Abstract
Cache side-channels are among the major weaknesses of Intel SGX. We mitigate this weakness with E-SGX, an effective defensive approach against all known access-driven/trace-driven cache side-channel attacks from privileged code. The core idea of E-SGX is to monopolize the whole CPU during security-critical executions, breaking the concurrent execution condition of access-driven/trace-driven cache side-channel attacks. To achieve this, E-SGX employs several SGX threads within the same enclave: one application thread and a few dummy threads together hold all CPU cores. A key challenge is to ensure all those enclave threads are scheduled exclusively to occupy all CPU cores with an untrusted OS scheduler. E-SGX addresses this challenge by providing effective mechanisms to detect violations of exclusive scheduling: challenge-response check of dummy threads aliveness and detection of asynchronous enclave exits, both performed with a carefully selected period. Comparing to existing approaches, E-SGX is capable of defending against access-driven/trace-driven cache side-channel attacks not only from the sibling logical core but from across all physical cores.
This work was supported by National Cryptography Development Fund (Award No. MMJJ20180221) and National Natural Science Foundation of China (Grant No. 61772518).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
cpufreqd. http://manpages.ubuntu.com/manpages/precise/man8/cpufreqd.8.html
CrossTalk. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
mbed TLS. https://tls.mbed.org
Nginx. http://nginx.org
Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13 (2013)
Brasser, F., et al.: DR.SGX: hardening SGX enclaves against cache attacks with data location randomization. CoRR abs/1709.09917 (2017), http://arxiv.org/abs/1709.09917
Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. arXiv preprint arXiv:1702.07521, p. 33 (2017)
Bulck, J.V., et al.: Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution. In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15–17, 2018, pp. 991–1008 (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/bulck
Canella, C., et al.: Fallout: leaking data on meltdown-resistant cpus. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11–15, 2019. pp. 769–784. ACM (2019). https://doi.org/10.1145/3319535.3363219
Chen, G., et al.: Racing in hyperspace: closing hyper-threading side channels on SGX with contrived data races. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA (2018). https://doi.org/10.1109/SP.2018.00024
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085 (2018)
Chen, S., Zhang, X., Reiter, M.K., Zhang, Y.: Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 7–18. ACM (2017)
Costan, V., Devadas, S.: Intel SGX Explained. IACR Cryptology ePrint Archive 2016, 86 (2016)
Crane, S., Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Thwarting cache side-channel attacks through dynamic software diversity. In: NDSS, pp. 8–11 (2015)
Disselkoen, C., Kohlbrenner, D., Porter, L., Tullsen, D.M.: Prime+abort: A timer-free high-precision L3 cache attack using intel TSX. In: 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16–18, 2017. pp. 51–67 (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/disselkoen
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM 43(3), 431–473 (1996). https://doi.org/10.1145/233551.233553
Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: USENIX Security Symposium (2017)
Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+flush: a fast and stealthy cache attack. In: Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7–8, 2016, Proceedings, pp. 279–299 (2016). https://doi.org/10.1007/978-3-319-40667-1_14
Götzfried, J., Eckert, M., Schinzel, S., Müller, T.: Cache attacks on intel SGX (2017)
Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions, p. 11 (2013)
Intel: Intel Software Guard Extensions Programming Reference, October 2014, reference no. 329298–002US
Koc, C.K., Acar, T.: Montgomery multiplication in GF (2k). Designs, Codes and Cryptography 14(1), 57–69 (1998)
Kocher, P., et al.: Spectre Attacks: Exploiting Speculative Execution. ArXiv e-prints (2018)
Kuvaiskii, D., et al.: SGXBOUNDS: Memory safety for shielded execution. In: Proceedings of the Twelfth European Conference on Computer Systems, pp. 205–221. ACM (2017)
Lipp, M., et al.: Meltdown. ArXiv e-prints (2018)
Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 605–622. IEEE Computer Society, Los Alamitos, CA, USA (may 2015). https://doi.org/10.1109/SP.2015.43, https://doi.ieeecomputersociety.org/10.1109/SP.2015.43
Marshall, A., Howard, M.: Security best practices for developing windows azure applications (2010)
McKeen, F., et al.: Innovative instructions and software model for isolated execution. HASP@ ISCA 10 (2013)
Moghimi, A., Irazoqui, G., Eisenbarth, T.: Cachezoom: how SGX amplifies the power of cache attacks (2017)
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., Fetzer, C.: Varys: protecting SGX enclaves from practical side-channel attacks. In: 2018 USENIX Annual Technical Conference, USENIX ATC 2018, Boston, MA, USA, July 11–13, 2018, pp. 227–240 (2018). https://www.usenix.org/conference/atc18/presentation/oleksenko
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006, San Jose, CA, USA, February 13–17, 2006, Proceedings. pp. 1–20 (2006). https://doi.org/10.1007/11605805_1
Rajwar, R., Dixon, M.: Intel transactional synchronization extensions. In: Intel Developer Forum San Francisco, vol. 2012 (2012)
Rane, A., Lin, C., Tiwari, M.: Raccoon: closing digital side-channels through obfuscated execution. In: 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12–14, 2015, pp. 431–446 (2015). https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/rane
van Schaik, S., Kwong, A., Genkin, D., Yarom, Y.: Sgaxe: How sgx fails in practice (2020). http://cacheoutattack.com/files/SGAxe.pdf
van Schaik, S., et al.: RIDL: rogue in-flight data load. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19–23, 2019, pp. 88–105. IEEE (2019). https://doi.org/10.1109/SP.2019.00087
Schwarz, M., et al.: Zombieload: cross-privilege-boundary data sampling. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11–15, 2019, pp. 753–768. ACM (2019). https://doi.org/10.1145/3319535.3354252
Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_1
Seo, J., et al.: SGX-shield: enabling address space layout randomization for SGX programs. In: Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA (2017)
Shih, M.W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA (2017)
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)
Wang, W., Chen, G., Pan, X., Zhang, Y., Wang, X.: Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: the 2017 ACM SIGSAC Conference (2017)
Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, l3 cache side-channel attack. In: Usenix Conference on Security Symposium (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Implementation Code
A Implementation Code
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Lang, F. et al. (2021). E-SGX: Effective Cache Side-Channel Protection for Intel SGX on Untrusted OS. In: Wu, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2020. Lecture Notes in Computer Science(), vol 12612. Springer, Cham. https://doi.org/10.1007/978-3-030-71852-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-71852-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71851-0
Online ISBN: 978-3-030-71852-7
eBook Packages: Computer ScienceComputer Science (R0)