Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1371 Discussions

Using Global variables and malloc function inside Enclave

suin_k_
Beginner
‎07-19-2017 11:37 PM
751 Views

Hi, I have trouble in applying SGX to my application

I want to keep an value inside Enclave while I'm using application.

For example, I define account balance variable inside Enclave and want to keep the value of it while I'm using the application.

but If I put the account balance variable in the trusted functions inside enclave as a local variable, the value would be gone after using the function and I couldn't keep the value.

So I tried to define it as a global variable inside Enclave but the global variable was not encrypted unlike the local variables (* I checked it by using Cheat Engine. I couldn't scan local variables but could scan global variables)

Could I use global variable inside enclave securely?

I hope to know how to use the global variables in enclave if I could use them.

or If there is another way to keep value inside Enclave safely, I hope to know how to do.

(I'm guessing there could be a way to allocate memory safely using malloc function ..)

Thanks for reading my question :)

Best regards

Suin

0 Kudos

Link Copied

2 Replies
you_w_
New Contributor III
‎07-20-2017 02:17 AM
751 Views

Hi:

I think there is something wrong with your code. The enclave global variables is encrypted. In your case, you may use the global  variables outside the enclave. Did you clear up the secret after you use it ? I mean after you get the global variable via an Ecall function you should clear the utrusted buffer which receives the value. 

Regards

you

 

0 Kudos
Copy link
suin_k_
Beginner
‎07-20-2017 06:53 PM
751 Views

Hi, you

Thank you for answering my question.

But I think I followed the SGX format. Maybe I am missing something.

I wish you could check my sample code.

*** Enclave2.cpp

#include "Enclave2_t.h"

#include "sgx_trts.h"

int balance;

void setBalance(int input) {
	balance = input;
}

void withdraw(int money) {
	balance -= money;
}

int getBalance() {
	return balance;
}

***

*** Enclave2.edl

enclave {
    from "sgx_tstdc.edl" import *;
    trusted {
		public void setBalance(int input);
		public void withdraw(int money);
		public int getBalance(); 
    };
};

***

***account.cpp

#include <stdio.h>
#include <tchar.h>
#include "sgx_urts.h"
#include "Enclave2_u.h"

#define ENCLAVE_FILENAME _T("Enclave2.signed.dll")

int main() {
	sgx_enclave_id_t eid;
	sgx_status_t ret = SGX_SUCCESS;
	sgx_launch_token_t token = { 0 };
	int updated = 0;
	int balance;
	ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL);

	setBalance(eid, 1000);
	withdraw(eid, 200);

	getchar();	
	//I scanned 800 here for global variable balance in Enclave2.cpp 
	//and found 9 memory address with value 800, I changed them all to 400 by using cheat engine
	
	withdraw(eid, 100); 
	//and here one of them decreased to 300
	//I think the value must be the global variable  

	if (SGX_SUCCESS != sgx_destroy_enclave(eid))
		printf("\nApp: error, failed to destroy enclave.\n");
	return 0;
}

***

If I miss something, please let me know.

Thanks for reading my question.

Best regards

Suin

0 Kudos
Copy link
Reply

For more complete information about compiler optimizations, see our Optimization Notice.