poster

Obfuscating program control flow with Intel SGX

Authors:

Anter FareeAuthors Info & Claims

ICSE '18: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings

Pages 321 - 322

https://doi.org/10.1145/3183440.3194990

Published: 27 May 2018 Publication History

Get Access

Abstract

Control flow obfuscation is a direct approach in protecting the confidentiality of program logic. However, existing works in this direction either failed to offer high confidentiality guarantees or incurred high performance overheads. In this paper, we propose CFHider, a high security and high performance control flow obfuscation technique. By leveraging program transformation and Intel Software Guard Extension (SGX) technology, CFHider hides control flow information to an opaque yet trusted execution environment, i.e., the SGX enclave. Our evaluation showed that, CFHider extensively raises the bar for reverse-engineering attacks targeting on the control flow confidentiality, and incurs a moderate performance overhead.

References

[1]

Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016 (2016), 86.

Google Scholar

[2]

Monirul I Sharif, Andrea Lanzi, Jonathon T Giffin, and Wenke Lee. 2008. Impeding Malware Analysis Using Conditional Code Obfuscation. In Network and Distributed System Security Symposium (NDSS).

Google Scholar

[3]

Yongzhi Wang and Jinpeng Wei. 2015. Toward protecting control flow confidentiality in cloud-based computation. Computers & Security 52 (2015), 106--127.

Digital Library

Google Scholar

[4]

Zhi Wang, Jiang Ming, Chunfu Jia, and Debin Gao. 2011. Linear obfuscation to combat symbolic execution. In European Symposium on Research in Computer Security. Springer, 210--226.

Digital Library

Google Scholar

Cited By

View all

Faree AWang Y(2019)Protecting Security-Sensitive Data Using Program Transformation and Intel SGX2019 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA.2019.00079(421-428)Online publication date: Oct-2019
https://doi.org/10.1109/NaNA.2019.00079

Index Terms

Obfuscating program control flow with Intel SGX
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization
SysTEX '18: Proceedings of the 3rd Workshop on System Software for Trusted Execution

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computation from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side ...
SnakeGX: A Sneaky Attack Against SGX Enclaves
Applied Cryptography and Network Security
Abstract
Intel Software Guard eXtension (SGX) is a technology to create enclaves (i.e., trusted memory regions) hardware isolated from a compromised operating system. Recently, researchers showed that unprivileged adversaries can mount code-reuse attacks ...

Comments

Information & Contributors

Information

Published In

ICSE '18: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings

May 2018

231 pages

ISBN:9781450356633

DOI:10.1145/3183440

Conference Chair:
Michel Chaudron
Chalmers University of Technology, University of Gothenburg, Sweden
,
General Chair:
Ivica Crnkovic
Chalmers University of Technology, University of Gothenburg, Sweden
,
Program Chairs:
Marsha Chechik
University of Toronto, Canada
,
Mark Harman
Facebook and University College London, United Kingdom

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 May 2018

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

National Natural Science Foundation of China
Natural Science Foundation of Shaanxi Province
National Key R&D Program of China

Conference

ICSE '18

Sponsor:

SIGSOFT
IEEE-CS

ICSE '18: 40th International Conference on Software Engineering

May 27 - June 3, 2018

Gothenburg, Sweden

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
201
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Faree AWang Y(2019)Protecting Security-Sensitive Data Using Program Transformation and Intel SGX2019 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA.2019.00079(421-428)Online publication date: Oct-2019
https://doi.org/10.1109/NaNA.2019.00079

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Cache Attacks on Intel SGX

Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization

SnakeGX: A Sneaky Attack Against SGX Enclaves