Designing a Provenance Analysis for SGX Enclaves

TL;DR

This paper introduces SgxMonitor, a provenance analysis tool for Intel SGX enclaves that detects intrusions with minimal overhead, enabling effective security monitoring despite SGX's isolation features.

Contribution

The paper presents SgxMonitor, a novel method for extracting runtime context and modeling enclave intrusions, addressing the challenge of provenance analysis within SGX enclaves.

Findings

SgxMonitor detects state-of-the-art enclave intrusions successfully.

Overhead of SgxMonitor is comparable to traditional provenance tools.

No false positives or negatives during normal enclave execution.

Abstract

Intel SGX enables memory isolation and static integrity verification of code and data stored in user-space memory regions called enclaves. SGX effectively shields the execution of enclaves from the underlying untrusted OS. Attackers cannot tamper nor examine enclaves' content. However, these properties equally challenge defenders as they are precluded from any provenance analysis to infer intrusions inside SGX enclaves. In this work, we propose SgxMonitor, a novel provenance analysis to monitor and identify anomalous executions of enclave code. To this end, we design a technique to extract contextual runtime information from an enclave and propose a novel model to represent enclaves' intrusions. Our experiments show that not only SgxMonitor incurs an overhead comparable to traditional provenance tools, but it also exhibits macro-benchmarks' overheads and slowdowns that marginally affect real use cases deployment. Our evaluation shows SgxMonitor successfully identifies enclave intrusions carried out by the state of the art attacks while reporting no false positives and negatives during normal enclaves executions, thus supporting the use of SgxMonitor in realistic scenarios.