COSMIX is an LLVM pass, coupled with a runtime and different Memory stores (Mstores) which intends to provide enclaves with trusted, efficient, and customizable page fault handlers. For more information, please refer the following paper: "CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves".
Compiler pass - CoSMIX LLVM Module pass.Runtime/ - CoSMIX Runtime.Memory stores/ - Example of three different memory stores, and common building blocks they all use internally.Samples/ - Applications of different flavours using CoSMIX, with Makefile examples of the different compilation and customization options.Configuration/ - Memory stores sample configuration files.CoSMIX build was tested on Ubuntu 16.04 and Ubuntu 18.04 with LLVM 6.0.0. CoSMIX can be used in enclaves and also in regular applications.
To use CoSMIX with SGX enclaves, the following are also required:
SGX supported hardwareIntel SGX DriverIntel SGX SDK. This is needed only by the SUVM Mstore.CoSMIX requires setting the installed dependencies paths in the Defines.mk file.
Building is then as simple as:
git submodule update --init
cd SVF
git checkout SVF-1.5
sed -i '2i\set(CMAKE_POSITION_INDEPENDENT_CODE ON)' CMakeLists.txt
export LLVM_DIR=<llvm installed path>
export PATH=$LLVM_DIR/bin:$PATH
mkdir Release-build
cd Release-build
cmake ../
make -j4
cd ../
makeIt is possible to validate CoSMIX was installed and works as expected by running a small validation suite that uses the SUVM mstore.
cd samples/regression
./run_validation_suite.sh We provide different sample applications under the samples/ directory with example Makefiles with the different CoSMIX compilation flags, which may be customized. CoSMIX expects a whole program bitcode file to operate on as it is implemented as an LLVM Module pass. To that end, LLVM Gold Plugin, a link-time optimizer can generate whole program bit code files.
docker build -t "cosmix" .
docker run -it cosmix /bin/bashCoSMIX can be used with a Library Operating System (LibOS) that allows running unmodified applications inside SGX enclaves. Examples of such tools are: Graphene-SGX, Anjuna Runtime and SCONE.
Graphene-SGX is an open source LibOS. To run applications with mstore support inside SGX enclaves with the help of Graphene-SGX follow the instruction provided in Graphene-SGX documents.
Note, the SUVM mstore manages evicted pages in untrusted memory. Therefore, to run applications with SUVM mstore support inside Graphene-SGX, we modified Graphene-SGX and added a new
untrusted memory allocation system call, which is exposed directly to applications executing inside Graphene-SGX enclaves.
Modified Graphene-SGX code
Note, using the modified Graphene-SGX code is at your own risk.Intel SGX SDK is an open source SGX enclave framework by Intel. It allows partitioning applications into trusted and untrusted components,
where the trusted code and data are executed and accessed inside an enclave. To run such enclaves with mstore support please refer to
the SGX SDK samples directory for example use cases.CoSMIX is licensed under the BSD 2-Clause License. Please refer to the LICENSE.txt file for more details.
CoSMIX welcomes contributions and suggestions. CoSMIX is a research prototype; therefore, while we try our best to resolve issues as fast as possible, support is currently limited.
Sources for example memory stores are availabe under the mstores/ directory. As a reference you may look at mstores/suvm for cached memory store implementation and mstores/oram for direct access memory store implementation. Please note of the function naming conventions used, as this is the contract the compiler pass looks for to auto-generate the callbacks in the CoSMIX runtime.
Please refer to the sources under runtime/ directory.
We release CoSMIX source code in the hope of benefiting others. You are kindly asked to acknowledge usage by citing the CoSMIX paper.