T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

Shih, Ming-Wei; Lee, Sang-Ho; Kim, Taesoo; Peinado, Marcus

doi:10.14722/ndss.2017.23193

Cited by 239 publications

(216 citation statements)

References 45 publications

Supporting

Mentioning

215

Contrasting

Unclassified

Order By: Relevance

“…To avoid an adversary finding out the moment of the verification, it is important not to leak any information of the enclave's behavior, such as memory or cache access patterns. Previous work covers how software can protect itself against such leakage [6], [12], [32], [34], [35].…”

Section: Discussionmentioning

confidence: 99%

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Morbitzer

2019

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)

View full text Add to dashboard Cite

Data hosted in a cloud environment can be subject to attacks from a higher privileged adversary, such as a malicious or compromised cloud provider. To provide confidentiality and integrity even in the presence of such an adversary, a number of Trusted Execution Environments (TEEs) have been developed. A TEE aims to protect data and code within its environment against high privileged adversaries, such as a malicious operating system or hypervisor.While mechanisms exist to attest a TEE's integrity at load time [3], there are no mechanisms to attest its integrity at runtime. Additionally, work also exists that discusses mechanisms to verify the runtime integrity of programs and system components. However, those verification mechanisms are themselves not protected against attacks from a high privileged adversary. It is therefore desirable to combine the protection mechanisms of TEEs with the ability of application runtime integrity verification.In this paper, we present Scanclave, a lightweight design which achieves three design goals: Trustworthiness of the verifier, a minimal trusted software stack and the possibility to access an application's memory from a TEE. Having achieved our goals, we are able to verify the runtime integrity of applications even in the presence of a high privileged adversary.We refrain from discussing which properties define the runtime integrity of an application, as different applications will require different verification methods. Instead, we show how Scanclave enables a remote verifier to determine the runtime integrity of an application. Afterwards, we perform a security analysis for the different steps of our design. Additionally, we discuss different enclave implementations that might be used for the implementation of Scanclave.

show abstract

Section: Discussionmentioning

confidence: 99%

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Morbitzer

2019

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)

View full text Add to dashboard Cite

show abstract

“…We acknowledge that several recent studies have uncovered side-channel attacks to compromise the confidentiality of Intel SGX [13,19,23,28,29,31]. Also, multiple mitigation techniques have been proposed to address attack-specific issues [18,[24][25][26]. Resolving side-channel attacks on Intel SGX enclave is beyond the scope of this paper and is left for future work.…”

Section: The Enclave E Is Loaded Inside a Properly Implemented And Mamentioning

confidence: 99%

Trustee: Full Privacy Preserving Vickrey Auction on Top of Ethereum

Galal

Youssef

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The wide deployment of tokens for digital assets on top of Ethereum implies the need for powerful trading platforms. Vickrey auctions have been known to determine the real market price of items as bidders are motivated to submit their own monetary valuations without leaking their information to the competitors. Recent constructions have utilized various cryptographic protocols such as ZKP and MPC, however, these approaches either are partially privacy-preserving or require complex computations with several rounds. In this paper, we overcome these limits by presenting Trustee as a Vickrey auction on Ethereum which fully preserves bids' privacy at relatively much lower fees. Trustee consists of three components: a front-end smart contract deployed on Ethereum, an Intel SGX enclave, and a relay to redirect messages between them. Initially, the enclave generates an Ethereum account and ECDH key-pair. Subsequently, the relay publishes the account's address and ECDH public key on the smart contract. As a prerequisite, bidders are encouraged to verify the authenticity and security of Trustee by using the SGX remote attestation service. To participate in the auction, bidders utilize the ECDH public key to encrypt their bids and submit them to the smart contract. Once the bidding interval is closed, the relay retrieves the encrypted bids and feeds them to the enclave that autonomously generates a signed transaction indicating the auction winner. Finally, the relay submits the transaction to the smart contract which verifies the transaction's authenticity and the parameters' consistency before accepting the claimed auction winner. As part of our contributions, we have made a prototype for Trustee available on Github 1 for the community to review and inspect it. Additionally, we analyze the security features of Trustee and report on the transactions' gas cost incurred on Trustee smart contract.

show abstract

“…Side-channel attacks have been shown to be a real threat, especially to Intel SGX [22,25,58]. This field is moving fast: new attacks have been kept being proposed, so have new defenses [45,51]. We believe eventually these efforts that are independent from ours will be able to provide adequent defense against side-channel attacks.…”

Section: Threat Model and Security Goalsmentioning

confidence: 99%

Occlum

Shen

Tian

Chen

et al. 2020

Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Syste

View full text Add to dashboard Cite

Intel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library operating systems (LibOSes) to SGX so that legacy applications can run inside enclaves with few or even no modifications. As virtually any non-trivial application demands multiple processes, it is essential for LibOSes to support multitasking. However, none of the existing SGX LibOSes support multitasking both securely and efficiently.This paper presents Occlum, a system that enables secure and efficient multitasking on SGX. We implement the LibOS processes as SFI-Isolated Processes (SIPs). SFI is a software instrumentation technique for sandboxing untrusted modules (called domains). We design a novel SFI scheme named MPXbased, Multi-Domain SFI (MMDSFI) and leverage MMDSFI to enforce the isolation of SIPs. We also design an independent verifier to ensure the security guarantees of MMDSFI. With SIPs safely sharing the single address space of an enclave,

show abstract

T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

Cited by 239 publications

References 45 publications

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Scanclave: Verifying Application Runtime Integrity in Untrusted Environments

Trustee: Full Privacy Preserving Vickrey Auction on Top of Ethereum

Occlum

Contact Info

Product

Resources

About