Urs Müller, ETH Zurich
From 12.00 until 13.30
At CNB/F/110 (Lunch) + CNB/F/100.9 (Seminar), ETH Zurich
Universitätstrasse 6, 8092 Zurich
Abstract:
Intel Software Guard Extension (SGX) is an extension to the x86 instruction set that enables an application to isolate code and data in a container, called enclave. SGX hardware protects the enclave code and data against a malicious operating system, hypervisor, and even low-level firmwares. In particular, the hardware protects the confidentiality of enclave data. Side-channel information leakage is, however, a known limitation of SGX. Recent work has demonstrated that secret enclave information can be extracted from the enclave’s page-fault access pattern. However, susceptibility to other types of side-channels (e.g. information leakage via shared cache memory) was not yet investigated.
In this thesis we aim to bridge this gap and investigate a side-channel based on cache memory access monitoring. In particular, we demonstrate that SGX is indeed vulnerable to cache attacks. By observing the cache access pattern of an enclave an attacker can extract confidential enclave data. Our goal was to design an attack that is hard to mitigate using known defenses. We therefore do not rely on interrupting the enclave. This approach raises some significant challenges. We therefore designed and implemented a novel attack technique that leverages the availability of hardware performance counters in the SGX attacker model.
We demonstrate the effectiveness of our attack on two use cases; extraction of a 2048-bit RSA private key during decryption, and leaking information about human genome sequences during genomic indexing. Moreover, we show that our attack bypasses all known (practical) defenses.