Reducing the TCB of SGX-Oriented LibOSes at Runtime
Donghui Yu, Dahan Pan, Fengwei Zhang, Haoran Fang, Ya Fang, Yuanyuan ZhangIntel Software Guard Extensions (SGX) provides a trusted execution environment (TEE) for applications to protect runtime code and data from the untrusted environment. All code residing in the enclave, including LibOSes and the libraries, is all taken into the Trusted Computing Base (TCB). The TCB size closely correlates with the potential vulnerabilities and the system’s attack surface. Vulnerabilities in the enclave can tamper with the control flow of the enclave program and potentially lead to data breaches. Existing SGX frameworks present a dilemma: either include a large LibOS in the enclave to ensure functionality, which inflates the TCB and attack surface, or move the OS out for a minimal TCB, which severely restricts application support or incurs high overhead, insecure interactions with the untrusted world.
In this paper, we introduce DynaTCB, a runtime framework designed to balance security and functionality. To enhance security, DynaTCB dynamically adjusts the TCB according to runtime program behavior. To preserve functionality, it logically removes unneeded code from the TCB instead of physically removing it from the enclave, thus avoiding the drawbacks of frequent untrusted interactions. It performs binary-level analysis without requiring source code. Experimental results show that DynaTCB achieves a code reduction of over 95% for the Coreutils suite and more than 80% for real-world applications with 14.2% overhead. Additionally, DynaTCB successfully breaks the gadget chains in SGX and mitigates several Common Vulnerabilities and Exposures (CVEs), affirming its potential to significantly enhance security in SGX environments.