• Stars
    star
    288
  • Rank 143,818 (Top 3 %)
  • Language
    C
  • License
    Other
  • Created over 9 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OpenSGX

OpenSGX: An open platform for Intel SGX

Environments & Prerequisites

  • Tested: Ubuntu 14.04-15.04, Arch
  • Requisite
Ubuntu
$ apt-get build-dep qemu
$ apt-get install libelf-dev

Fedora
$ yum-builddep qemu
  • Compilation
Compile QEMU
$ cd qemu
$ ./configure-arch
$ make -j $(nproc)

Back to opensgx/
$ cd ..

Compile sgx library
$ make -C libsgx

Compile user-level code
$ make -C user

Run your first OpenSGX program

  • Take user/demo/hello.c as an example.
#include <sgx-lib.h>
#include <stdio.h>

void enclave_main()
{
    char *hello = "hello sgx"\n";
    puts(hello);
    sgx_exit(NULL);
}
$ ./opensgx -k
generate sign.key
$ ./opensgx -c user/demo/hello.c
generate hello.sgx
$ ./opensgx -s user/demo/hello.sgx --key sign.key
generate hello.conf
$ ./opensgx user/demo/hello.sgx user/demo/hello.conf
run the program
$ ./opensgx -i user/demo/hello.sgx user/demo/hello.conf
run the program with counting the number of executed guest instructions

Debugging using GDB

  • Run target in the backgroud with debug option
$ ./opensgx -d 1234 user/demo/hello.sgx user/demo/hello.conf &
  • Attach remote gdb on target port
gdb user/sgx-runtime
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
[New Remote target]
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
[Switching to Remote target]
0x0000004000802190 in ?? () from /lib64/ld-linux-x86-64.so.2
(gdb) b sgx-runtime.c:63
Breakpoint 1 at 0x401a80: file sgx-runtime.c, line 63.
(gdb) c
Continuing.

Breakpoint 1, 0x0000000000401a80 in main ()
  • Find text section offset
$ readelf -S user/demo/hello.sgx | grep text
  [ 2] .text             PROGBITS         0000000050000110  00000110
  • In gdb, add symbol file by specifying text section offset
(gdb) add-symbol-file user/demo/hello.sgx 0x0000000050000110
add symbol table from file "user/demo/hello.sgx" at
	.text_addr = 0x50000110
(y or n) y
Reading symbols from /home/mingwei/gatech/opensgx_test/user/demo/hello.sgx...done.
  • Set break point on enclave binary and start debugging!
(gdb) b enclave_main 
Breakpoint 2 at 0x50000110
(gdb) c
Continuing.

Breakpoint 2, 0x0000000050000110 in enclave_main ()
(gdb)

Testing

$ cd user
$ ./test.sh test/simple
...
$ ./test.sh --help
[usage] ./test.sh [option]... [binary]
-a|--all  : test all cases
-h|--help : print help
--perf|--performance-measure : measure SGX emulator performance metrics
[test]
 test/exception-div-zero.c     :  An enclave test case for divide by zero exception.
 test/fault-enclave-access.c   :  An enclave test case for faulty enclave access.
 test/simple-aes.c             :  An enclave test case for simple encryption/decryption using openssl library.
 test/simple-attest.c          :  test network send
test/simple.c                 :  The simplest enclave enter/exit.
 test/simple-func.c            :  The simplest function call inside the enclave.
 test/simple-getkey.c          :  hello world
 test/simple-global.c          :  The simplest enclave which accesses a global variable
 test/simple-hello.c           :  Hello world enclave program.
 test/simple-network.c         :  test network recv
 test/simple-openssl.c         :  test openssl api
 test/simple-quote.c           :  test network recv
 test/simple-recv.c            :  An enclave test case for sgx_recv.
 test/simple-send.c            :  An enclave test case for sgx_send.
 test/simple-sgxlib.c          :  An enclave test case for sgx library.
 test/simple-stack.c           :  The simplest enclave enter/exit with stack.
 test/stub.c                   :  An enclave test case for stub & trampoline interface.
 test/stub-malloc.c            :  An enclave test case for using heap
 test/stub-realloc.c           :  An enclave test case for sgx_realloc

Pointers

  • QEMU side

    • qemu/target-i386/helper.h : Register sgx helper functions (sgx_encls, sgx_enclu, ...).
    • qemu/target-i386/cpu.h : Add sgx-specific cpu registers (see refs-rev2 5.1.4).
    • qemu/target-i386/translate.c : Emulates enclave mode memory access semantics.
    • qemu/target-i386/sgx.h : Define sgx and related data structures.
    • qemu/target-i386/sgx-dbg.h : Define debugging function.
    • qemu/target-i386/sgx-utils.h : Define utils functions.
    • qemu/target-i386/sgx-perf.h : Performance evaluation.
    • qemu/target-i386/sgx_helper.c: Implement sgx instructions.
  • SGX Library

    • libsgx/sgx-entry.c : Define enclave binary entry point.
    • libsgx/musl-libc/ : Customized libc library (based on musl libc).
    • libsgx/polarssl/ : Customized ssl library (based on polarssl).
  • User side

    • user/sgx-kern.c : Emulates kernel-level functions.
    • user/sgx-user.c : Emulates user-level functions.
    • user/sgx-utils.c : Implements utils functions.
    • user/sgx-signature.c : Implements crypto related functions.
    • user/sgx-runtime.c : sgx runtime.
    • user/include/ : Headers.
    • user/conf/ : Configuration files.
    • user/test/ : Test cases.
    • user/demo/ : Demo case.

Contribution

We are more than happy to see any comments or feedback, as to improve this project. To make contributions and take part in the project, there are several ways you can do:

  • Report bugs. Could either directly send us email or, even better, create an issue on github site. We will try our hard to take care of any report.
  • Send patches. Could directly send us pull requests for minor changes. For larger changes, please contact us offline so we can discuss in more detail.

We specially appreciate those who actively make contributions to the project:

  • Jon Gjengset
  • Jethro Beekman
  • Patrick Bridges
  • John D. Ramsdell

Contact

Email: OpenSGX team.

Authors

NOTE. All authors at Gatech and KAIST equally contributed to the project

Publications

  • Paper on OpenSGX: please use the citation below as the canonical reference to OpenSGX
OpenSGX: An Open Platform for SGX Research
Prerit Jain, Soham Desai, Seongmin Kim, Ming-Wei Shih, JaeHyuk Lee, Changho Choi, Youjung Shin, Taesoo Kim, Brent Byunghoon Kang, Dongsu Han
NDSS 2016


@inproceedings{opensgx,
        title        = {{OpenSGX: An Open Platform for SGX Research}},
        author       = {Prerit Jain and  Soham Desai and Seongmin Kim and  Ming-Wei Shih and  JaeHyuk Lee and  Changho Choi and Youjung Shin and Taesoo Kim and Brent Byunghoon Kang and Dongsu Han},
        booktitle    = {Proceedings of the Network and Distributed System Security Symposium},
        month        = feb,
        year         = 2016,
        address      = {San Diego, CA},
}
  • Papers that use OpenSGX:
A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications
Seongmin Kim, Youjung Shin, Jaehyung Ha, Taesoo Kim, Dongsu Han
ACM HotNets 2015

@inproceedings{kim:hotnets2015,
	title        = {{A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications}},
	author       = {Seongmin Kim and Youjung Shin and Jaehyung Ha and Taesoo Kim and Dongsu Han},
	booktitle    = {Proceedings of the 14th ACM Workshop on Hot Topics in Networks (HotNets)},
	month        = nov,
	year         = 2015,
	address      = {Philadelphia, PA},
}

More Repositories

1

Rudra

Rust Memory Safety & Undefined Behavior Detection
Rust
1,314
star
2

qsym

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
C++
627
star
3

winnie

Winnie is an end-to-end system that makes fuzzing Windows applications easy
C
528
star
4

pwn2own2020

Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
C++
401
star
5

DrK

The DrK Attack - Proof of concept
Python
343
star
6

avpass

Tool for leaking and bypassing Android malware detection system
Smali
283
star
7

DIE

Fuzzing JavaScript Engines with Aspect-preserving Mutation
TypeScript
221
star
8

janus

Janus: a state-of-the-art file system fuzzer on Linux
C
206
star
9

hydra

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems
C
156
star
10

ArcHeap

ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
C
141
star
11

freedom

A DOM fuzzer
Python
139
star
12

cs3210-rustos-public

Lab assignments for Georgia Tech CS 3210 "Design of Operating Systems"
Rust
111
star
13

perf-fuzz

C
94
star
14

sgx-tutorial-ccs17

SGX Tutorial at CCS17: SGX Security and Privacy
83
star
15

mosaic

C++
78
star
16

autofz

autofz: Automated Fuzzer Composition at Runtime
C
72
star
17

apollo

A toolchain for automatically detecting, reporting, and diagnosing performance bugs in DBMSs.
HCL
68
star
18

kernel-analyzer

C++
65
star
19

fuzzification

We hinder fuzzing
C
64
star
20

apisan

APISan: Sanitizing API Usages through Semantic Cross-Checking
C++
60
star
21

fxmark

FxMark: Filesystem Multicore Scalability Benchmark
Filebench WML
58
star
22

libmpk

C
48
star
23

deadline

C++
45
star
24

unisan

UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
C++
43
star
25

shfllock

C
40
star
26

Rudra-PoC

Trophy case for Rudra bugs.
Rust
36
star
27

DIE-corpus

Corpus set used by DIE
Raku
36
star
28

aslr-guard

Preventing code-reuse attacks by stopping code pointer leakages
35
star
29

sgx101-gitbook

Synced with SGX101 gitbook.
30
star
30

kenali-kernel

Modified Nexus 9 kernel for Kenali Project
C
29
star
31

krace

Source code release for the KRace project
Python
27
star
32

hdfi

Hardware-assisted Data-flow Isolation
C
26
star
33

t-sgx

Compiler-based tool that protects Intel SGX applications against controlled-channel attacks
C++
26
star
34

caver

C++
25
star
35

juxta

C++
23
star
36

sgx-bomb

Makefile
15
star
37

RoboFuzz

Fuzzing framework for Robot Operating System (ROS) and ROS-based robotic systems
Python
15
star
38

cst-locks

C
13
star
39

SNAP

C
12
star
40

platpal

C++
12
star
41

blockchain-lab-pwneth

Solidity
11
star
42

ucognito

C
11
star
43

branch-shadowing

The branch shadowing attack: Proof of concept
C++
10
star
44

latr

Latr: Lazy Translation Coherence - ASPLOS'18
C
10
star
45

desensitization

Python
10
star
46

Rudra-Artifacts

Rudra's artifact evaluation submission
Rust
8
star
47

fakeroot-p

Makefile
8
star
48

vbench

VBench: Multicore Scalability Application Benchmark
Python
8
star
49

lkl-hydra

C
7
star
50

Pridwen

Universally Hardening SGX Programs via Load-Time Synthesis
C++
7
star
51

Sense

Code for Sense (NDSS'24)
C++
6
star
52

AndroidCoverageAgent

Coverage gathering JVMTI agent for Android
C++
6
star
53

kup

Prototype for seamlessly updating Linux kernel with application checkpoint-and-restart
5
star
54

eCS

Enlightened Critical Sections
C
4
star
55

bunshin

Python
4
star
56

playcrawl

Crawler for Googleplay
HTML
4
star
57

ordo

C
3
star
58

ACon2

Solidity
3
star
59

lkl

C
2
star
60

sgx101

A place to start designing application with Intel SGX in mind.
HTML
2
star
61

AndroidIntentFuzzer

Greybox fuzzing for Android Intent receivers
Kotlin
1
star