DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization

  title={DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization},
  author={F. Brasser and Srdjan Capkun and A. Dmitrienko and Tommaso Frassetto and Kari Kostiainen and U. M{\"u}ller and A. Sadeghi},
  • F. Brasser, Srdjan Capkun, +4 authors A. Sadeghi
  • Published 2017
  • Computer Science
  • ArXiv
  • Recent research has demonstrated that Intel's SGX is vulnerable to various software-based side-channel attacks. [...] Key Method We design and implement a compiler-based tool called DR.SGX that instruments enclave code such that data locations are permuted at the granularity of cache lines. We realize the permutation with the CPU's cryptographic hardware-acceleration units providing secure randomization.Expand Abstract
    Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
    • 395
    • PDF
    Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks
    • 59
    • PDF
    The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX
    • 38
    • PDF
    PAC it up: Towards Pointer Integrity using ARM Pointer Authentication
    • 20
    • PDF
    SGX-LKL: Securing the Host OS Interface for Trusted Execution
    • 12
    • PDF
    Preserving Access Pattern Privacy in SGX-Assisted Encrypted Search
    • 9


    Publications referenced by this paper.
    Cache Attacks and Countermeasures: The Case of AES
    • 1,040
    • Highly Influential
    • PDF
    Lest we remember: cold-boot attacks on encryption keys
    • 1,140
    • PDF
    Software protection and simulation on oblivious RAMs
    • 1,355
    • PDF
    TrustVisor: Efficient TCB Reduction and Attestation
    • 557
    • PDF
    New cache designs for thwarting software cache-based side channel attacks
    • 430
    • Highly Influential
    • PDF
    Architectural support for copy and tamper resistant software
    • 467
    • PDF
    Innovative Technology for CPU Based Attestation and Sealing
    • 522
    • PDF
    Software Grand Exposure: SGX Cache Attacks Are Practical
    • 284
    • PDF
    Innovative instructions and software model for isolated execution
    • 728
    • PDF