Accessing the untrusted memory

40 views
Skip to first unread message

Cláudio José Pereira Correia

unread,
Oct 22, 2019, 11:25:04 AM10/22/19
to Asylo Users
Hello,

I would like to know if it is possible to access the untrusted memory zone from within the enclave using the Google Asylo framework. 
I know it is possible to do this using the “user_check” parameter of the Intel SGX SDK, where you can pass a memory pointer into the enclave. 
I was wondering if it is possible to do this using Asylo?

I looked at the documentation and examples, but couldn't find an answer to my question.

Cheers,
Cláudio Correia

Dionna Amalie Glaze

unread,
Oct 22, 2019, 11:51:26 AM10/22/19
to Cláudio José Pereira Correia, Asylo Users
The way we've done this before is to cast an untrusted pointer to a uint64 in a message to the enclave, then reinterpret_cast to the expected type. We don't have an IDL like edger8r since our entry points all pass protocol buffers. This kind of unfettered access to untrusted memory assumes that the enclave and host are in the same address space, which is not a requirement of our backend model. For this reason, we no longer have such access patterns in Asylo.

For portability, I would recommend that you use sockets for asynchronous message delivery. 

--
Visit asylo.dev for the latest information.
---
You received this message because you are subscribed to the Google Groups "Asylo Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to asylo-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/eb6bd538-9a51-49bc-ade2-fa9da45102e8%40googlegroups.com.


--
-Dionna Glaze, PhD (she/her)
Reply all
Reply to author
Forward
0 new messages