Imperial College London
Portrait Picture

ProfessorPeterPietzuch

Faculty of EngineeringDepartment of Computing

Professor of Distributed Systems
 
 
 
//

Contact

 

+44 (0)20 7594 8314prp Website

 
 
//

Location

 

442Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Lind:2018,
author = {Lind, J and Priebe, C and Muthukumaran, D and O'Keeffe, D and Aublin, P and Kelbert, F and Reiher, T and Goltzsche, D and Eyers, D and Kapitza, R and Fetzer, C and Pietzuch, P},
pages = {285--298},
publisher = {USENIX},
title = {Glamdring: automatic application partitioning for Intel SGX},
url = {http://hdl.handle.net/10044/1/48105},
year = {2018}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - Trusted execution support in modern CPUs, as offered byIntel SGXenclaves, can protect applications in untrustedenvironments. While prior work has shown that legacyapplications can run in their entirety inside enclaves, thisresults in a large trusted computing base (TCB). Instead,we explore an approach in which wepartitionan applica-tion and use an enclave to protect only security-sensitivedata and functions, thus obtaining a smaller TCB.We  describeGlamdring, the  first source-level parti-tioning  framework that secures  applications  written  inC using Intel SGX. A developer first annotates security-sensitive application data. Glamdring then automaticallypartitions  the  application  into  untrusted  and  enclaveparts: (i) to preserve data confidentiality, Glamdring usesdataflow analysisto identify functions that may be ex-posed to sensitive data; (ii) for data integrity, it usesback-ward slicingto identify functions that may affect sensitivedata. Glamdring then places security-sensitive functionsinside the enclave, and adds runtime checks and crypto-graphic operations at the enclave boundary to protect itfrom attack. Our evaluation of Glamdring with the Mem-cached store, the LibreSSL library, and the Digital Bitboxbitcoin wallet shows that it achieves small TCB sizes andhas acceptable performance overheads.
AU  - Lind,J
AU  - Priebe,C
AU  - Muthukumaran,D
AU  - O'Keeffe,D
AU  - Aublin,P
AU  - Kelbert,F
AU  - Reiher,T
AU  - Goltzsche,D
AU  - Eyers,D
AU  - Kapitza,R
AU  - Fetzer,C
AU  - Pietzuch,P
EP  - 298
PB  - USENIX
PY  - 2018///
SP  - 285
TI  - Glamdring: automatic application partitioning for Intel SGX
UR  - http://hdl.handle.net/10044/1/48105
ER  -
Download