Isolating Operating System Components with Intel SGX

Abstract

In this paper, we present a novel approach on isolating operating system components with Intel SGX. Although SGX has not been designed to work in kernel mode, we found a way of wrapping Linux kernel functionality within SGX enclaves by moving parts of it to user space. Kernel components are strictly isolated from each other such that a vulnerability in one kernel module cannot escalate into compromising the entire kernel. We provide a proof-of-concept implementation which protects an exemplary kernel function, namely full disk encryption, using an Intel SGX enclave. Besides integrity of the disk encryption, our implementation ensures that the confidentiality of the disk encryption key is protected against all software level attacks as well as physical attacks. In addition to the user password, we use a second authentication factor for deriving the encryption key which is stored sealed and bound to the platform. Thus, stealing the hard drive and sniffing the user password is insufficient for an attacker to break disk encryption. Instead, the two factor authentication scheme requires an attacker to additionally obtain the actual machine to be able to break encryption.