Skip to content

A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves

License

Notifications You must be signed in to change notification settings

acsl-technion/cosmix

Repository files navigation

COSMIX

COSMIX is an LLVM pass, coupled with a runtime and different Memory stores (Mstores) which intends to provide enclaves with trusted, efficient, and customizable page fault handlers. For more information, please refer the following paper: "CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves".

Components

  • Compiler pass - CoSMIX LLVM Module pass.
  • Runtime/ - CoSMIX Runtime.
  • Memory stores/ - Example of three different memory stores, and common building blocks they all use internally.
  • Samples/ - Applications of different flavours using CoSMIX, with Makefile examples of the different compilation and customization options.
  • Configuration/ - Memory stores sample configuration files.

Building

CoSMIX build was tested on Ubuntu 16.04 and Ubuntu 18.04 with LLVM 6.0.0. CoSMIX can be used in enclaves and also in regular applications.

Dependencies

To use CoSMIX with SGX enclaves, the following are also required:

CoSMIX requires setting the installed dependencies paths in the Defines.mk file. Building is then as simple as:

git submodule update --init
cd SVF
git checkout SVF-1.5
sed -i '2i\set(CMAKE_POSITION_INDEPENDENT_CODE ON)' CMakeLists.txt
export LLVM_DIR=<llvm installed path>
export PATH=$LLVM_DIR/bin:$PATH
mkdir Release-build
cd Release-build
cmake ../
make -j4
cd ../
make

Samples

It is possible to validate CoSMIX was installed and works as expected by running a small validation suite that uses the SUVM mstore.

cd samples/regression
./run_validation_suite.sh 

We provide different sample applications under the samples/ directory with example Makefiles with the different CoSMIX compilation flags, which may be customized. CoSMIX expects a whole program bitcode file to operate on as it is implemented as an LLVM Module pass. To that end, LLVM Gold Plugin, a link-time optimizer can generate whole program bit code files.

Run CoSMIX inside a contianer

docker build -t "cosmix" .
docker run -it cosmix /bin/bash

Running applications compiled by CoSMIX in enclaves

CoSMIX can be used with a Library Operating System (LibOS) that allows running unmodified applications inside SGX enclaves. Examples of such tools are: Graphene-SGX, Anjuna Runtime and SCONE.

  • The Anjuna Runtime is a solution developed by Anjuna for seamless execution of unmodified applications inside enclaves. To obtain access to the Anjuna Runtime please reach out to [email protected].
  • Graphene-SGX is an open source LibOS. To run applications with mstore support inside SGX enclaves with the help of Graphene-SGX follow the instruction provided in Graphene-SGX documents. Note, the SUVM mstore manages evicted pages in untrusted memory. Therefore, to run applications with SUVM mstore support inside Graphene-SGX, we modified Graphene-SGX and added a new untrusted memory allocation system call, which is exposed directly to applications executing inside Graphene-SGX enclaves. Modified Graphene-SGX code Note, using the modified Graphene-SGX code is at your own risk.
  • Intel SGX SDK is an open source SGX enclave framework by Intel. It allows partitioning applications into trusted and untrusted components, where the trusted code and data are executed and accessed inside an enclave. To run such enclaves with mstore support please refer to the SGX SDK samples directory for example use cases.

License

CoSMIX is licensed under the BSD 2-Clause License. Please refer to the LICENSE.txt file for more details.

Contributions and Support

CoSMIX welcomes contributions and suggestions. CoSMIX is a research prototype; therefore, while we try our best to resolve issues as fast as possible, support is currently limited.

Adding a new Memory store

Sources for example memory stores are availabe under the mstores/ directory. As a reference you may look at mstores/suvm for cached memory store implementation and mstores/oram for direct access memory store implementation. Please note of the function naming conventions used, as this is the contract the compiler pass looks for to auto-generate the callbacks in the CoSMIX runtime.

Adding new wrapper to libc function

Please refer to the sources under runtime/ directory.

We release CoSMIX source code in the hope of benefiting others. You are kindly asked to acknowledge usage by citing the CoSMIX paper.

BibTeX
@inproceedings {cosmix::atc19,
author = {Meni Orenbach and Yan Michalevsky and Christof Fetzer and Mark Silberstein},
title = {CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves},
booktitle = {2019 {USENIX} Annual Technical Conference ({USENIX} {ATC} 19)},
year = {2019},
address = {Renton, WA},
url = {https://www.usenix.org/conference/atc19/presentation/orenbach},
publisher = {{USENIX} Association},
}

About

A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published