Pagoda: Towards Binary Code Privacy Protection with SGX-based Execute-Only Memory

Code disclosure remains a huge threat to the intellectual property (IP) of any software that is deployed in a remote, untrusted environment. In this threat model, attackers have complete control over the software stack, so software-only solutions for preventing code disclosure have been doomed to fail. A natural alternative is to employ trusted hardware, e.g., an enclave-based architecture such as Intel SGX. However, existing SGX frameworks assume the target application is in the trusted computing base, i.e., free of vulnerabilities which can be exploited to leak code. Making matters worse, simply porting to an enclave-based paradigm is impractical for enterprise-scale applications, incurring large performance overheads and compatibility issues.In this paper, we take a first step towards building a practical, SGX-based code privacy enforcement framework called Pagoda that supports unmodified applications with minimal performance overhead. The key insight of Pagoda is that placing only application code within the enclave prevents arbitrary code accesses, and at the same time avoids the usual performance and compatibility issues stemming from protecting data within enclaves. Pagoda achieves code privacy throughout the application’s lifetime, by loading and decrypting encrypted binaries into the enclave, and enforcing eXecute-Only-Memory (XOM) to block arbitrary accesses to the private code during its execution.We have built a prototype of Pagoda for Linux-based systems on Intel SGX. The performance evaluation on SPEC CPU2017 benchmarks shows that Pagoda incurs an average of 2.1% performance overhead when compared to native runs. To demonstrate its compatibility, we show that Pagoda can run a wide range of applications, from common server applications such as Lighttpd and Memcached, to complicated graphical applications such as Quake without any source code modification.