@inproceedings{orenbach2020autarky,
author = {Orenbach, Meni and Baumann, Andrew and Silberstein, Mark},
title = {Autarky: Closing controlled channels with self-paging enclaves},
booktitle = {EuroSys},
year = {2020},
month = {April},
abstract = {As the first widely-deployed secure enclave hardware, Intel SGX shows promise as a practical basis for confidential cloud computing. However, side channels remain SGX's greatest security weakness. In particular, the "controlled-channel attack" on enclave page faults exploits a longstanding architectural side channel and still lacks effective mitigation.

We propose Autarky: a set of minor, backward-compatible modifications to the SGX ISA that hide an enclave's page
access trace from the host, and give the enclave full control over its page faults. A trusted library OS implements an enclave self-paging policy.

We prototype Autarky on current SGX hardware and the Graphene library OS, implementing three paging schemes: a fast software oblivious RAM system made practical by leveraging the proposed ISA, a novel page cluster abstraction for application-aware secure self-paging, and a rate-limiting paging mechanism for unmodified binaries. Overall, Autarky provides a comprehensive defense for controlled-channel attacks which supports efficient secure demand paging, and adds no overheads in page-fault free execution.},
publisher = {ACM},
url = {http://approjects.co.za/?big=en-us/research/publication/autarky-closing-controlled-channels-with-self-paging-enclaves/},
}