TY - GEN
T1 - SecV
T2 - 24th ACM/IFIP International Middleware Conference, Middleware 2023
AU - Yuhala, Peterson
AU - Felber, Pascal
AU - Guiroux, Hugo
AU - Lozi, Jean Pierre
AU - Tchana, Alain
AU - Schiavoni, Valerio
AU - Thomas, Gaël
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/11/27
Y1 - 2023/11/27
N2 - Trusted execution environments like Intel SGX provide enclaves, which offer strong security guarantees for applications. Running entire applications inside enclaves is possible, but this approach leads to a large trusted computing base (TCB). As such, various tools have been developed to partition programs written in languages such as C or Java into trusted and untrusted parts, which are run in and out of enclaves respectively. However, those tools depend on language-specific taint-analysis and partitioning techniques. They cannot be reused for other languages and there is thus a need for tools that transcend this language barrier. We address this challenge by proposing a multi-language technique to specify sensitive code or data, as well as a multi-language tool to analyse and partition the resulting programs for trusted execution environments like Intel SGX. We leverage GraalVM's Truffle framework, which provides a language-agnostic abstract syntax tree (AST) representation for programs, to provide special AST nodes called secure nodes that encapsulate sensitive program information. Secure nodes can easily be embedded into the ASTs of a wide range of languages via Truffle's polyglot API. Our technique includes a multi-language dynamic taint tracking tool to analyse and partition applications based on our generic secure nodes. Our extensive evaluation with micro- and macro-benchmarks shows that we can use our technique for two languages (Javascript and Python), and that partitioned programs can obtain up to 14.5% performance improvement as compared to unpartitioned versions.
AB - Trusted execution environments like Intel SGX provide enclaves, which offer strong security guarantees for applications. Running entire applications inside enclaves is possible, but this approach leads to a large trusted computing base (TCB). As such, various tools have been developed to partition programs written in languages such as C or Java into trusted and untrusted parts, which are run in and out of enclaves respectively. However, those tools depend on language-specific taint-analysis and partitioning techniques. They cannot be reused for other languages and there is thus a need for tools that transcend this language barrier. We address this challenge by proposing a multi-language technique to specify sensitive code or data, as well as a multi-language tool to analyse and partition the resulting programs for trusted execution environments like Intel SGX. We leverage GraalVM's Truffle framework, which provides a language-agnostic abstract syntax tree (AST) representation for programs, to provide special AST nodes called secure nodes that encapsulate sensitive program information. Secure nodes can easily be embedded into the ASTs of a wide range of languages via Truffle's polyglot API. Our technique includes a multi-language dynamic taint tracking tool to analyse and partition applications based on our generic secure nodes. Our extensive evaluation with micro- and macro-benchmarks shows that we can use our technique for two languages (Javascript and Python), and that partitioned programs can obtain up to 14.5% performance improvement as compared to unpartitioned versions.
KW - GraalVM
KW - Intel SGX
KW - Java
KW - Managed Execution Environments
KW - Truffle
KW - Trusted Execution Environments
UR - https://www.scopus.com/pages/publications/85179882791
U2 - 10.1145/3590140.3629116
DO - 10.1145/3590140.3629116
M3 - Conference contribution
AN - SCOPUS:85179882791
T3 - Middleware 2023 - Proceedings of the 24th ACM/IFIP International Middleware Conference
SP - 207
EP - 219
BT - Middleware 2023 - Proceedings of the 24th ACM/IFIP International Middleware Conference
PB - Association for Computing Machinery, Inc
Y2 - 11 December 2023 through 15 December 2023
ER -