Question about the Heaven Paper: How does the shield loads OS inside Enclave

Dvorak_d_ — Mon, 08 Aug 2016 04:35:42 GMT

Hi, I have a question about the Heaven Paper: https://www.usenix.org/system/files/conference/osdi14/osdi14-paper-baumann.pdf

If I understood correctly, the process is:
1. Application developer packages everything into an image, and encrypt with a password, then send the encrypted image to the cloud provider;
2. cloud provider first creates an Enclave, and load it with a "Shield";
3. the "Shield" does the "remote attestation", once all clear, it receives the password that can decrypt the Image.
4. It basically "boots" the OS/App inside the image.
5; application runs securely

I'm confused with step 4. Quoting the original text "The Assuming it was loaded correctly, the shield may now decrypt the VHD key using its private key, and use it to access the contents of the VHD, allowing it to continue to load the LibOS and application."

Just wondering, if code inside the image is encrypted when the enclave is created, how does the enclave make the code "executable" after decryption? This is like asking my C program to execute machine code inside my HEAP, which is mostly forbidden by OS. Is this kind of operation allowed inside the Enclave? (i.e. trusted enclave code can read some blobs from untrusted memory, decrypt it, and place it inside trusted area as CODE instead of DATA, then execute the code?)

Thanks a lot!

-Dvorak

We suggest that you direct

Surenthar_S_Intel — Thu, 08 Sep 2016 04:04:05 GMT

We suggest that you direct your question to the authors of the paper. Thank you for your interest in Intel(r) SGX

-Surenthar.

topic We suggest that you direct in Intel® Software Guard Extensions (Intel® SGX)

Question about the Heaven Paper: How does the shield loads OS inside Enclave

We suggest that you direct