cocoppang / shieldstore Goto Github PK
View Code? Open in Web Editor NEWTrusted in-memory key-value store based on ShieldStore which is published in EuroSys 2019
Trusted in-memory key-value store based on ShieldStore which is published in EuroSys 2019
Hey,
I get this error when I try to compile your source using the provided instructions.
/linux-sgx/sdk/gperftools/gperftools-2.5/src/tcmalloc.cc:567: undefined reference to `operator delete(void*, unsigned long)'
I am using the Linux SDK v1.8 linked in your readme.
Can you please let me know what this issue could be about?
Thanks!
Adil
Hi,
I think you have a time of check to time of use bug.
in enclave_append
and enclave_set
you verify the existing integrity of the hash bin, before you update the list. And than you recalculate a new mac for the bin, with the changed list.
An attacker could insert or delete entries between the check and the recalculation of the hash.
Please correct me if I am wrong.
Thanks,
Maurice
Hi,
We found a buffer overflow and a infomation leak in Enclave/Enclave.cpp.
There is a global variable "Arg arg_enclave;" in enclave and it is initialized in ecall "enclave_init_values". However it value is copyed from "arg" which is untrusted.
We found a member variable in structure "Arg" called "int max_buf_size;". Then we search the code to find where "max_buf_size" is used. We found two patterns:
First is like this "memset(cipher, 0, arg_enclave.max_buf_size);". For example it is used in "enclave_get", while the parametre "cipher" refers to the buf in "enclave_process", and its size is a constant(4125). So, arg_enclave.max_buf_size can be larger than the buffer size.
Second pattern is "message_return(cipher, arg_enclave.max_buf_size, client_sock);". Function "message_return" is an ocall which writes cipher to client_sock.
In function "enclave_message_pass" cipher is introduced from data which is original from "HotCall* hotEcall". While "hotEcall" is transferd from untrusted part.
So, attacker can set cipher points to arbitrary address in encalve and set client_sock to sdtout that will leak information in encalve.
Thanks,
yudhui
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.