Intel SGX enables memory isolation and static integrity verification of code
and data stored in user-space memory regions called enclaves. SGX effectively
shields the execution of enclaves from the underlying untrusted OS. Attackers
cannot tamper nor examine enclaves' content. However, these properties equally
challenge defenders as they are precluded from any provenance analysis to infer
intrusions inside SGX enclaves. In this work, we propose SgxMonitor, a novel
provenance analysis to monitor and identify anomalous executions of enclave
code. To this end, we design a technique to extract contextual runtime
information from an enclave and propose a novel model to represent enclaves'
intrusions. Our experiments show that not only SgxMonitor incurs an overhead
comparable to traditional provenance tools, but it also exhibits
macro-benchmarks' overheads and slowdowns that marginally affect real use cases
deployment. Our evaluation shows SgxMonitor successfully identifies enclave
intrusions carried out by the state of the art attacks while reporting no false
positives and negatives during normal enclaves executions, thus supporting the
use of SgxMonitor in realistic scenarios.Comment: 16 pages, 8 figure
