Migrating SGX Enclaves with Persistent State

TL;DR

This paper presents a software-based method for migrating SGX enclaves that preserves persistent state, such as sealed data and counters, ensuring security and consistency during migration in cloud environments.

Contribution

It introduces a novel enclave migration approach that maintains persistent state and security guarantees without hardware modifications.

Findings

Enclave migration can be exploited if persistent state isn't properly handled.

The proposed method guarantees consistency of sealed data and counters during migration.

Performance overhead of the migration approach is negligible.

Abstract

Hardware-supported security mechanisms like Intel Software Guard Extensions (SGX) provide strong security guarantees, which are particularly relevant in cloud settings. However, their reliance on physical hardware conflicts with cloud practices, like migration of VMs between physical platforms. For instance, the SGX trusted execution environment (enclave) is bound to a single physical CPU. Although prior work has proposed an effective mechanism to migrate an enclave's data memory, it overlooks the migration of persistent state, including sealed data and monotonic counters; the former risks data loss whilst the latter undermines the SGX security guarantees. We show how this can be exploited to mount attacks, and then propose an improved enclave migration approach guaranteeing the consistency of persistent state. Our software-only approach enables migratable sealed data and monotonic counters, maintains all SGX security guarantees, minimizes developer effort, and incurs negligible performance overhead.