Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Ensuring only a single instance of Enclave

Mansoor_A_
Beginner
‎01-25-2017 03:37 AM
602 Views

Hello, for the application that I am building, I need to ensure that only one instance of my enclave is running on the platform. Is there any way to do this? I have tried some hacky solutions such as creating 256 counters (the maximum allowed) at enclave initialization so that the second instance will error out when it tries to create its own counters. However, this solution is both slow and not crash-resilient. Is there any way to check whether instances of the same enclave are already running? If not, are there plans to introduce this in SGX2? I would imagine that this should be simple enough to implement in th platform software since it would just be a scan of all SECS pages to return a count of identical measurements.

 

 

 

 

0 Kudos

Link Copied

3 Replies
Francisco_C_Intel
Employee
‎01-26-2017 07:06 AM
602 Views

Our platform software does not have this feature.

There are hacky solutions like the one you describe (DoS on the system to prevent others from creating any enclaves, assuming you can get there first). If you are on Linux and you also control the install on all the machines you want to run this singleton enclave (for example, your enterprise), you could modify the platform sw code and add this feature before building and deploying it.

Suppose this feature did exist, how would you guarantee that *your* application loads the enclave first? Wouldn't you also want that feature?

0 Kudos
Copy link
Mansoor_A_
Beginner
‎01-26-2017 07:16 AM
602 Views

​I should have made my attacker model clearer. In the system that we are building, we do not trust any of the code running on the machine except the enclave code. However, if we allow more than one instance of the enclave to be instantiated on the same machine then it results in our system being vulnerable to some attacks (rollback attacks, to be specific). What we need to have is for the enclave to start up, check if there are any other (identical) enclaves running on the platform, and if there are then abort the operation.

​Looking through the Intel® 64 and IA-32 Architectures Software Developer’s Manual shows that there is a unique monotonically increasing EID associated with each enclave's SECS. Is there any function call that we can use to peek at that EID?

​Perhaps our system is a bit of an edge case but I think it would be a very useful addition to the platform if such a capability were indeed implemented.

0 Kudos
Copy link
Francisco_C_Intel
Employee
‎01-27-2017 08:40 AM
602 Views

I can't think of a way to do what you want without trusting the OS, our untrusted runtime, or something else.

I am still not sure what your concern though. How would the presence of a different process loading the same enclave binary into their process space affect what you want to do in your enclave in your process space?

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.