SGX-LKL: Linux Binaries in SGX Enclaves

SGX-LKL is a library OS designed to run unmodified Linux binaries inside SGX enclaves. It uses the Linux Kernel Library (LKL) (https://github.com/lkl/linux) to provide mature system support for complex applications within the enclave. SGX-LKL has support for in-enclave user-level threading, signal handling, and paging. System calls are handled within the enclave by LKL when possible, and asynchronous system call support is provided for the subset of system calls that require direct access to external resources and are therefore processed by the host OS. The goal of SGX-LKL is to provide system support for complex applications and managed runtimes such as the JVM with minimal or no modifications and minimal reliance on the host OS.

SGX-LKL is available on GitHub: https://github.com/lsds/sgx-lkl

Categories
Systems Security
Team
Christian Priebe (Apple, UK)
Dan O'Keeffe (Royal Holloway University, UK)
Divya Muthukumaran (SimplyBusiness, UK)
Joshua Lind (Facebook, US)
Pierre-Louis Aublin (Keio University, Japan)
Shujie Cui (Monash University, Australia)

Related Publications

rkt-io: A Direct I/O Stack for Shielded Execution
Jörg Thalheim, Harshavardhan Unnibhavi, Christian Priebe, Pramod Bhatotia, and Peter Pietzuch
ACM European Conference on Computer Systems (EuroSys), 2021
Spons and Shields: Practical Isolation for Trusted Execution
Vasily A. Sartakov, Daniel O'Keeffe, David Eyers, Lluís Vilanova, and Peter Pietzuch
17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), 2021