Towards Memory Safe Enclave Programming with Rust-SGX

less than 1 minute read

Published:

Reading notes of (CCS’19) Towards Memory Safe Enclave Programming with Rust-SGX.

Background

Current TEE (like Intel SGX) does not terminate traditional memory corruption vulnerabilities. ASLR does not eliminate memory attack.

Biondo: “SGX runtime inherently contains memory regions whose addresses are fixed.”

Contribution

Rust-SGX makes SGX software memory safe and less than 5% overhead.

Threat-Model

Rust-SGX shares the same threat model as does Intel SGX.

Challenges

  • Port SGX APIs
  • Unwanted Rust features: unsafe and FFI
  • Inevitable assembly codes

Techniques

  • To achieve safe memory management, a high-level wrapper for all C/C++ SGX data structure allocated on the heap is introduced. Therefore, releasing of C/C++ objects is delegated to the lifetime semantics of Rust.
  • Defines conversion semantics to achieve safe memory access of C/C++ objects. These conversion are implemented within Rust type systems.
  • Rust trait ContiguousMemory to enable safe memory access of raw bytes in Rust-SGX.

Insights

  • Will Rust finally eliminate all memory corruption? Perhaps.
  • Languages have been proved to be a choice to achieve more secure systems.