Tutorial: Building Distributed Enclave Applications with Sancus and SGX
This page collects background information and source code for the 3-hour interactive tutorial we will teach at the upcoming IEEE/IFIP International Conference on Dependable Systems and Networks DSN 2018, on Monday, 25th June in Luxembourg City. Please come along if you want to learn how to develop security-sensitive networked applications based on Trusted Computing.
We will discuss how to write enclaved software modules for both our open-source embedded Sancus architecture, as well as for Intel SGX on off-the-shelf x86 platforms. We will furthermore show how to make Sancus/SGX enclaves interact securely in distributed applications. Our tutorial will cover lots of hands-on exercises where we can explore common pitfalls for enclave development, and you will learn how to deploy, attest, and interact with basic Sancus/SGX enclaves. And no worries, we will provide convenient application libraries and development environments that allow you to easily setup secure communication channels, without having to dive into the details of embedded systems programming or automotive bus systems.
Abstract
Trusted computing technology provides promising new security primitives for the development of dependable and highly secure distributed applications. Protected software components, or enclaves, are provided with strong integrity, confidentiality and key derivation mechanisms via a minimal, hardware-only trusted computing base. Yet, leveraging enclaved execution in practice remains not well-understood, especially for heterogeneous trusted computing networks. This tutorial aims to provide insights and hands-on exercises on building such interactive applications based on Intel SGX and the lightweight embedded Sancus architecture.
Motivation and Goals
Trusted computing architectures such as Intel SGX, ARM TrustZone, and Sancus have been around for a number of years. By enforcing strong integrity, confidentiality, and attestation guarantees with a minimal (hardware-only) trusted computing base, these architectures aim to provide a root-of-trust for the development of dependable and highly secure systems. However, few real-world applications leverage trusted computing, and approaches to interconnect enclave applications in heterogeneous and distributed trusted computing environments remain not well-understood. Yet, this approach provides strong security benefits in domains like the Internet of Things or interconnected Industrial Control Systems.
This tutorial outlines the development of such security-sensitive networked applications. Participants will learn how to write enclaved software modules for both the embedded open-source Sancus research architecture, as well as for off-the-shelf Intel SGX platforms. We will show how to make Sancus/SGX enclaves interact securely in a distributed fashion. Our approach is distinguished by the concept of authentic execution, a notion of end-to-end security and secure I/O where the overall application's behavior depends solely on protected device drivers and data processing enclaves.
The tutorial will cover common pitfalls for enclave development and feature hands-on exercises on programming, deploying, attesting, and interacting with basic Sancus/SGX enclaves. The tutorial setup uses an automotive industry-standard CAN bus to interconnect Intel SGX machines with Sancus-enabled microcontrollers. We will provide Sancus I/O driver modules plus a CAN authentication library that allows participants to easily setup secure communication channels.
Our tutorial aims at researchers, software developers, and software architects who want to learn more about modern trusted computing architectures. Basic programming skills (in C) and familiarity with the GNU/Linux command line interface are required to follow the hands-on exercises.
Organisation of the Tutorial
Participants will be provided with remote SSH access to an SGX-capable machine, connected to Sancus-enabled microcontrollers over a CAN network. This machine will also have pre-installed the required software development tools for the two trusted computing architectures, as well as skeleton source code for the hands-on exercises.
The tutorial aims to fill about three hours with an equal split between lectures and practical exercises:
| Duration | Content |
|---|---|
| 45 min | Introductory lecture:
|
| 45 min | Hands-on: Developing Sancus/SGX enclaves, software deployment, remote attestation and secure communication |
| 45 min | Hands-on: Secure I/O on Sancus, authentic execution in a distributed setting |
| 45 min | Pitfalls, advanced topics, wrap-up
|
Further Reading
- Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, Felix Freiling. Sancus 2.0: A Low-Cost Security Architecture for IoT devices. ACM Transactions on Privacy and Security (TOPS), 2017.
- Costan, Victor, Srinivas Devadas. Intel SGX Explained. IACR Cryptology ePrint Archive, 2016.
- Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens. VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks. Proceedings of the 33th Annual Computer Security Applications Conference (ACSAC), 2017.
- Job Noorman, Jan Tobias Mühlberg, Frank Piessens. Authentic Execution of Distributed Event-Driven Applications with a Small TCB. Proceedings of the 13th International Workshop on Security and Trust Management (STM), 2017.