MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties

Chen，Guoxing1; Zhang，Yinqian2

2022

31st USENIX Security Symposium

Proceedings of the 31st USENIX Security Symposium, Security 2022

4095-4110

AUG 10-12, 2022

null,Boston,MA

SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA

USENIX ASSOC

Remote attestation mechanism enables an enclave to attest its identity (which is usually represented by the enclave's initial code and data) to another enclave. To verify that the attested identity is trusted, one enclave usually includes the identity of the enclave it trusts into its initial data in advance assuming no trusted third parties are available during runtime to provide this piece of information. However, when mutual trust between these two enclaves is required, it is infeasible to simultaneously include into their own initial data the other's identities respectively as any change to the initial data will change their identities, making the previously included identities invalid. In this paper, we propose MAGE, a framework enabling a group of enclaves to mutually attest each other without trusted third parties. Particularly, we introduce a technique to instrument these enclaves so that each of them could derive the others' identities using information solely from its own initial data. We also provide an open-sourced prototype implementation based on Intel SGX SDK, to facilitate enclave developers to adopt this technique.

Corresponding

English

CPCI-S

Shanghai Lingjun Program[21PJ1404900];National Natural Science Foundation of China[62102254];

Computer Science

Computer Science, Information Systems ; Computer Science, Theory & Methods

WOS:000855237506011

2-s2.0-85130373852

Scopus

1.Shanghai Jiao Tong University,China
2.Southern University of Science and Technology,China

Chen，Guoxing,Zhang，Yinqian. MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties[C]. SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA:USENIX ASSOC,2022:4095-4110.