OpenSGX: An Open Platform for SGX Research

Abstract

Hardware technologies for trusted computing, or trusted execution environments (TEEs), have rapidly matured over the last decade. In fact, TEEs are at the brink of widespread commoditization with the recent introduction of Intel Software Guard Extensions (Intel SGX). Despite such rapid development of TEE, software technologies for TEE significantly lag behind their hardware counterpart, and currently only a select group of researchers have the privilege of accessing this technology. To address this problem, we develop an open source platform, called OpenSGX, that emulates Intel SGX hardware components at the instruction level and provides new system software components necessarily required for full TEE exploration. We expect that the OpenSGX framework can serve as an open platform for SGX research, with the following contributions. First, we develop a fully functional, instruction-compatible emulator of Intel SGX for enabling the exploration of software/hardware design space, and development of enclave programs. OpenSGX provides a platform for SGX development, meaning that it provides not just emulation but also operating system components, an enclave program loader/packager, an OpenSGX user library, debugging, and performance monitoring. Second, to show OpenSGX's use cases, we applied OpenSGX to protect sensitive information (e.g., directory) of Tor nodes and evaluated their potential performance impacts. Therefore, we believe OpenSGX has great potential for broader communities to spark new research on soon-to-be-commodity Intel SGX. I. INTRODUCTION Hardware technologies for trusted computing, so called trusted execution environments (TEEs), have rapidly matured over the last decade [3, 18]. Trusted execution environments are at the brink of widespread commoditization with the recent introduction of Intel Software Guard Extensions (Intel SGX) [2, 19, 36]. Intel SGX allows an application, or its sub-component, to run inside an isolated execution environment, called an enclave. Intel SGX hardware protects the enclave against any malicious software, including operating system, hypervisor, and low-level firmware (e.g., SMM), which attempts to compromise its integrity or steal its secrecy. With the widespread adoption of cloud computing, the speculation is that Intel SGX can be a vehicle for enabling secure cloud computing and allowing many unforeseen security applications.