Brasser, Ferdinand ; Capkun, Srdjan ; Dmitrienko, Alexandra ; Frassetto, Tommaso ; Kostiainen, Kari ; Sadeghi, Ahmad-Reza (2019)
DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization.
ACSAC - 35th Annual Computer Security Applications Conference. San Juan, Puerto Rico (09.12.2019-13.12.2019)
doi: 10.1145/3359789.3359809
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Recent research has demonstrated that Intel's SGX is vulnerable to software-based side-channel attacks. In a common attack, the adversary monitors CPU caches to infer secret-dependent data accesses patterns. Known defenses have major limitations, as they require either error-prone developer assistance, incur extremely high runtime overhead, or prevent only specific attacks. In this paper, we propose data location randomization as a novel defense against side-channel attacks that target data access patterns. Our goal is to break the link between the memory observations by the adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments the enclave code, permuting data locations at fine granularity. To prevent correlation of repeated memory accesses we periodically re-randomize all enclave data. Our solution requires no developer assistance and strikes the balance between side-channel protection and performance based on an adjustable security parameter.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2019 |
| Autor(en): | Brasser, Ferdinand ; Capkun, Srdjan ; Dmitrienko, Alexandra ; Frassetto, Tommaso ; Kostiainen, Kari ; Sadeghi, Ahmad-Reza |
| Art des Eintrags: | Bibliographie |
| Titel: | DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization |
| Sprache: | Englisch |
| Publikationsjahr: | Dezember 2019 |
| Ort: | New York City, USA |
| Verlag: | ACM |
| Buchtitel: | ACSAC '19: Proceedings of the 35th Annual Computer Security Applications Conference |
| Veranstaltungstitel: | ACSAC - 35th Annual Computer Security Applications Conference |
| Veranstaltungsort: | San Juan, Puerto Rico |
| Veranstaltungsdatum: | 09.12.2019-13.12.2019 |
| DOI: | 10.1145/3359789.3359809 |
| Kurzbeschreibung (Abstract): | Recent research has demonstrated that Intel's SGX is vulnerable to software-based side-channel attacks. In a common attack, the adversary monitors CPU caches to infer secret-dependent data accesses patterns. Known defenses have major limitations, as they require either error-prone developer assistance, incur extremely high runtime overhead, or prevent only specific attacks. In this paper, we propose data location randomization as a novel defense against side-channel attacks that target data access patterns. Our goal is to break the link between the memory observations by the adversary and the actual data accesses by the victim. We design and implement a compiler-based tool called DR.SGX that instruments the enclave code, permuting data locations at fine granularity. To prevent correlation of repeated memory accesses we periodically re-randomize all enclave data. Our solution requires no developer assistance and strikes the balance between side-channel protection and performance based on an adjustable security parameter. |
| Freie Schlagworte: | Primitives; P3; ICRI-SC |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 29 Aug 2019 05:40 |
| Letzte Änderung: | 19 Dez 2024 08:27 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum