Research On Control Flow Hiding Based On SGX

Public cloud services enable cloud users to deploy an arbitrary computation cluster to public clouds and execute their programs on that remote cluster to reduce infrastructure investment and maintenance costs.However,the static analysis or dynamic analysis of the program by an attacker or a malicious cloud provider will destroy the confidentiality of the program.Therefore,protecting the confidentiality of programs on the cloud has become one of the important research directions in the field of public cloud security.At present,a common method to protect the confidentiality of programs on the cloud is control flow obfuscation,which is the protection of judgment logic in branch statements.The existing work is mainly based on pure software technology,but it has some defects such as low efficiency and low generality,etc.The trusted execution environment,as a new type of hardware function,provides a new solution to this problem.Combining the control flow obfuscation scheme of the trusted execution environment,such as CFHider,hides the conditional expressions of branch statements in the trusted execution environment,thus achieving the purpose of protecting the confidentiality of control flow.Although its performance and generality are better than other schemes,the security is still insufficient.The work of this thesis has two main contributions.(1)Analyze the security problems of the CFHider,and propose a set of dynamic observation attacks against the CFHider;(2)Propose a new and safer control flow hiding scheme called CFCloak,and design a control flow hiding system with SGX.The specific research work is as follows:This thesis analyzes the security problems of the CFHider,and proposes a set of dynamic observation attacks against the CFHider.The attack takes advantage of the problem that the control flow variables in the CFHider are still exposed to the attacker.By repeatedly observing the execution of program,the attacker can restore the hidden program control flow logic.In order to protect the confidentiality of control flow,this thesis proposes CFCloak,a more secure control flow hiding scheme based on trusted execution environment.CFCloak transforms control flow statements and all statements that containing control flow variables into variables query(VQ)function,which complete the extraction and hiding of information related to control flow.For the VQ function,CFCloak proposes a set of instruction system,so that all VQ functions are executed in the SGX enclave in the form of instructions,so as to achieve the purpose of protecting the confidentiality of the control flow.In order to ensure the correct execution of instructions and maintain all control flow variables in the SGX enclave,CFCloak proposes a memory model that manages the trusted execution environment,so that the SGX enclave guarantees the flexibility of its memory space while avoiding conflicts caused by running multi-threaded programs or recursive programs.The theoretical analysis proves that the work of this thesis can effectively resist attacks based on static and dynamic analysis.Based on the research studied,a control flow hiding system for Java programs with Intel SGX was designed and developed to evaluate the practicability and overhead of this scheme.According to the experimental results,the control flow hiding system is suitable for all Hadoop application examples and CPU-intensive application examples.The average time cost of two kinds of sample programs protected by CFCloak is 0.5 times and 1.3 times of the original program,respectively.