Towards Memory Forensic in SGX Enclaves
Towards Memory Forensic in SGX Enclaves
| Supervisor(s): | Mathias Morbitzer |
| Status: | finished |
| Topic: | Others |
| Author: | Lukas Heindl |
| Submission: | 2023-02-15 |
| Type of Thesis: | Bachelorthesis |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionIn cloud environments there is a new party having full control over the code and the data, the cloud provider. Thus, trusting the cloud provider is required in such an environment. As the stored data might be sensitive, we want to eliminate this requirement. For that reason mechanisms like Intel SGX exist. Intel SGX introduces the concept of enclaves to the cloud computing environment. Code, as well as data used by an enclave is protected from everything different than the enclave itself. Nevertheless, code running in the enclave might have vulnerabilities as well. While there is a lot of work on how to detect an intrusion in a non-SGX environment, there is little work
on how to do this for SGX.
In this work, we developed methodology to analyze how memory is organized in such an enclave. We show
how we can find the stack of the running enclave. For the other two important sections, the code and the heap,
we also provide a basic analysis. Being able to access the different segments of the memory is the first step in
dynamically checking whether the current state is still valid.
The next step however, validating the retrieved data, is out of scope for this work.
|
|