Network administrators face a security-critical dilemma. While they want to tightly contain their hosts, they usually have to relax firewall policies to support a large variety of applications. However, liberal policies like this enable data exfiltration by unknown (and untrusted) client applications. An inability to attribute communication accurately and reliably to applications is at the heart of this problem. Firewall policies are restricted to coarse-grained features that are easy to evade and mimic, such as protocols or port numbers.
We present SENG, a network gateway that enables firewalls to reliably attribute traffic to an application. SENG shields an application in an SGX-tailored LibOS and transparently establishes an attestation-based DTLS channel between the SGX enclave and the central network gateway. Consequently, administrators can perfectly attribute traffic to its originating application, and thereby enforce fine-grained per-application communication policies at a central firewall. Our prototype implementation demonstrates that SENG (i) allows administrators to readily use their favorite firewall to enforce network policies on a certified per-application basis and (ii) prevents local system-level attackers from interfering with the shielded application's communication.
History
Preferred Citation
Fabian Schwarz and Christian Rossow. SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients. In: Usenix Security Symposium (USENIX-Security). 2020.
Primary Research Area
Threat Detection and Defenses
Name of Conference
Usenix Security Symposium (USENIX-Security)
Legacy Posted Date
2020-06-22
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_3119,
title = "SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients",
author = "Schwarz, Fabian and Rossow, Christian",
booktitle="{Usenix Security Symposium (USENIX-Security)}",
year="2020",
}