Abstract
As one of the major threats facing Intel SGX, side-channel attacks have been widely researched and disclosed as actual vulnerabilities in recent years, which can severely harm the integrity and confidentiality of programs protected by SGX. Most existing defense schemes are built based on the assumption that the adversary launches attacks from the same core as the victim, which however have been proved insufficient by newly-emerged cross-core side-channel attacks (e.g. CrossTalk). We present Informer, a defensive approach for SGX against side-channel attacks launched from any location, whether the adversary resides in the same physical CPU core as the victim or not. Informer achieves this goal by creating dummy threads that temporarily monopolize all CPU cores when security-critical codes are being executed, which breaks the essential concurrent execution condition of side-channel attacks. A key challenge is to ensure all those threads are scheduled exclusively to occupy all CPU cores even within an untrusted OS. Informer can defend against side-channel attacks from any core, and only incurs 22% performance overhead in OpenSSL. An additional mechanism is designed to reduce the impact on the operating system, as well as an optional extension to reduce the performance overhead brought to other programs.
This work was supported by the National Key R&D Program of China (Award No. 2020YFB1005800) and National Natural Science Foundation of China (Grant No. 61772518).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions, p. 11 (2013)
McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP@ ISCA 10 (2013)
Costan, V., Devadas, S.: Intel SGX explained. IACR Crypt. ePrint Arch. 2016, 86 (2016)
Lipp, M., et al.: Meltdown. ArXiv e-prints (2018)
Kocher, P., et al.: Spectre attacks: exploiting speculative execution. ArXiv e-prints (2018)
Shih, M.W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA (2017)
Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: USENIX Security Symposium (2017)
Chen, S., Zhang, X., Reiter, M.K., Zhang, Y.: Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 7–18. ACM (2017)
Kuvaiskii, D., et al.: SGXBOUNDS: memory safety for shielded execution. In: Proceedings of the Twelfth European Conference on Computer Systems, pp. 205–221. ACM (2017)
Crane, S., Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Thwarting cache side-channel attacks through dynamic software diversity. In: NDSS, pp. 8–11 (2015)
Seo, J., et al.: Sgx-shield: enabling address space layout randomization for sgx programs. In: Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA (2017)
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on aes, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., Fetzer, C.: Varys: protecting SGX enclaves from practical side-channel attacks. In: 2018 USENIX Annual Technical Conference, USENIX ATC 2018, Boston, MA, USA, 11–13 July 2018, pp. 227–240 (2018). https://www.usenix.org/conference/atc18/presentation/oleksenko
Chen, G., et al.: Racing in hyperspace: closing hyper-threading side channels on SGX with contrived data races. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, San Francisco, California, USA, 21–23 May 2018, pp. 178–194. IEEE Computer Society (2018). https://doi.org/10.1109/SP.2018.00024
Lang, F., et al.: E-SGX: effective cache side-channel protection for intel SGX on untrusted OS. In: Wu, Y., Yung, M. (eds.) Inscrypt 2020. LNCS, vol. 12612, pp. 221–243. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-71852-7_15
CrossTalk. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
Intel: Intel Software Guard Extensions Programming Reference (2014). reference no. 329298–002US
Guide, P.: Intel® 64 and ia-32 architectures software developer’s manual (2016)
Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical, p. 33. arXiv preprint arXiv:1702.07521 (2017)
Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: Using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_1
Götzfried, J., Eckert, M., Schinzel, S., Müller, T.: Cache attacks on intel sgx (2017)
Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, l3 cache side-channel attack. In: Usenix Conference on Security Symposium (2014)
Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+flush: a fast and stealthy cache attack. In: Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, DIMVA 2016, San Sebastián, Spain, 7–8 July 2016, Proceedings, pp. 279–299 (2016). https://doi.org/10.1007/978-3-319-40667-1_14
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006, San Jose, CA, USA, 13–17 February 2006, Proceedings, pp. 1–20 (2006). https://doi.org/10.1007/11605805_1
Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 640–656. IEEE (2015)
Wang, W., Chen, G., Pan, X., Zhang, Y., Wang, X., Bindschaedler, V.: Leaky cauldron on the dark land: Understanding memory side-channel hazards in sgx. In: Conference on Computer and Communications Security: Proceedings of the Conference on Computer and Communications Security. ACM Conference on Computer and Communications Security (2019)
Schwarz, M., et al.: Zombieload: cross-privilege-boundary data sampling. In: The 2019 ACM SIGSAC Conference (2019)
van Schaik, S., et al.: RIDL: rogue in-flight data load. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, 19–23 May 2019, pp. 88–105. IEEE (2019). https://doi.org/10.1109/SP.2019.00087
van Schaik, S., Minkin, M., Kwong, A., Genkin, D., Yarom, Y.: Cacheout: leaking data on intel cpus via cache evictions. CoRR abs/2006.13353 (2020). https://arxiv.org/abs/2006.13353
Bulck, J.V., et al.: Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution. In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 991–1008 (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/bulck
van Schaik, S., Kwong, A., Genkin, D., Yarom, Y.: Sgaxe: how sgx fails in practice (2020). http://cacheoutattack.com/files/SGAxe.pdf
Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 605–622. IEEE Computer Society, Los Alamitos (2015). https://doi.org/10.1109/SP.2015.43
Disselkoen, C., Kohlbrenner, D., Porter, L., Tullsen, D.M.: Prime+abort: a timer-free high-precision L3 cache attack using intel TSX. In: 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 51–67 (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/disselkoen
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Lang, F., Wang, W., Meng, L., Wang, Q., Lin, J., Song, L. (2021). Informer: Protecting Intel SGX from Cross-Core Side Channel Threats. In: Gao, D., Li, Q., Guan, X., Liao, X. (eds) Information and Communications Security. ICICS 2021. Lecture Notes in Computer Science(), vol 12918. Springer, Cham. https://doi.org/10.1007/978-3-030-86890-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-86890-1_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86889-5
Online ISBN: 978-3-030-86890-1
eBook Packages: Computer ScienceComputer Science (R0)