Since its debut, SGX has been used in many applications, e.g., secure data processing. However, previous systems usually assume a trusted enclave and ignore the security issues caused by an untrusted enclave. For instance, a vulnerable (or even malicious) third-party enclave can be exploited to attack the host application and the rest of the system. In this paper, we propose an efficient mechanism to confine an untrusted enclave's behaviors. The threats of an untrusted enclave come from the enclave-host asymmetries. They can be abused to access arbitrary memory regions of its host application, jump to any code location after leaving the enclave and forge the stack register to manipulate the saved context. Our solution breaks such asymmetries and establishes mutual distrust between the host application and the enclave. It leverages Intel MPK for efficient memory isolation and the x86 single-step debugging mechanism to capture the event when an enclave is existing. It then performs the integrity check for the jump target and the stack pointer. We have solved two practical challenges and implemented a prototype system. The evaluation with multiple micro-benchmarks and representative real-world applications demonstrated the efficiency of our system, with less than 4% performance overhead.

中文翻译：

---

在 SGX 主机应用程序和 Enclave 之间有效建立互不信任

自首次亮相以来，SGX 已被用于许多应用，例如安全数据处理。然而，以前的系统通常假设一个受信任的飞地，而忽略由不受信任的飞地引起的安全问题。例如，可以利用易受攻击（甚至恶意）的第三方飞地来攻击主机应用程序和系统的其余部分。在本文中，我们提出了一种有效的机制来限制不受信任的飞地行为。不受信任的飞地的威胁来自飞地主机的不对称。它们可以被滥用来访问其主机应用程序的任意内存区域，在离开 enclave 后跳转到任何代码位置，并伪造堆栈寄存器来操作保存的上下文。我们的解决方案打破了这种不对称性，并在主机应用程序和飞地之间建立了相互不信任。它利用 Intel MPK 实现高效的内存隔离，并利用 x86 单步调试机制在 enclave 存在时捕获事件。然后它对跳转目标和堆栈指针执行完整性检查。我们已经解决了两个实际挑战并实现了原型系统。使用多个微基准测试和具有代表性的实际应用程序进行的评估证明了我们系统的效率，性能开销不到 4%。