OpenSGX: An Open Platform for SGX Research Prerit Jain † Soham Desai † Seongmin Kim ⋆ Ming-Wei Shih † JaeHyuk Lee ⋆ Changho Choi ⋆ Youjung Shin ⋆ Taesoo Kim † Brent Byunghoon Kang ⋆ Dongsu Han ⋆ † Georgia Institute of Technology ⋆ KAIST † {pjain43, sdesai1, mingwei.shih, taesoo}@gatech.edu ⋆ {dallas1004, jhl9105, zpzigi, yj_shin, dongsuh, brentkang}@kaist.ac.kr Abstract—Hardware technologies for trusted computing, or trusted execution environments (TEEs), have rapidly matured over the last decade. In fact, TEEs are at the brink of widespread commoditization with the recent introduction of Intel Software Guard Extensions (Intel SGX). Despite such rapid development of TEE, software technologies for TEE significantly lag behind their hardware counterpart, and currently only a select group of researchers have the privilege of accessing this technology. To address this problem, we develop an open source platform, called OpenSGX, that emulates Intel SGX hardware components at the instruction level and provides new system software components necessarily required for full TEE exploration. We expect that the OpenSGX framework can serve as an open platform for SGX research, with the following contributions. First, we develop a fully functional, instruction-compatible emulator of Intel SGX for enabling the exploration of software/hardware design space, and development of enclave programs. OpenSGX provides a platform for SGX development, meaning that it provides not just emulation but also operating system components, an enclave program loader/packager, an OpenSGX user library, debugging, and performance monitoring. Second, to show OpenSGX’s use cases, we applied OpenSGX to protect sensitive information (e.g., directory) of Tor nodes and evaluated their potential performance impacts. Therefore, we believe OpenSGX has great potential for broader communities to spark new research on soon-to-be- commodity Intel SGX. I. I NTRODUCTION Hardware technologies for trusted computing, so called trusted execution environments (TEEs), have rapidly matured over the last decade [3, 18]. Trusted execution environments are at the brink of widespread commoditization with the recent introduction of Intel Software Guard Extensions (Intel SGX) [2, 19, 36]. Intel SGX allows an application, or its sub-component, to run inside an isolated execution environment, called an enclave. Intel SGX hardware protects the enclave against any malicious software, including operating system, hypervisor, and low-level firmware (e.g., SMM), which attempts to compromise its integrity or steal its secrecy. With the widespread adoption of cloud computing, the speculation is that Intel SGX can be a vehicle for enabling secure cloud computing and allowing many unforeseen security applications. The adoption of Intel SGX can have a dramatic impact on software design and implementation. For example, the introduction of SGX may require new programming models or even a new paradigm to be considered. However, despite the rapid development of TEEs, software technologies for TEE are still at a nascent stage. In fact, for Intel SGX, it is not feasible to fully explore all the potential that the SGX can provide because the research community lacks any usable platform for experimentation. In particular, access to the Intel SGX platform is currently limited to only a select group of people [5, 42, 43]. This is one of the fundamental barriers to innovation and software research on SGX, especially at its early phase. In this paper, we attempt to address this fundamental issue of designing and implementing a basic infrastructure that allows full instrumentation and exploration of SGX research. To this end, we proposed and developed an open platform, called OpenSGX, that emulates Intel SGX at the instruction-level by extending an open-source emulator, QEMU. In particular, we leverage QEMU’s userspace binary translation to implement SGX instructions. However, OpenSGX is not just an SGX instruction emulator, but it serves as a complete platform that includes an emulated operating system layer and services, an enclave program loader/package, a user library, debugging support, and performance monitoring. Because OpenSGX is implemented purely in software, it allows easy instrumentation in virtually all aspects of SGX, such as hardware components and system software, as well as memory encryption schemes. In addition to its use for research, OpenSGX can be used for developing SGX applications, as it is a self-contained platform, which provides isolated execution and remote attestation. However, it is not straightforward to design and implement such an open platform for both research and development communities. Not only does it require an intensive amount of engineering effort, but it also needs to be designed to inspire new research opportunities in operating systems and applications. In particular, we find that while the Intel SGX specification describes in detail the instruction set and internal data structures, it leaves other important components largely unspecified, such as support for system software and application programming interface. This raises a number of non-trivial issues. For example, many of the Intel SGX instructions are ring 0 instructions that require kernel privilege. This implies that an operating system, an untrusted entity with respect to SGX, must be involved to provide service (e.g., through system calls). Thus, a secure SGX design is required for SGX enclave applications to defend against potential attack vectors, such as Iago attacks [11]. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author’s employer if the paper was prepared within the scope of employment. NDSS ’16, 21-24 February 2016, San Diego, CA, USA Copyright 2016 Internet Society, ISBN 1-891562-41-X http://dx.doi.org/10.14722/ndss.2016.23011