Towards Memory Safe Enclave Programming with Rust-SGX
Published:
Reading notes of (CCS’19) Towards Memory Safe Enclave Programming with Rust-SGX.
Background
Current TEE (like Intel SGX) does not terminate traditional memory corruption vulnerabilities. ASLR does not eliminate memory attack.
Biondo: “SGX runtime inherently contains memory regions whose addresses are fixed.”
Contribution
Rust-SGX makes SGX software memory safe and less than 5% overhead.
Threat-Model
Rust-SGX shares the same threat model as does Intel SGX.
Challenges
- Port SGX APIs
- Unwanted Rust features:
unsafe
and FFI - Inevitable assembly codes
Techniques
- To achieve safe memory management, a high-level wrapper for all C/C++ SGX data structure allocated on the heap is introduced. Therefore, releasing of C/C++ objects is delegated to the lifetime semantics of Rust.
- Defines conversion semantics to achieve safe memory access of C/C++ objects. These conversion are implemented within Rust type systems.
- Rust trait
ContiguousMemory
to enable safe memory access of raw bytes in Rust-SGX.
Insights
- Will Rust finally eliminate all memory corruption? Perhaps.
- Languages have been proved to be a choice to achieve more secure systems.