25th ACM International Middleware Conference
SP - 199
EP - 210
BT - Middleware 2024 - Proceedings of the 25th ACM International Middleware Conference
PB - Association for Computing Machinery, Inc
Y2 - 2 December 2024 through 6 December 2024
ER -