Department of Computer Science and Technology

Technical reports

Trusted reference monitors for Linux using Intel SGX enclaves

Harri Bell-Thomas

October 2021, 62 pages

This technical report is based on a dissertation submitted June 2020 by the author for the degree of Master of Engineering (Computer Science Tripos) to the University of Cambridge, Jesus College.

DOI: 10.48456/tr-962


Information Flow Control (IFC) is a powerful tool for protecting data in a computer system, enforcing not only who may access it, but also how it may be used throughout its lifespan. Intel’s Software Guard Extension (SGX) affords complementary protection, providing a general-purpose Trusted Execution Environment for applications and their data. To date, no work has been conducted considering the overlap between the two, and how they may mutually reinforce each other.

This dissertation presents Citadel, a modular, SGX-backed reference monitor to securely and verifiably implement IFC methods in the Linux kernel. Its prototype externalises policy decisions from its enforcement security module, providing a userspace promise-of-access model with asynchronous fulfilment. By aliasing system calls, the system transparently integrates with unmodified applications, and amortises the performance cost of integration by inferring processes’ underlying security contexts.

Observed results are promising, demonstrating a worst-case median performance overhead of 25%. In addition, the Nginx webserver is demonstrated running under Citadel; high bandwidth transfers exhibit near parity with the native Linux kernel’s performance. This work illustrates the potential viability of a symbiotic enclave-kernel relationship for security implementations, something that may, in the long run, benefit both.

Full text

PDF (2.9 MB)

BibTeX record

  author =	 {Bell-Thomas, Harri},
  title = 	 {{Trusted reference monitors for Linux using Intel SGX
  year = 	 2021,
  month = 	 oct,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-962},
  number = 	 {UCAM-CL-TR-962}