Differences
This shows you the differences between two versions of the page.
— |
pubs:pagetableattacks [2018-06-03 14:10] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution ====== | ||
+ | ==== Authors ==== | ||
+ | * Jo Van Bulck, imec-DistriNet, | ||
+ | * Nico Weichbrodt, IBR DS, TU Braunschweig | ||
+ | * RĂ¼diger Kapitza, IBR DS, TU Braunschweig | ||
+ | * Frank Piessens, imec-DistriNet, | ||
+ | * Raoul Strackx, imec-DistriNet, | ||
+ | |||
+ | ==== Abstract ==== | ||
+ | |||
+ | Protected module architectures, | ||
+ | strong trusted computing guarantees for hardwareenforced | ||
+ | enclaves on top a potentially malicious operating | ||
+ | system. However, such enclaved execution environments | ||
+ | are known to be vulnerable to a powerful class of | ||
+ | controlled-channel attacks. Recent research convincingly | ||
+ | demonstrated that adversarial system software can extract | ||
+ | sensitive data from enclaved applications by carefully | ||
+ | revoking access rights on enclave pages, and recording | ||
+ | the associated page faults. As a response, a number of | ||
+ | state-of-the-art defense techniques has been proposed that | ||
+ | suppress page faults during enclave execution. | ||
+ | |||
+ | This paper shows, however, that page table-based | ||
+ | threats go beyond page faults. We demonstrate that an | ||
+ | untrusted operating system can observe enclave page accesses | ||
+ | without resorting to page faults, by exploiting other | ||
+ | side-effects of the address translation process. We contribute | ||
+ | two novel attack vectors that infer enclaved memory | ||
+ | accesses from page table attributes, as well as from | ||
+ | the caching behavior of unprotected page table memory. | ||
+ | We demonstrate the effectiveness of our attacks by recovering | ||
+ | EdDSA session keys with little to no noise from the | ||
+ | popular Libgcrypt cryptographic software suite. | ||
+ | |||
+ | |||
+ | ==== Download ==== | ||
+ | {{ : |