SecureLease: Maintaining Execution Control in The Wild using Intel SGX

Introduction

Intel SGX, a trusted execution environment from Intel, supports confidential execution in its latest variant SGXv2, and in addition integrity and freshness in SGXv1. Due to the security guarantees, the operating system, or OS, is not a part of the TCB. This restricts many software level features that are available in a traditional OS.

One other such limitation is the lack of execution control. Execution control is the ability to control the execution of an application on a remote system. Although an attacker cannot modify an SGX-targeted application. She is free to execute as many times as possible. A naive solution is to use a remote attestation to verify the application’s integrity and check necessary permissions before every execution. However, this is not scalable as it requires a round trip to the remote server – more than a second. This is not acceptable for many applications where the execution time is in the order of milliseconds or a large of number of execution verifications are required such as license checks for software extensions.

SecureLease is a middleware that provides execution control to the application in the wild. It is a software-only solution that does not require any hardware modification.