On (the Lack of) Code Confidentiality in Trusted Execution Environments

Authors: Ivan Puddu, Moritz Schneider, Daniele Lain, Stefano Boschetto, and Srdjan Čapkun

2024 IEEE Symposium on Security and Privacy (SP)

Abstract

Trusted Execution Environments (TEEs) have been proposed as a solution to protect code confidentiality in scenarios where computation is outsourced to an untrusted operator. We study the resilience of such solutions to side-channel attacks in two commonly deployed scenarios: when the confidential code is a native binary that is shipped and executed within a TEE and when the confidential code is an intermediate representation (IR) executed on top of a runtime within a TEE. We show that executing IR code such as WASM bytecode on a runtime executing in a TEE leaks most IR instructions with high accuracy and therefore reveals the confidential code. Contrary to IR execution, native execution is much less susceptible to leakage and largely resists even the most powerful side-channel attacks. We evaluate native execution leakage in Intel SGX and AMD SEV and experimentally demonstrate end-to-end instruction extraction on Intel SGX, with WASM bytecode as IR executed within two popular WASM runtimes: WAMR and wasmi. Our experiments show that IR code leakage from such systems is practical and therefore question the security claims of several commercial solutions which rely on TEEs+WASM for code confidentiality.

Research Area: Trusted Computing

People

Post-doc

Post-doc

Post-doc

Group Leader

BibTex

@INPROCEEDINGS{puddu2024confidentiality,
	isbn = {979-8-3503-3130-1},
	copyright = {In Copyright - Non-Commercial Use Permitted},
	doi = {10.3929/ethz-b-000672641},
	year = {2024},
	booktitle = {2024 IEEE Symposium on Security and Privacy (SP)},
	type = {Conference Paper},
	author = {Puddu, Ivan and Schneider, Moritz and Lain, Daniele and Boschetto, Stefano and Capkun, Srdjan},
	abstract = {Trusted Execution Environments (TEEs) have been proposed as a solution to protect code confidentiality in scenarios where computation is outsourced to an untrusted operator. We study the resilience of such solutions to side-channel attacks in two commonly deployed scenarios: when the confidential code is a native binary that is shipped and executed within a TEE and when the confidential code is an intermediate representation (IR) executed on top of a runtime within a TEE. We show that executing IR code such as WASM bytecode on a runtime executing in a TEE leaks most IR instructions with high accuracy and therefore reveals the confidential code. Contrary to IR execution, native execution is much less susceptible to leakage and largely resists even the most powerful side-channel attacks. We evaluate native execution leakage in Intel SGX and AMD SEV and experimentally demonstrate end-to-end instruction extraction on Intel SGX, with WASM bytecode as IR executed within two popular WASM runtimes: WAMR and wasmi. Our experiments show that IR code leakage from such systems is practical and therefore question the security claims of several commercial solutions which rely on TEEs+WASM for code confidentiality.},
	keywords = {Trusted Execution Environment; TEE; WASM; Side-channel analysis; Intel SGX; AMD SEV; Code confidentiality; Confidential Computing},
	language = {en},
	address = {Piscataway, NJ},
	publisher = {IEEE},
	title = {On (the Lack of) Code Confidentiality in Trusted Execution Environments},
	PAGES = {4125 - 4142},
	Note = {45th IEEE Symposium on Security and Privacy (SP 2024); Conference Location: San Francisco, CA, USA; Conference Date: May 20-23, 2024}
}

Research Collection: 20.500.11850/672641