Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
Pages 1 - 12
Abstract
Systems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core side-channel attacks. Redesigning the memory hierarchy based on enclave ownership protects enclaves against inter-core side-channel attacks. We implement this system and evaluate it in terms of communication performance, memory overhead and hardware area. Combining physical isolation and a redesigned memory hierarchy protects enclaves against all known software-based side-channel attacks.
Supplementary Material
This video is about the paper titled "Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation." The presenter, Marno van der Maas, is a PhD Candidate at the University of Cambridge, and he studies secure computer architectures. This paper presents a complete system for isolating enclaves onto secure cores while normal applications are run on faster cores. Physically isolating enclaves protects them against intra-core side-channel attacks even when these attacks are attempted by privileged code like an operating system. For more details, please refer to the paper at this URL: https://doi.org/10.1145/3411505.3418437 The source code for this work can be found here: https://github.com/marnovandermaas/praesidio-sdk For any questions or comments, please contact: M a r n o . v a n - d e r - M a a s (at the domain) c l . c a m . a c . u k
- Download
- 2158.49 MB
References
[1]
Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, Vol. 13. Citeseer, ACM, New York, NY, USA, 7.
[2]
Atri Bhattacharyya, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Babak Falsafi, Mathias Payer, and Anil Kurmus. 2019. SMoTherSpectre: exploiting speculative execution through port contention. CoRR, Vol. abs/1903 (2019), 01843.arxiv: 1903.01843 https://arxiv.org/abs/1903.01843
[3]
Thomas Bourgeat, Ilia A. Lebedev, Andrew Wright, Sizhuo Zhang, Arvind, and Srinivas Devadas. 2019. MI6: Secure Enclaves in a Speculative Out-of-Order Processor. In Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2019, Columbus, OH, USA, October 12-16, 2019. ACM, New York, NY, USA, 42--56. https://doi.org/10.1145/3352460.3358310
[4]
S. Bush. 2009. ARM's Cortex-M0 processor -- how it works. https://www.electronicsweekly.com/news/products/micros/arms-cortex-m0-processor-how-it-works-2009-03/
[5]
Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2018. A Systematic Evaluation of Transient Execution Attacks and Defenses. CoRR, Vol. abs/1811 (2018), 05441.arxiv: 1811.05441 https://arxiv.org/abs/1811.05441
[6]
David Champagne and Ruby B. Lee. 2010. Scalable architectural support for trusted software. In 16th International Conference on High-Performance Computer Architecture (HPCA-16 2010), 9-14 January 2010, Bangalore, India, Matthew T. Jacob, Chita R. Das, and Pradip Bose (Eds.). IEEE Computer Society, Los Alamitos, CA, USA, 1--12. https://doi.org/10.1109/HPCA.2010.5416657
[7]
Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek. 2011. Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In APSys '11 Asia Pacific Workshop on Systems, Shanghai, China, July 11-12, 2011, Haibo Chen, Zheng Zhang, Sue Moon, and Yuanyuan Zhou (Eds.). ACM, New York, NY, USA, 5. https://doi.org/10.1145/2103799.2103805
[8]
Intel Coorporation. 2016. Intel 64 and IA-32 architectures optimization reference manual. https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf
[9]
Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive, Vol. 2016 (2016), 86. https://eprint.iacr.org/2016/086
[10]
Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, https://www.usenix.org/, 857--874. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costan
[11]
Max Doblas, Ioannis-Vatistas Kostalabros, Miquel Moretó, and Carles Hernández. 2020. Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors. ISCA 2020, Vol. 47th edition (May 2020), 1--7.
[12]
Morris J. Dworkin. 2015. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Technical Report FIPS PUB 202. National Institute of Standards and Technology, 100 Bureau Drive, Stop 8900, Gaithersburg, MD 20899-8900. https://www.nist.gov/publications/sha-3-standard-permutation-based-hash-and-extendable-output-functions
[13]
Hadi Esmaeilzadeh, Emily R. Blem, René e St. Amant, Karthikeyan Sankaralingam, and Doug Burger. 2011. Dark silicon and the end of multicore scaling. In 38th International Symposium on Computer Architecture (ISCA 2011), June 4-8, 2011, San Jose, CA, USA, Ravi Iyer, Qing Yang, and Antonio Gonzá lez (Eds.). ACM, New York, NY, USA, 365--376. https://doi.org/10.1145/2000064.2000108
[14]
Dmitry Evtyushkin. 2017. Secure Program Execution Through Hardware-Supported Isolation . Ph.D. Dissertation. Graduate School of State University of New York at Binghamton. https://search.proquest.com/docview/2007563667
[15]
Dmitry Evtyushkin, Jesse Elwell, Meltem Ozsoy, Dmitry V. Ponomarev, Nael B. Abu-Ghazaleh, and Ryan Riley. 2014. Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution. In 47th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2014, Cambridge, United Kingdom, December 13-17, 2014. IEEE Computer Society, Los Alamitos, CA, USA, 190--202. https://doi.org/10.1109/MICRO.2014.25
[16]
Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TRRespass: Exploiting the Many Sides of Target Row Refresh. CoRR, Vol. abs/2004 (2020), 01807.arxiv: 2004.01807 https://arxiv.org/abs/2004.01807
[17]
Andrei Frumusanu. 2018. The iPhone XS & XS Max Review: Unveiling the Silicon Secrets. https://www.anandtech.com/show/13392/the-iphone-xs-xs-max-review-unveiling-the-silicon-secrets/
[18]
Alexandre Joannou, Jonathan Woodruff, Robert Kovacsics, Simon W. Moore, Alex Bradbury, Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks Davis, Edward Napierala, John Baldwin, Khilan Gudka, Peter G. Neumann, Alfredo Mazzinghi, Alex Richardson, Stacey D. Son, and A. Theodore Markettos. 2017. Efficient Tagged Memory. In 2017 IEEE International Conference on Computer Design, ICCD 2017, Boston, MA, USA, November 5-8, 2017. IEEE Computer Society, Los Alamitos, CA, USA, 641--648. https://doi.org/10.1109/ICCD.2017.112
[19]
David Kaplan, Jeremy Powell, and Tom Woller. 2020. AMD SEV-SNP: Strengthening VM Isolationwith Integrity Protection and More. Technical Report. Advanced Micro Devices Inc. https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf
[20]
Cameron F. Kerry, Acting Secretary, and Charles Romine Director. 2013. FIPS PUB 186-4 Digital Signature Standard (DSS). https://csrc.nist.gov/publications/detail/fips/186/4/final
[21]
Andrew Kwong, Daniel Genkin, Daniel Gruss, and Yuval Yarom. 2020. RAMBleed: Reading Bits in Memory Without Accessing Them. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020. IEEE, Los Alamitos, CA, USA, 695--711. https://doi.org/10.1109/SP40000.2020.00020
[22]
Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanović, and Dawn Song. 2020. Keystone: an open framework for architecting trusted execution environments. In EuroSys '20: Fifteenth EuroSys Conference 2020, Heraklion, Greece, April 27-30, 2020, Angelos Bilas, Kostas Magoutis, Evangelos P. Markatos, Dejan Kostic, and Margo Seltzer (Eds.). ACM, New York, NY, USA, 38:1--38:16. https://doi.org/10.1145/3342195.3387532
[23]
Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2016. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. CoRR, Vol. abs/1611 (2016), 06952.arxiv: 1611.06952 https://arxiv.org/abs/1611.06952
[24]
Naiwei Liu, Wanyu Zang, Songqing Chen, Meng Yu, and Ravi Sandhu. 2019. Adaptive Noise Injection against Side-Channel Attacks on ARM Platform. EAI Endorsed Trans. Security Safety, Vol. 6, 19 (2019), e1. https://doi.org/10.4108/eai.25-1-2019.159346
[25]
M. Naylor. 2018. POETSII Twine. https://github.com/POETSII/twine
[26]
University of California. 2019. The Berkeley Out-of-Order Machine (BOOM). https://docs.boom-core.org/en/latest/sections/intro-overview/boom.html
[27]
Peter Pessl, Daniel Gruss, Clé mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, https://www.usenix.org/, 565--581. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/pessl
[28]
Global Platform. 2017. TEE Client API Specification Version 1.0. https://globalplatform.org/specs-library/tee-client-api-specification/
[29]
G. Edward Suh, Charles W. O'Donnell, and Srinivas Devadas. 2007. Aegis: A Single-Chip Secure Processor. IEEE Design & Test of Computers, Vol. 24, 6 (2007), 570--580. https://doi.org/10.1109/MDT.2007.179
[30]
Zhichuang Sun, Bo Feng, Long Lu, and Somesh Jha. 2018. OEI: Operation Execution Integrity for Embedded Devices. CoRR, Vol. abs/1802 (2018), 03462.arxiv: 1802.03462 https://arxiv.org/abs/1802.03462
[31]
Zhenghong Wang and Ruby B. Lee. 2008. A novel cache architecture with enhanced performance and security. In 41st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-41 2008), November 8-12, 2008, Lake Como, Italy. IEEE Computer Society, Los Alamitos, CA, USA, 83--93. https://doi.org/10.1109/MICRO.2008.4771781
[32]
Andrew Waterman and Krste Asanović. 2019. The RISC-V Instruction Set Manual, Volume II: Privileged Architecture, v1. 11. https://riscv.org/specifications/privileged-isa/
[33]
Samuel Weiser, Mario Werner, Ferdinand Brasser, Maja Malenko, Stefan Mangard, and Ahmad-Reza Sadeghi. 2019. TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society, Reston, VA, USA, 15. https://www.ndss-symposium.org/ndss-paper/timber-v-tag-isolated-memory-bringing-fine-grained-enclaves-to-risc-v/
[34]
Nils Wistoff, Moritz Schneider, Frank K. Gü rkaynak, Luca Benini, and Gernot Heiser. 2020. Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core. CoRR, Vol. abs/2005 (2020), 02193.arxiv: 2005.02193 https://arxiv.org/abs/2005.02193
[35]
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. IEEE Computer Society, Los Alamitos, CA, USA, 640--656. https://doi.org/10.1109/SP.2015.45
Index Terms
- Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
Recommendations
Informer: Protecting Intel SGX from Cross-Core Side Channel Threats
Information and Communications SecurityAbstractAs one of the major threats facing Intel SGX, side-channel attacks have been widely researched and disclosed as actual vulnerabilities in recent years, which can severely harm the integrity and confidentiality of programs protected by SGX. Most ...
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityModern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX
ASPLOS '20: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating SystemsIntel SGX is a hardware-based trusted execution environment (TEE), which enables an application to compute on confidential data in a secure enclave. SGX assumes a powerful threat model, in which only the CPU itself is trusted; anything else is untrusted,...
Comments
Information & Contributors
Information
Published In
November 2020
38 pages
ISBN:9781450380911
DOI:10.1145/3411505
- General Chairs:
- Liqun Chen,
- Chris Mitchell,
- Program Chairs:
- Thanassis Giannetsos,
- Daniele Sgandurra
Copyright © 2020 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 November 2020
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CCS '20
Sponsor:
CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security
November 13, 2020
Virtual Event, USA
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 791Total Downloads
- Downloads (Last 12 months)246
- Downloads (Last 6 weeks)26
Reflects downloads up to 14 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in