TICAL: Trusted and Integrity-protected Compilation of AppLications

TL;DR

TICAL is a framework that enhances build-time security by ensuring integrity and confidentiality of source code and compilation processes using TEEs, file shielding, and audit logs, complementing runtime protections.

Contribution

It introduces a trusted compilation framework combining TEEs, file system shielding, and audit logs to secure build pipelines against malicious code injection and tampering.

Findings

Protects build pipelines with acceptable performance overhead.

Ensures only trusted files are accessed during compilation.

Provides accountability through immutable audit logs.

Abstract

During the past few years, we have witnessed various efforts to provide confidentiality and integrity for applications running in untrusted environments such as public clouds. In most of these approaches, hardware extensions such as Intel SGX, TDX, AMD SEV, etc., are leveraged to provide encryption and integrity protection on process or VM level. Although all of these approaches increase the trust in the application at runtime, an often overlooked aspect is the integrity and confidentiality protection at build time, which is equally important as maliciously injected code during compilation can compromise the entire application and system. In this paper, we present Tical, a practical framework for trusted compilation that provides integrity protection and confidentiality in build pipelines from source code to the final executable. Our approach harnesses TEEs as runtime protection but enriches TEEs with file system shielding and an immutable audit log with version history to provide accountability. This way, we can ensure that the compiler chain can only access trusted files and intermediate output, such as object files produced by trusted processes. Our evaluation using micro- and macro-benchmarks shows that Tical can protect the confidentiality and integrity of whole CI/CD pipelines with an acceptable performance overhead.