Automated Intel SGX integration for enhanced application security

Nowadays, many chip manufacturers offer various Trusted Execution Environment (TEE) implementations to protect the critical data and the algorithms in hardware. One of Intel’s answers to the TEE race is SGX (Software Guard Extensions), which enables the creation of hardware-encrypted memory areas known as enclaves. Although it promises a high-security level, it still requires expertise, effort, and time to convert a traditional application into an SGX-enabled one. This paper proposes a novel approach to generate enclaves from existing C/C++ applications automatically. Our strategy involves annotating the sensitive code to be protected, which is then statically analyzed and modified to comply with all the SGX requirements. Our approach does not require the user’s prior knowledge of the SGX platform. The framework automatically identifies and implements all the required modifications of the target application source code to make it compatible with the SGX toolchain. In addition, it is fast and can port big applications containing hundreds of functions in mere minutes, as we proved experimentally.