These document summarizes and redirects to important sub-documents for installing and exercising the artifact.
We provide three options to install the artifcat. You can choose the one that most fits their needs.
We provide the Docker at this link:
https://drive.google.com/file/d/15BCcA4s6VG7YG2V0PkiekITkJdY9fZHE/view?usp=sharing
MD5 002ff18bd9741c87145bd486dc50441f
Once downloaded sgx-monitor-artifact.tar.gz, follow these commands to load and
run the container:
docker load < sgx-monitor-artifact.tar.gz
docker run -it --device=/dev/isgx sgx-monitor-docker
Alternatively, one can build and run the docker from scratch with:
./run_docker.sh
docker run -it --device=/dev/isgx sgx-monitor-docker
NOTE: the host machine needs the Intel SGX Legacy driver (https://github.com/intel/linux-sgx-driver). We succesfully tested the artifcat with last version.
From here, please follow the instruction in usage.
We organize the artifact upon the evaluation section (Section 7). However, we did not strictly follow the evaluation section for technical reasons (i.e., we need models to verify the enclave execution). Each step in the artifact evaluation specifies which experiment in Section 7 it refers to.
The main folder in the docker container is /sgxmonitor-src. We assume all the
relative paths and the main commands are fired from this directory.
Once enter in the docker, compile all the enclave by running this command:
./run_compileall.sh
This operation should take max 10 minutes.
The script kicks the symbolic execution. This part might take few hours.
./run_analysis.sh
Important: We implement timeout for the symbolic execution through
@timeout_decorator.timeout of Python. However, we observed that this approach
sometime does not stop the execution. This bug is over our control. Therefore,
if the analysis does not stop after 3 hours (or the machine memory reaches 100%
-- top), we strongly suggest stopping the execution (i.e., Ctrl+C) and use
the pre-compiled models, that can be installed with the following command:
./get_precompiled_model.sh
Once obtained the models, you can print the content of Table 2 with the following script:
./plot_table_coverage.sh
From the folder /sgxmonitor-src, run the following command for obtaining the results in Figure 4.
./run_microbenchmark.sh
This command should take less than an hour to complete.
Only for remote machine: If you are in the remote machine, the host contains this script:
./download_images_from_docker.sh
It will automatically download all the images from the running Docker.
From the folder /sgxmonitor-src, run the following command for obtaining the results in Figure 5.
./run_macrobenchmark.sh
This command should take less than an hour to complete.
Note: Since VLC and SGX-Biniax2 require human-interaction, we include only StealthDB benchmark. We will include detailed documentation to install and try the other prototypes independently.
Only for remote machine: If you are in the remote machine, the host contains this script:
./download_images_from_docker.sh
It will automatically download all the images from the running Docker.
We provide scripts to replicate the attacks in Section 7.1.1.
SnakeGX:
Run this command:
./run_snakegxeval.sh
The standard output should containd this message:
[ERROR] Edges [edges-norm.txt] NOT match the model [data_snakegx/model-n.txt]
ShadowStack attack:
Run this script:
./run_shadowstackeval.sh
The standard output should contain this message:
[ERROR] Edges [/sgxmonitor-src/src/monitor_toplaywith/edges.txt] NOT match the model [data_security/model-n.txt]
The runtime return address is not coherent with the shadowstack value
Run this script to produce Table 3 in Appendix B:
./run_statistc_analysis.sh
Shield:
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
