Skip to content

anahitH/program-partitioning-for-security-enclaves

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

99 Commits
eval
eval
 
 
images
images
 
 
include
include
 
 
lib
lib
 
 
scripts
scripts
 
 
templates
templates
 
 
test
test
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 

Repository files navigation

program-partitioning-for-security-enclaves

Behavior based program partitioning for Intel SGX security enclaves. Partitions given program into security sensitive and insensitive partitions based on user annotations. Automatically generates Asylo code to integrate partitioned program with Asylo framework. Operates in LLVM IR level.

Dependencies

The following projects need to be built and installed in the system.

  1. nlohman json https://github.com/nlohmann/json
  2. SVF https://github.com/anahitH/SVF
  3. PDG https://github.com/anahitH/program-dependence-graph
  4. spdlog https://github.com/gabime/spdlog

For building and installing each of the mentioned projects refer to their github pages.

Build

mkdir build cd build cmake ../ make

Minimum required cmake version is 3.12

Run

Run partitioning

opt -load $SVFG_PATH -load $DG_PATH -load $PDG_PATH -load $SELF_PATH $bc -partition-analysis -json-annotations=$annots -outfile=$outfile -partition-stats

Where SVFG_PATH is the path where SVF libraries reside. PDG_PATH is the same for PDG project. SELF_PATH is the path where program partitioning library files reside. Normally this would be in the build directory. bc is the LLVM bitcode of the program to partition and annots is the json file of user annotations. The statistics of partitioning will be dumped in a file partition_stats.json.

Partitioning with optimization

The supported partition optimization methods are:

  1. no-opt - no optimization applied
  2. ilp - ILP optimization
  3. kl - Kernighan-Lin optimization
  4. search-based - optimization based on the static analysis

The default value for optimization is no-opt. In order to optimize the partition set the -optimize flag of opt. E.g.

opt -load $SVFG_PATH -load $DG_PATH -load $PDG_PATH -load $SELF_PATH $bc -partition-analysis -json-annotations=$annots -outfile=$outfile -optimize=[|ilp|kl|search-based] -partition-stats

Generating secure and insecure modules from partition

opt -load $SVFG_PATH -load $DG_PATH -load $PDG_PATH -load $SELF_PATH $bc -extract-partition -json-annotations=$annots -outfile=$outfile -optimize=[|ilp|kl|search-based] -partition-stats

Will generate two modules out of two partitions. Will add missing code to have funcional modules, e.g. setter functions for globals used and modified in both partitions.

Asylo code generation

$BIN_PATH/sgx-code-gen $SRC where BIN_PATH is where executeable sgx-code-gen resides. By default it should be in the directory build. SRC is list of source files the program constsis of. Those are source files in C and not LLVM IR.

The generated files will be:

  1. interface_selectors.h
  2. ${program_name}_enclave.cc
  3. ${program_name}_driver.cc

To generate Bazel build file for given pprogram

python scripts/generateBazelBuild.py -enclave $enclave_shared_lib_name -enclave_src $enclave.cc -enclave_lib $secure_partition.o -enclave_hdr $enclave_hdr_files -app $app_name $app_src $driver.cc -app_lib $insecure_partition.o -app_hdr $app_hdrs_files -enclaves $enclaves_name -build-template $BAZEL_build_template

Bazel build template file is in templates/BUILD_template.

About

Behavior based program partitioning for security enclaves

Topics

c c-plus-plus llvm software-security sgx-enclave intel-sgx

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages