A list of related paper

[StanPlatinum]

SGX shield: https://cps.kaist.ac.kr/papers/ndss17-sgxshield.pdf

[StanPlatinum]

RYOAN: https://www.cs.utexas.edu/users/witchel/pubs/hunt16osdi-ryoan.pdf

[StanPlatinum]

SGX-ROP: https://arxiv.org/pdf/1902.03256.pdf

[heartever]

Dynamic loading code into SGX (needed to be checked):

• SGXElide: http://web.cse.ohio-state.edu/~lin.3021/file/CGO18.pdf
• DynSGX: https://arxiv.org/pdf/1710.11423.pdf
• Intel Forum: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/738239
• SGXCrypter: http://sites.nyuad.nyu.edu/moma/pdfs/pubs/C33.pdf
• Practical Enclave Malware

[mxz297]

SGX shield: https://cps.kaist.ac.kr/papers/ndss17-sgxshield.pdf

@lpjlwj @heartever @BlackDiamond1995 I recommend carefully reading Section IV.D of the SGX-Shield paper.

This subsection describes how they isolate memory write so that it will not write to W+X pages, and how they align code to prevent memory writes in gadget form.

Note that SGX-Shield paper does all these changes (SFI and alignment) at the IR level. In general, doing these things at the binary level is difficult. However, the SGX-Shield paper only evaluated their techniques on nbench (https://www.math.utah.edu/~mayer/linux/bmark.html) and HTTPD. So the total number of programs in their evaluation is really small, and the programs are not really that complicated.

My guess is that we can do SFI and alignment on binary code as long as our benchmarks are not too complicate.

[heartever]

Dynamic loading code into SGX (needed to be checked):

• SGXElide: http://web.cse.ohio-state.edu/~lin.3021/file/CGO18.pdf
• DynSGX: https://arxiv.org/pdf/1710.11423.pdf
• Intel Forum: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/738239
• SGXCrypter: http://sites.nyuad.nyu.edu/moma/pdfs/pubs/C33.pdf
• Practical Enclave Malware

Deploying an encrypted binary in SGX Hacking in Darkness: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lee-jaehyuk.pdf Sec. 2.1

[heartever]

SGX-ROP: https://arxiv.org/pdf/1902.03256.pdf

Hacking in Darkness: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lee-jaehyuk.pdf

The Guard’s Dilemma: Efficient Code-Reuse Attacks Against Intel SGX: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-biondo.pdf

[StanPlatinum]

https://docs.google.com/document/d/1gWjg2z-OJg4bDwYtk5CFCw1YKYiCsftvB9dKzgFCtRo/edit?usp=sharing

some related work...