pubs:pagetableattacks

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

pubs:pagetableattacks [2018-06-03 14:10] (current)
Line 1: Line 1:
 +====== Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution ======
  
 +==== Authors ====
 +  * Jo Van Bulck, imec-DistriNet, KU Leuven
 +  * Nico Weichbrodt, IBR DS, TU Braunschweig
 +  * RĂ¼diger Kapitza, IBR DS, TU Braunschweig
 +  * Frank Piessens, imec-DistriNet, KU Leuven
 +  * Raoul Strackx, imec-DistriNet, KU Leuven
 +
 +==== Abstract ====
 +
 +Protected module architectures, such as Intel SGX, enable
 +strong trusted computing guarantees for hardwareenforced
 +enclaves on top a potentially malicious operating
 +system. However, such enclaved execution environments
 +are known to be vulnerable to a powerful class of
 +controlled-channel attacks. Recent research convincingly
 +demonstrated that adversarial system software can extract
 +sensitive data from enclaved applications by carefully
 +revoking access rights on enclave pages, and recording
 +the associated page faults. As a response, a number of
 +state-of-the-art defense techniques has been proposed that
 +suppress page faults during enclave execution.
 +
 +This paper shows, however, that page table-based
 +threats go beyond page faults. We demonstrate that an
 +untrusted operating system can observe enclave page accesses
 +without resorting to page faults, by exploiting other
 +side-effects of the address translation process. We contribute
 +two novel attack vectors that infer enclaved memory
 +accesses from page table attributes, as well as from
 +the caching behavior of unprotected page table memory.
 +We demonstrate the effectiveness of our attacks by recovering
 +EdDSA session keys with little to no noise from the
 +popular Libgcrypt cryptographic software suite.
 +
 +
 +==== Download ====
 +{{ :pubs:usenix-security2017.pdf |}}
  • pubs/pagetableattacks.txt
  • Last modified: 2018-06-03 14:10
  • (external edit)