Differences

This shows you the differences between two versions of the page.

--- pubs:pagetableattacks [2017-09-29 20:48]
weichbr created
+++ pubs:pagetableattacks [2018-06-03 14:10]
@@ Line 1: / Line 1: @@
-====== Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution ======
-==== Authors ====
-  * Jo Van Bulck, imec-DistriNet, KU Leuven
-  * Nico Weichbrodt, IBR DS, TU Braunschweig
-  * Rüdiger Kapitza, IBR DS, TU Braunschweig
-  * Frank Piessens, imec-DistriNet, KU Leuven
-  * Raoul Strackx, imec-DistriNet, KU Leuven
-==== Abstract ====
-Protected module architectures, such as Intel SGX, enable
-strong trusted computing guarantees for hardwareenforced
-enclaves on top a potentially malicious operating
-system. However, such enclaved execution environments
-are known to be vulnerable to a powerful class of
-controlled-channel attacks. Recent research convincingly
-demonstrated that adversarial system software can extract
-sensitive data from enclaved applications by carefully
-revoking access rights on enclave pages, and recording
-the associated page faults. As a response, a number of
-state-of-the-art defense techniques has been proposed that
-suppress page faults during enclave execution.
-This paper shows, however, that page table-based
-threats go beyond page faults. We demonstrate that an
-untrusted operating system can observe enclave page accesses
-without resorting to page faults, by exploiting other
-side-effects of the address translation process. We contribute
-two novel attack vectors that infer enclaved memory
-accesses from page table attributes, as well as from
-the caching behavior of unprotected page table memory.
-We demonstrate the effectiveness of our attacks by recovering
-EdDSA session keys with little to no noise from the
-popular Libgcrypt cryptographic software suite.
-==== Download ====
-{{ :pubs:usenix-security2017.pdf |}}