Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science & Engineering The Ohio State University
Userland TEEs on Commodity Processors Application VM VM Enclave Enclave VMM OS CPU CPU Secure Encrypted Software Guard Extension Virtualization (2015) (2016-2017) 2
Side-Channel Threats on Intel SGX Application Privileged Adversary CPU management • Enclave CPU Scheduling • Interrupt delivery and • handling Memory management • Paging • OS Segmentation • I/O management • Network • CPU Mem I/O Storage • Display • 3
Side-Channel Threats on AMD SEV Privileged Adversary CPU management • CPU Scheduling • VM VM Interrupt delivery and • handling Memory management • Paging • VMM Segmentation • I/O management • Network • CPU Mem I/O Storage • Display • 4
Example: Deterministic Page Fault Side Channels Application Page 3 Page 1 Page 2 ec_mul dup_point add_points Offset Kernel Global DIR Upper DIR Middle DIR Table Page Middle Page Table Directory Page Upper + Directory Page Global + Directory cr3 + + Page Trace P1 P2 P1 Page Table Entry P3 Page 63 62 52 51 11 9 12 0 P2 Fault P1 Handler X Physical Page … P G 0 DA C W U R D Address 5
Example: Fine-Grained CPU Preemption Application Enclave 1 instruction OS (CPU Scheduler) CPU Page/Cache/BPU 6
More Issues with AMD SEV Lack of memory integrity • Chosen plaintext attacks • Fault injection attacks • Page table manipulation • Unencrypted VMCB • VM VM Inference by reading • register values at VMExit ROP attacks by altering • SWIOTLB SWIOTLB register values Page fault side channel VMM • Page offset mask • Unprotected I/O • IOMMU & ASID • CPU Mem I/O Encryption/decryption • Li, Zhang , Lin, Solihin, “Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted oracles Virtualization”, Usenix Security 2019 7
Side-Channel Attack Surface Translation Units Cache & Memory fetcher page tables DRAM paging caches LLC decoder STLB L2 issuer ITLB DTLB LFB L1-I L1-D scheduler BPU load buffer BTB …… port 1 port 2 port 3 port 0 port n store buffer RSB Execution Units 8
Solutions to SGX/SEV side- channel attacks
Solutions to SGX Side Channels? Cross-VM/Process Attacks VM VM Hypervisor Enclave Enclave OS SGX Attacks 17
Three Ideas of Mitigating SGX Side Channels Vulnerability Detection Analyzing enclave • code to eliminate Secret-dependent • memory access Spectre gadgets • Xiao, Li, Zhang , “Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves”, ACM CCS 2017 Chen, Chen, Xiao, Zhang , Lin, Lai, “SGXPECTRE: Stealing Intel Secrets from SGX Enclaves via Speculative Execution”, IEEE EuroS&P 2019 Wang, Zhang , Lin, “Time and Order: Towards Automatically Identifying Side-Channel Vulnerabilities in Enclave Binaries”, RAID 2019 18
Three Ideas of Mitigating SGX Side Channels Vulnerability Attack Detection Prevention Analyzing enclave • Preventing side- • code to eliminate channel attacks by Secret-dependent • enforcing oblivious memory access execution Spectre gadgets • Ahmad, Joe, Xiao, Zhang , Shin, Lee, “OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX”, NDSS 2019 19
Three Ideas of Mitigating SGX Side Channels Vulnerability Attack Attack Detection Prevention Detection Analyzing enclave • Preventing side- Detecting side- • • code to eliminate channel attacks by channel attacks at Secret-dependent • enforcing oblivious runtime via program memory access execution instrumentation Spectre gadgets • Chen, Zhang, Reiter, Zhang , “Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU”, ACM AsiaCCS 2017 Chen, Wang, Chen, Chen, Zhang , Wang, Lai, Lin, Racing in Hyperspace: Closing Hyper- Threading Side Channels on SGX with Contrived Data Races, IEEE S&P 2018 20
Thank You! yinqian@cse.ohio-state.edu Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science & Engineering The Ohio State University
Recommend
More recommend
