Saved in:
Bibliographic Details
Main Authors: Gadey, Varun, Goetz, Raphael, Sendner, Christoph, Sovio, Sampo, Dmitrienko, Alexandra
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.11567
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929597678878720
author Gadey, Varun
Goetz, Raphael
Sendner, Christoph
Sovio, Sampo
Dmitrienko, Alexandra
author_facet Gadey, Varun
Goetz, Raphael
Sendner, Christoph
Sovio, Sampo
Dmitrienko, Alexandra
contents Securing sensitive operations in today's interconnected software landscape is crucial yet challenging. Modern platforms rely on Trusted Execution Environments (TEEs), such as Intel SGX and ARM TrustZone, to isolate security sensitive code from the main system, reducing the Trusted Computing Base (TCB) and providing stronger assurances. However, identifying which code should reside in TEEs is complex and requires specialized expertise, which is not supported by current automated tools. Existing solutions often migrate entire applications to TEEs, leading to suboptimal use and an increased TCB. To address this gap, we propose Code Annotation Logic (CAL), a pioneering tool that automatically identifies security sensitive components for TEE isolation. CAL analyzes codebases, leveraging a graph-based approach with novel feature construction and employing a custom graph neural network model to accurately determine which parts of the code should be isolated. CAL effectively optimizes TCB, reducing the burden of manual analysis and enhancing overall security. Our contributions include the definition of security sensitive code, the construction and labeling of a comprehensive dataset of source files, a feature rich graph based data preparation pipeline, and the CAL model for TEE integration. Evaluation results demonstrate CAL's efficacy in identifying sensitive code with a recall of 86.05%, an F1 score of 81.56%, and an identification rate of 91.59% for security sensitive functions. By enabling efficient code isolation, CAL advances the secure development of applications using TEEs, offering a practical solution for developers to reduce attack vectors.
format Preprint
id arxiv_https___arxiv_org_abs_2411_11567
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle GNN-Based Code Annotation Logic for Establishing Security Boundaries in C Code
Gadey, Varun
Goetz, Raphael
Sendner, Christoph
Sovio, Sampo
Dmitrienko, Alexandra
Cryptography and Security
Machine Learning
Securing sensitive operations in today's interconnected software landscape is crucial yet challenging. Modern platforms rely on Trusted Execution Environments (TEEs), such as Intel SGX and ARM TrustZone, to isolate security sensitive code from the main system, reducing the Trusted Computing Base (TCB) and providing stronger assurances. However, identifying which code should reside in TEEs is complex and requires specialized expertise, which is not supported by current automated tools. Existing solutions often migrate entire applications to TEEs, leading to suboptimal use and an increased TCB. To address this gap, we propose Code Annotation Logic (CAL), a pioneering tool that automatically identifies security sensitive components for TEE isolation. CAL analyzes codebases, leveraging a graph-based approach with novel feature construction and employing a custom graph neural network model to accurately determine which parts of the code should be isolated. CAL effectively optimizes TCB, reducing the burden of manual analysis and enhancing overall security. Our contributions include the definition of security sensitive code, the construction and labeling of a comprehensive dataset of source files, a feature rich graph based data preparation pipeline, and the CAL model for TEE integration. Evaluation results demonstrate CAL's efficacy in identifying sensitive code with a recall of 86.05%, an F1 score of 81.56%, and an identification rate of 91.59% for security sensitive functions. By enabling efficient code isolation, CAL advances the secure development of applications using TEEs, offering a practical solution for developers to reduce attack vectors.
title GNN-Based Code Annotation Logic for Establishing Security Boundaries in C Code
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2411.11567