• Corpus ID: 310483

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing

  title={Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing},
  author={Sangho Lee and Ming-Wei Shih and Prasun Gera and Taesoo Kim and Hyesoon Kim and Marcus Peinado},
  booktitle={USENIX Security Symposium},
Intel has introduced a hardware-based trusted execution environment, Intel Software Guard Extensions (SGX), that provides a secure, isolated execution environment, or enclave, for a user program without trusting any underlying software (e.g., an operating system) or firmware. Researchers have demonstrated that SGX is vulnerable to a page-fault-based attack. However, the attack only reveals page-level memory accesses within an enclave. In this paper, we explore a new, yet critical, side… 

SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control

SGX-Step, an open-source Linux kernel framework that allows an untrusted host process to configure APIC timer interrupts and track page table entries directly from user space, is presented and an improved approach to single-step enclaved execution at instruction-level granularity is contributed and evaluated.

Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization

This work proposes a new defense against branch-shadowing, based on control flow randomization, which is inspired by Zigzagger, but provides quantifiable security guarantees with respect to a tunable security parameter.

Klotski: Efficient Obfuscated Execution against Controlled-Channel Attacks

Klotski, an efficient obfuscated execution technique to defeat the controlled-channel attacks with a tunable trade-off between security and performance, is proposed and Evaluation results show that Klotski is secure against controlled-Channel attacks and its performance overhead much lower than previous solutions.

Interface-Based Side Channel Attack Against Intel SGX

This paper explores a new, yet critical side channel attack in SGX, interface-based sideChannel attack, which can infer the information of the enclave input data and proposes some countermeasures to defense the interface- based side channels attack inSGX-assisted applications.

SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution

This paper presents SgxPectre Attacks (the SGX-variants of Spectre attacks) that exploit speculative execution side-channel vulnerabilities to subvert the confidentiality of SGX enclaves, and suggests that nearly any enclave program could be vulnerable to these attacks.

SGXlinger: A New Side-Channel Attack Vector Based on Interrupt Latency Against Enclave Execution

This paper discovers a new attack vector SGXlinger to disclose information inside the protected program, and it is the first time that the interrupt latency is leveraged as a side-channel.

Time and Order: Towards Automatically Identifying Side-Channel Vulnerabilities in Enclave Binaries

A NABLEPS is presented, a tool to automate the detection of side-channel vulnerabilities in enclave binaries, considering both order and time, and leverages concolic execution and fuzzing techniques to generate input sets for an arbitrary enclave program.

Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX

A new pattern history table (PHT) based side-channel attack against SGX named Bluethunder is explored, which can bypass existing protection techniques and reveal the secret information inside an enclave with low training overhead.

CopyCat: Controlled Instruction-Level Attacks on Enclaves

This work proposes an innovative controlled-channel attack, named CopyCat, that deterministically counts the number of instructions executed within a single enclave code page, and demonstrates the improved resolution and practicality of CopyCat on Intel SGX in an extensive study of single-trace and deterministic attacks against cryptographic implementations.



T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

T-SGX is implemented as a compiler-level scheme to automatically transform a normal enclave program into a secured enclave program without requiring manual source code modification or annotation, and is an order of magnitude faster than the state-of-the-art mitigation schemes.

Raccoon: Closing Digital Side-Channels through Obfuscated Execution

This paper presents a method of defending against a broad class of side-channel attacks, which it is argued about the correctness and security of the compiler transformations and demonstrates that the transformations are safe in the context of a modern processor.

Preventing Page Faults from Telling Your Secrets

This paper shows that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many case-studies.

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs

SGX-Shield is built on a secure in-enclave loader to secretly bootstrap the memory space layout with a finer-grained randomization and shows a high degree of randomness in memory layouts and stops memory corruption attacks with a high probability.

High-Resolution Side Channels for Untrusted Operating Systems

Two new side channels for an untrusted OS are presented which use timer interrupts and cache misses to achieve higher temporal and spatial resolution than the page-fault channel and enable successful attacks against new SGX applications such as VC3 that were designed not to trust the OS.

Jump over ASLR: Attacking branch predictors to bypass ASLR

This paper develops an attack to derive kernel and user-level ASLR offset using a side-channel attack on the branch target buffer (BTB) and describes several possible protection mechanisms, both in software and in hardware.

Practical Timing Side Channel Attacks against Kernel Space ASLR

This paper shows that an adversary can implement a generic side channel attack against the memory management system to deduce information about the privileged address space layout and can successfully circumvent kernel space ASLR on current operating systems.

Preventing Your Faults From Telling Your Secrets: Defenses Against Pigeonhole Attacks

This paper shows that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt --- leaking 27% on average and up to 100% of the secret bits in many case-studies.

UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages

UniSan is proposed, a novel, compiler-based approach to eliminate all information leaks caused by uninitialized read in the OS kernel, and can successfully prevent 43 known and many new uninitialized data leak vulnerabilities.

Moat: Verifying Confidentiality of Enclave Programs

A new approach to formally model these primitives and formally verify properties of so-called enclave programs that use SGX, and introduces Moat, a tool which formally verifies confidentiality properties of applications running on SGX.