Runtime verification mechanisms applied on enclaves

Description

Cloud computing creates high chances to compute programs in a scalable environment. Despite the number of advantages a cloud provider presents to the customer of cloud space and power like cost-efficiency, sustainability, flexibility, and more, there are also a lot of security concerns. How can we assure that the operating system underneath our running program is not compromised by an attacker or even by a malicious cloud provider? The concept of trusted execution environments like SGX or Keystone can minimize the trusted computing base, where we do not also have to trust the cloud provider at load time. During the run-time of our program, there are not enough security checks, which can assure us that our application was not compromised or exploited. This thesis presents four different model approaches to protect the integrity of a program, which are trusted execution environment independent. The models make use of separated hardware protected memory regions and the idea of a shadow stack. Based on these models, the thesis shows how the models can be implemented into the trusted execution environments SGX and Keystone. A performance evaluation takes place for some simple programs, which indicate that the implemented models create a small performance overhead and little changes to the program itself to make any application safe against attackers, compromised operating systems, and even exploitable program issues. At last, the thesis indicates what kind of optimal trusted execution environment is needed to implement our models directly without any changes.