{"id":392579,"date":"2017-06-21T11:40:47","date_gmt":"2017-06-21T18:40:47","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-research-item&#038;p=392579"},"modified":"2018-10-16T19:58:32","modified_gmt":"2018-10-17T02:58:32","slug":"t-sgx-eradicating-controlled-channel-attacks-enclave-programs","status":"publish","type":"msr-research-item","link":"https:\/\/www.microsoft.com\/en-us\/research\/publication\/t-sgx-eradicating-controlled-channel-attacks-enclave-programs\/","title":{"rendered":"T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs"},"content":{"rendered":"<p>Intel Software Guard Extensions (SGX) is a\u00a0hardware-based Trusted Execution Environment (TEE) that enables\u00a0secure execution of a program in an isolated environment,\u00a0called an enclave. SGX hardware protects the running enclave\u00a0against malicious software, including the operating system, hypervisor,\u00a0and even low-level firmware. This strong security property\u00a0allows trustworthy execution of programs in hostile environments,\u00a0such as a public cloud, without trusting anyone (e.g., a cloud\u00a0provider) between the enclave and the SGX hardware. However,\u00a0recent studies have demonstrated that enclave programs are\u00a0vulnerable to accurate controlled-channel attacks conducted by a\u00a0malicious OS. Since enclaves rely on the underlying OS, curious\u00a0and potentially malicious OSs can observe a sequence of accessed\u00a0addresses by intentionally triggering page faults.<\/p>\n<p>In this paper, we propose T-SGX, a complete mitigation\u00a0solution to the controlled-channel attack in terms of compatibility,\u00a0performance, and ease of use. T-SGX relies on a commodity\u00a0component of the Intel processor (since Haswell), called Transactional\u00a0Synchronization Extensions (TSX), which implements a\u00a0restricted form of hardware transactional memory. As TSX is\u00a0implemented as an extension (i.e., snooping the cache protocol),\u00a0any unusual event, such as an exception or interrupt, that should\u00a0be handled in its core component, results in an abort of the\u00a0ongoing transaction. One interesting property is that the TSX\u00a0abort suppresses the notification of errors to the underlying OS.\u00a0This means that the OS cannot know whether a page fault has\u00a0occurred during the transaction. T-SGX, by utilizing this property\u00a0of TSX, can carefully isolate the effect of attempts to tap running\u00a0enclaves, thereby completely eradicating the known controlled channel\u00a0attack.<\/p>\n<p>We have implemented T-SGX as a compiler-level scheme\u00a0to automatically transform a normal enclave program into a\u00a0secured enclave program without requiring manual source code\u00a0modification or annotation. We not only evaluate the security\u00a0properties of T-SGX, but also demonstrate that it could be\u00a0applied to all the previously demonstrated attack targets, such as\u00a0libjpeg, Hunspell, and FreeType. To evaluate the performance of\u00a0T-SGX, we ported 10 benchmark programs of nbench to the SGX\u00a0environment. Our evaluation results look promising. T-SGX is an order of magnitude faster than the state-of-the-art mitigation\u00a0schemes. On our benchmarks, T-SGX incurs on average 50%\u00a0performance overhead and less than 30% storage overhead.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intel Software Guard Extensions (SGX) is a\u00a0hardware-based Trusted Execution Environment (TEE) that enables\u00a0secure execution of a program in an isolated environment,\u00a0called an enclave. SGX hardware protects the running enclave\u00a0against malicious software, including the operating system, hypervisor,\u00a0and even low-level firmware. This strong security property\u00a0allows trustworthy execution of programs in hostile environments,\u00a0such as a public cloud, without [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"footnotes":""},"msr-content-type":[3],"msr-research-highlight":[],"research-area":[13558],"msr-publication-type":[193716],"msr-product-type":[],"msr-focus-area":[],"msr-platform":[],"msr-download-source":[],"msr-locale":[268875],"msr-field-of-study":[],"msr-conference":[],"msr-journal":[],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-392579","msr-research-item","type-msr-research-item","status-publish","hentry","msr-research-area-security-privacy-cryptography","msr-locale-en_us"],"msr_publishername":"Internet Society","msr_edition":"Network and Distributed System Security Symposium 2017 (NDSS'17)","msr_affiliation":"","msr_published_date":"2017-02-26","msr_host":"","msr_duration":"","msr_version":"","msr_speaker":"","msr_other_contributors":"","msr_booktitle":"","msr_pages_string":"","msr_chapter":"","msr_isbn":"","msr_journal":"","msr_volume":"","msr_number":"","msr_editors":"","msr_series":"","msr_issue":"","msr_organization":"","msr_how_published":"","msr_notes":"","msr_highlight_text":"","msr_release_tracker_id":"","msr_original_fields_of_study":"","msr_download_urls":"","msr_external_url":"","msr_secondary_video_url":"","msr_longbiography":"","msr_microsoftintellectualproperty":1,"msr_main_download":"","msr_publicationurl":"https:\/\/www.internetsociety.org\/doc\/t-sgx-eradicating-controlled-channel-attacks-against-enclave-programs","msr_doi":"","msr_publication_uploader":[{"type":"url","title":"https:\/\/www.internetsociety.org\/doc\/t-sgx-eradicating-controlled-channel-attacks-against-enclave-programs","viewUrl":false,"id":false,"label_id":0}],"msr_related_uploader":"","msr_attachments":[{"id":0,"url":"https:\/\/www.internetsociety.org\/doc\/t-sgx-eradicating-controlled-channel-attacks-against-enclave-programs"}],"msr-author-ordering":[{"type":"text","value":"Ming-Wei Shih","user_id":0,"rest_url":false},{"type":"text","value":"Sangho Lee","user_id":0,"rest_url":false},{"type":"text","value":"Taesoo Kim","user_id":0,"rest_url":false},{"type":"user_nicename","value":"marcuspe","user_id":32804,"rest_url":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/microsoft-research\/v1\/researchers?person=marcuspe"}],"msr_impact_theme":[],"msr_research_lab":[],"msr_event":[],"msr_group":[381431],"msr_project":[],"publication":[],"video":[],"download":[],"msr_publication_type":"inproceedings","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/392579"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-research-item"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/392579\/revisions"}],"predecessor-version":[{"id":392582,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/392579\/revisions\/392582"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=392579"}],"wp:term":[{"taxonomy":"msr-content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-content-type?post=392579"},{"taxonomy":"msr-research-highlight","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-highlight?post=392579"},{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=392579"},{"taxonomy":"msr-publication-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-publication-type?post=392579"},{"taxonomy":"msr-product-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-product-type?post=392579"},{"taxonomy":"msr-focus-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-focus-area?post=392579"},{"taxonomy":"msr-platform","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-platform?post=392579"},{"taxonomy":"msr-download-source","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-download-source?post=392579"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=392579"},{"taxonomy":"msr-field-of-study","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-field-of-study?post=392579"},{"taxonomy":"msr-conference","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-conference?post=392579"},{"taxonomy":"msr-journal","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-journal?post=392579"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=392579"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=392579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}