Securing Intel SGX against side-channel attacks via load-time synthesis

Abstract

In response to the growing need for securing user data in the cloud, recent Intel processors have supported a new feature, Intel Software Guard Extensions (SGX). SGX allows a program to execute in isolation from the rest of the underlying system. Thus, even after compromising the system, neither cloud providers nor attackers can gain access to data that the program processes. Unfortunately, recent studies have shown that such isolation is bypassable via side-channel attacks (SCAs). In particular, SCAs against SGX are more critical under the extreme assumption (i.e., attackers compromise the system), allowing attackers to infer fine-grained information from an SGX-protected program. Toward practical defenses against SCAs on SGX, the first part of the thesis presents two mitigation techniques, SGX-Armor and T-SGX, both of which require neither hardware- nor source-code-level modifications and incur moderate runtime overhead to the program. SGX-Armor is a general-purpose defense based on Address Space Layout Randomization (ASLR) that obfuscates the memory layout of the program, preventing attackers from interpreting side-channel information. Unlike traditional ASLR implementations, SGX-Armor incorporates a secure algorithm that shuffles memory layout without revealing the information of the layout through any of the known side channels. T-SGX is a novel defense against controlled-channel attacks that exploit page faults as a side channel. By using Intel Transactional Synchronization Extensions (TSX) as a primitive that suppresses page faults, T-SGX automatically transfers a program into a protected one at compile time. The second part of the thesis presents Pridwen, a framework that addresses the challeenges of combining multiple mitigation techniques such as SGX-Armor and T-SGX, thereby providing a broader scope of protection against SCAs on SGX. Using load-time synthesis, Pridwen adaptively enforces mitigation schemes to a program in distinct cloud environments. The prototype of Pridwen has supported four mitigation schemes that secure SGX programs again various SCAs while minimizing the incurred runtime overhead according to the configuration of the environment.