• Login
    View Item 
    •   SMARTech Home
    • Georgia Tech Theses and Dissertations
    • Georgia Tech Theses and Dissertations
    • View Item
    •   SMARTech Home
    • Georgia Tech Theses and Dissertations
    • Georgia Tech Theses and Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Securing Intel SGX against side-channel attacks via load-time synthesis

    Thumbnail
    View/Open
    SHIH-DISSERTATION-2019.pdf (1.044Mb)
    Date
    2019-11-12
    Author
    Shih, Mingwei
    Metadata
    Show full item record
    Abstract
    In response to the growing need for securing user data in the cloud, recent Intel processors have supported a new feature, Intel Software Guard Extensions (SGX). SGX allows a program to execute in isolation from the rest of the underlying system. Thus, even after compromising the system, neither cloud providers nor attackers can gain access to data that the program processes. Unfortunately, recent studies have shown that such isolation is bypassable via side-channel attacks (SCAs). In particular, SCAs against SGX are more critical under the extreme assumption (i.e., attackers compromise the system), allowing attackers to infer fine-grained information from an SGX-protected program. Toward practical defenses against SCAs on SGX, the first part of the thesis presents two mitigation techniques, SGX-Armor and T-SGX, both of which require neither hardware- nor source-code-level modifications and incur moderate runtime overhead to the program. SGX-Armor is a general-purpose defense based on Address Space Layout Randomization (ASLR) that obfuscates the memory layout of the program, preventing attackers from interpreting side-channel information. Unlike traditional ASLR implementations, SGX-Armor incorporates a secure algorithm that shuffles memory layout without revealing the information of the layout through any of the known side channels. T-SGX is a novel defense against controlled-channel attacks that exploit page faults as a side channel. By using Intel Transactional Synchronization Extensions (TSX) as a primitive that suppresses page faults, T-SGX automatically transfers a program into a protected one at compile time. The second part of the thesis presents Pridwen, a framework that addresses the challeenges of combining multiple mitigation techniques such as SGX-Armor and T-SGX, thereby providing a broader scope of protection against SCAs on SGX. Using load-time synthesis, Pridwen adaptively enforces mitigation schemes to a program in distinct cloud environments. The prototype of Pridwen has supported four mitigation schemes that secure SGX programs again various SCAs while minimizing the incurred runtime overhead according to the configuration of the environment.
    URI
    http://hdl.handle.net/1853/62337
    Collections
    • College of Computing Theses and Dissertations [1071]
    • Georgia Tech Theses and Dissertations [22401]

    Browse

    All of SMARTechCommunities & CollectionsDatesAuthorsTitlesSubjectsTypesThis CollectionDatesAuthorsTitlesSubjectsTypes

    My SMARTech

    Login

    Statistics

    View Usage StatisticsView Google Analytics Statistics
    facebook instagram twitter youtube
    • My Account
    • Contact us
    • Directory
    • Campus Map
    • Support/Give
    • Library Accessibility
      • About SMARTech
      • SMARTech Terms of Use
    Georgia Tech Library266 4th Street NW, Atlanta, GA 30332
    404.894.4500
    • Emergency Information
    • Legal and Privacy Information
    • Human Trafficking Notice
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    © 2020 Georgia Institute of Technology