OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX

Program obfuscation is a popular cryptographicconstruct with a wide range of uses such as IP theft prevention. Althoughcryptographic solutions for program obfuscation imposeimpractically high overheads, a recent breakthrough leveragingtrusted hardware has shown promise. However, the existingsolution is based on special-purpose trusted hardware, restrictingits use-cases to a limited few.In this paper, we first study if such obfuscation is feasiblebased on commodity trusted hardware, Intel SGX, and weobserve that certain important security considerations are notafforded by commodity hardware. In particular, we found thatexisting obfuscation/obliviousness schemes are insecure if directlyapplied to Intel SGX primarily due to side-channel limitations.To this end, we present OBFUSCURO, the first system providingprogram obfuscation using commodity trusted hardware, IntelSGX. The key idea is to leverage ORAM operations to performsecure code execution and data access. Initially, OBFUSCUROtransforms the regular program layout into a side-channel-secureand ORAM-compatible layout. Then, OBFUSCURO ensuresthat its ORAM controller performs data oblivious accesses inorder to protect itself from all memory-based side-channels.Furthermore, OBFUSCURO ensures that the program is securefrom timing attacks by ensuring that the program always runsfor a pre-configured time interval. Along the way, OBFUSCUROalso introduces a systematic optimization such as register-basedORAM stash. We provide a thorough security analysis ofOBFUSCURO along with empirical attack evaluations showingthat OBFUSCURO can protect the SGX program execution frombeing leaked by access pattern-based and timing-based channels.We also provide a detailed performance benchmark results inorder to show the practical aspects of OBFUSCURO.