SGX-based LibOS中系统调用转发机制研究
Research on system call forwarding mechanism of SGX-based LibOS
刘西蒙 1黄应康 1刘维杰 2范倍汐 3章恬 1张杰3
作者信息
- 1. 福州大学计算机与大数据学院/软件学院,福建 福州 350108
- 2. 南开大学密码网络空间安全学院,天津 300350;数据与智能系统安全教育部重点实验室,天津 300350
- 3. 山西师范大学数学与计算机科学学院,山西 太原 030031
- 折叠
摘要
SGX-based LibOS允许现有的未经修改的应用程序在SGX Enclave中运行.然而,不同的SGX-based Li-bOS在架构设计、系统调用模拟以及系统调用转发机制上存在差异,增加了用户使用门槛,并使得调试程序错误变得棘手.为了应对这些问题,提出了系统调用动态测试框架,对各种SGX-based LibOS进行了测试,追踪了系统调用在LibOS中的执行状况,并比较了其在Linux宿主机上的运行差异.同时,分析了实验结果,深入探讨了不同基于SGX的LibOS中系统调用转发机制的差异,总结了它们对Linux功能的模拟情况以及编程语言运行时的支持状态,并指出了该领域的不足和待改进之处.
Abstract
SGX-based LibOS are designed to run unmodified applications within SGX Enclave,but differences in their architecture,system call simulation,and system call forwarding can make them difficult to use and debug.To overcome these challenges,a dynamic testing framework was introduced that traced system calls and verified their behaviors in various SGX-based LibOS.This framework compared the execution of system calls within the LibOS to their execution on regular Linux hosts,analyzing the differences in call forwarding mechanisms,Linux feature replication,and runtime support for programming languages.The study aims to highlight where improvements are needed and hopefully provides guidance for future research in this area.
关键词
IntelSGX/系统安全/库操作系统/系统调用Key words
Intel SGX/system security/LibOS/system call引用本文复制引用
出版年
2024
国家科技期刊平台
NSTL
万方数据