Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution

Van Bulck J, Weichbrodt N, Kapitza R, Piessens F, Strackx R (2017)


Publication Type: Conference contribution

Publication year: 2017

Publisher: USENIX Association

Pages Range: 1041-1056

Conference Proceedings Title: Proceedings of the 26th USENIX Security Symposium

Event location: Vancouver, BC CA

ISBN: 9781931971409

Abstract

Protected module architectures, such as Intel SGX, enable strong trusted computing guarantees for hardware-enforced enclaves on top a potentially malicious operating system. However, such enclaved execution environments are known to be vulnerable to a powerful class of controlled-channel attacks. Recent research convincingly demonstrated that adversarial system software can extract sensitive data from enclaved applications by carefully revoking access rights on enclave pages, and recording the associated page faults. As a response, a number of state-of-the-art defense techniques has been proposed that suppress page faults during enclave execution. This paper shows, however, that page table-based threats go beyond page faults. We demonstrate that an untrusted operating system can observe enclave page accesses without resorting to page faults, by exploiting other side-effects of the address translation process. We contribute two novel attack vectors that infer enclaved memory accesses from page table attributes, as well as from the caching behavior of unprotected page table memory. We demonstrate the effectiveness of our attacks by recovering EdDSA session keys with little to no noise from the popular Libgcrypt cryptographic software suite.

Authors with CRIS profile

Involved external institutions

How to cite

APA:

Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., & Strackx, R. (2017). Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In Proceedings of the 26th USENIX Security Symposium (pp. 1041-1056). Vancouver, BC, CA: USENIX Association.

MLA:

Van Bulck, Jo, et al. "Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution." Proceedings of the 26th USENIX Security Symposium, Vancouver, BC USENIX Association, 2017. 1041-1056.

BibTeX: Download