Proceedings ArticleDOI
Cache Attacks on Intel SGX
TLDR
It is shown that SGX cannot withstand its designated attacker model when it comes to side-channel vulnerabilities due to the power of root-level attackers by exploiting the accuracy of PMC, which is restricted to kernel code.Abstract:
For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert's elimination method, as well as a cache probing mechanism relying on Intel PMC, we are able to extract the AES secret key in less than 10 seconds by investigating 480 encrypted blocks on average. The AES implementation we attack is based on a Gladman AES implementation taken from an older version of OpenSSL, which is known to be vulnerable to cache-timing attacks. In contrast to previous works on cache-timing attacks, our attack is executed with root privileges running on the same host as the vulnerable enclave. Intel SGX, however, was designed to precisely protect applications against such root-level attacks. As a consequence, we show that SGX cannot withstand its designated attacker model when it comes to side-channel vulnerabilities. To the contrary, the attack surface for side-channels increases dramatically in the scenario of SGX due to the power of root-level attackers, for example, by exploiting the accuracy of PMC, which is restricted to kernel code.read more
Citations
More filters
Proceedings Article
Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution
Jo Van Bulck,Marina Minkin,Ofir Weisse,Daniel Genkin,Baris Kasikci,Frank Piessens,Mark Silberstein,Thomas F. Wenisch,Yuval Yarom,Raoul Strackx +9 more
TL;DR: This work presents Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations and develops a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache.
Software grand exposure: SGX cache attacks are practical
Ferdinand Brasser,U.A. Muller,Alexandra Dmitrienko,Kari Kostiainen,Srdjan Capkun,Ahmad-Reza Sadeghi +5 more
TL;DR: In this article, the authors demonstrate the effectiveness of cache timing attacks against RSA and other cryptographic operations, such as genomic processing, and analyze countermeasures and show that none of the known defenses eliminates the attack.
Book ChapterDOI
Malware Guard Extension: Using SGX to Conceal Cache Attacks
TL;DR: Intel SGX provides a mechanism that addresses this scenario and aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers.
Proceedings ArticleDOI
Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution
Raymond Cheng,Fan Zhang,Jernej Kos,Warren He,Nicholas Hynes,Noah M. Johnson,Ari Juels,Andrew Miller,Dawn Song +8 more
TL;DR: Ekiden as mentioned in this paper is a system that combines blockchains with Trusted Execution Environments (TEEs), and leverages a novel architecture that separates consensus from execution, enabling efficient TEE-backed confidentiality-preserving smart-contracts and high scalability.
Proceedings ArticleDOI
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Wenhao Wang,Guoxing Chen,Xiaorui Pan,Yinqian Zhang,XiaoFeng Wang,Vincent Bindschaedler,Haixu Tang,Carl A. Gunter +7 more
TL;DR: The research identifies 8 potential attack vectors of Intel SGX, and highlights the common misunderstandings about SGX memory side channels, demonstrating that high frequent AEXs can be avoided when recovering EdDSA secret key through a new page channel and fine-grained monitoring of enclave programs can be done through combining both cache and cross-enclave DRAM channels.
References
More filters
Proceedings ArticleDOI
Innovative instructions and software model for isolated execution
Frank Mckeen,Ilya Alexandrovich,Alex Berenzon,Carlos V. Rozas,Hisham Shafi,Vedvyas Shanbhogue,Uday R. Savagaonkar +6 more
TL;DR: This paper analyzes the threats and attacks to applications, then describes the ISA extension for generating a HW based container, and describes the programming model of this container.
Posted Content
Cache attacks and Countermeasures: the Case of AES.
TL;DR: In this article, the authors describe side-channel attacks based on inter-process leakage through the state of the CPU's memory cache, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups.
Book ChapterDOI
Cache attacks and countermeasures: the case of AES
TL;DR: In this article, the authors describe side-channel attacks based on inter-process leakage through the state of the CPU's memory cache, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups.
Posted Content
Intel SGX Explained.
Victor Costan,Srinivas Devadas +1 more
TL;DR: In this article, the authors present a detailed and structured presentation of the publicly available information on SGX, a series of intelligent guesses about some important but undocumented aspects of SGX.
Proceedings ArticleDOI
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
TL;DR: In this article, the authors introduce controlled channel attacks, a new type of sidechannel attack that allows an untrusted operating system to extract large amounts of sensitive information from protected applications on systems like Overshadow, Ink Tag or Haven.