Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution
Van Bulck J, Weichbrodt N, Kapitza R, Piessens F, Strackx R (2017)
Publication Type: Conference contribution
Publication year: 2017
Publisher: USENIX Association
Pages Range: 1041-1056
Conference Proceedings Title: Proceedings of the 26th USENIX Security Symposium
Event location: Vancouver, BC
ISBN: 9781931971409
Abstract
Protected module architectures, such as Intel SGX, enable strong trusted computing guarantees for hardware-enforced enclaves on top a potentially malicious operating system. However, such enclaved execution environments are known to be vulnerable to a powerful class of controlled-channel attacks. Recent research convincingly demonstrated that adversarial system software can extract sensitive data from enclaved applications by carefully revoking access rights on enclave pages, and recording the associated page faults. As a response, a number of state-of-the-art defense techniques has been proposed that suppress page faults during enclave execution. This paper shows, however, that page table-based threats go beyond page faults. We demonstrate that an untrusted operating system can observe enclave page accesses without resorting to page faults, by exploiting other side-effects of the address translation process. We contribute two novel attack vectors that infer enclaved memory accesses from page table attributes, as well as from the caching behavior of unprotected page table memory. We demonstrate the effectiveness of our attacks by recovering EdDSA session keys with little to no noise from the popular Libgcrypt cryptographic software suite.
Authors with CRIS profile
Involved external institutions
Katholieke Universiteit Leuven (KUL) / Catholic University of Leuven
Belgium (BE)
Technische Universität Braunschweig
Germany (DE)
Belgium (BE)
Technische Universität Braunschweig
Germany (DE)
How to cite
APA:
Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., & Strackx, R. (2017). Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In Proceedings of the 26th USENIX Security Symposium (pp. 1041-1056). Vancouver, BC, CA: USENIX Association.
MLA:
Van Bulck, Jo, et al. "Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution." Proceedings of the 26th USENIX Security Symposium, Vancouver, BC USENIX Association, 2017. 1041-1056.
BibTeX: Download