Compiler-Aided Development of Trusted Enclaves with Rust

Dreissig F, Röckl J, Müller T (2022)

Publication Type: Conference contribution

Publication year: 2022

Publisher: Association for Computing Machinery

Conference Proceedings Title: ACM International Conference Proceeding Series

Event location: Vienna, AUT

ISBN: 9781450396707

DOI: 10.1145/3538969.3538972


To optimally utilize Intel SGX, programs must be partitioned into trusted and untrusted parts. Writing the trusted part of a program with Intel's SDK, however, requires manual effort that often becomes an obstacle for programmers. In this work, we investigate how compiler-level tooling can assist with the semi-automatic separation of code into a trusted and an untrusted partition. We present Cadote, a solution that generates SGX enclaves from programs written in Rust. Application developers are expected to mark functions as trusted, for which enclaves are then generated automatically. All other functions remain untrusted and are executed outside Intel SGX in the normal world. We implemented this concept using compiler optimization passes of the LLVM framework. Targeting Rust as input language allows us to benefit from high-level concepts, such as memory safety, which enable us to safely copy function parameters between the normal and trusted world in practice.

Authors with CRIS profile

Involved external institutions

How to cite


Dreissig, F., Röckl, J., & Müller, T. (2022). Compiler-Aided Development of Trusted Enclaves with Rust. In ACM International Conference Proceeding Series. Vienna, AUT: Association for Computing Machinery.


Dreissig, Felix, Jonas Röckl, and Tilo Müller. "Compiler-Aided Development of Trusted Enclaves with Rust." Proceedings of the 17th International Conference on Availability, Reliability and Security, ARES 2022, Vienna, AUT Association for Computing Machinery, 2022.

BibTeX: Download