JE provides language-level abstractions to write Java applications that can run with Intel SGX. Parts of the program to be run inside the SGX can be specified using JE annotations. JE uses an implicit security type system to detect invalid information flows. Example:
@Enclave
class Enclave {
@Secret
private static String password;
@Gateway
public static Boolean checkPassword(String guess) {
return declassify(password.equals(guess));
}
}
The class-level @Enclave annotation denotes that the annotated class should be placed inside the enclave. The field-level @Secret annotation denotes secret fields whose values must not leak outside the SGX enclave. The @Gateway annotation specifies methods which are accessible from the non-enclave environment
More examples are provided in /test-cases/src/je/de/tuda/prg
- Visit https://www.cs.cornell.edu/jif/ and download the zip file of Jif 3.5
- Unzip the file and install Jif following the installation steps provided in the README file
- We refer to the Jif root directory (it is the directory unzipped in the step 2) as
$JIF_HOME - Compile the principals in the
$JIF_HOME/tests/jif/principals/according to the README file
- Visit https://download.01.org/intel-sgx/sgx-linux/2.9.1/docs/Intel_SGX_Installation_Guide_Linux_2.9.1_Open_Source.pdf and install the SGX drivers.
3. Install Maven
- Make sure that you have the JAVA_HOME environment variable set to JDK 9 or higher.
- Change to the root directory of the project.
- Run
mvn package - A jar file named
je-to-jiff-compiler-jar-with-dependencies.jarwill be compiled in the/je-to-jiff-compiler/targetdirectory.
- Make sure that JDK 8 is in your system path.
- In the compile.sh file, set the
JIF_HOMEvariable. (the same as described in the Jif installation process above) - Run
./compile.sh <path-to-the-JE-files>