InvisiPage: Oblivious Demand Paging for Secure Enclaves

State-of-art secure processors like Intel SGX remain susceptible to leaking page-level address trace of an application via the page fault channel in which a malicious OS induces spurious page faults and deduces application's secrets from it. Prior works which fix this vulnerability do not provision for OS demand paging to be oblivious. In this work, we present InvisiPage which obfuscates page fault channel while simultaneously making OS demand paging oblivious. To do so, InvisiPage first carefully distributes page management actions between the application and the OS. Second, InvisiPage secures application's page management interactions with the OS using a novel construct which is derived from Oblivious RAM (ORAM) but is customized for page management. Finally, we lower overheads of our approach by reducing page management interactions with the OS via a novel memory partition. For a suite of cloud applications which process sensitive data we show that page fault channel can be tackled while enabling oblivious demand paging at low overheads.

[1]  Rajeev Balasubramonian,et al.  Avoiding information leakage in the memory controller with fixed service policies , 2015, 2015 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[2]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[3]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[4]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[5]  Timothy A. Davis,et al.  The university of Florida sparse matrix collection , 2011, TOMS.

[6]  Shweta Shinde,et al.  Preventing Page Faults from Telling Your Secrets , 2016, AsiaCCS.

[7]  James Bennett,et al.  The Netflix Prize , 2007 .

[8]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[9]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[10]  Serge J. Belongie,et al.  SD-VBS: The San Diego Vision Benchmark Suite , 2009, 2009 IEEE International Symposium on Workload Characterization (IISWC).

[11]  Lior Rokach,et al.  Introduction to Recommender Systems Handbook , 2011, Recommender Systems Handbook.

[12]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[13]  Ewan Birney,et al.  Ensembl Genome Browser , 2010 .

[14]  Danfeng Zhang,et al.  Predictive mitigation of timing channels in interactive systems , 2011, CCS '11.

[15]  Alan L. Cox,et al.  Shielding Software From Privileged Side-Channel Attacks , 2018, USENIX Security Symposium.

[16]  Mohsen Jamali,et al.  Different Aspects of Social Network Analysis , 2006, 2006 IEEE/WIC/ACM International Conference on Web Intelligence (WI 2006 Main Conference Proceedings)(WI'06).

[17]  Michael K. Reiter,et al.  Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu , 2017, AsiaCCS.

[18]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[19]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[20]  Ruby B. Lee,et al.  Scalable architectural support for trusted software , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[21]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[22]  Baker Mohammad,et al.  Novel MSER-guided street extraction from satellite images , 2015, 2015 IEEE International Geoscience and Remote Sensing Symposium (IGARSS).

[23]  Rebekah Leslie-Hurd,et al.  Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave , 2016, HASP@ISCA.

[24]  Rajeev Balasubramonian,et al.  VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures , 2018, ASPLOS.

[25]  Ryan Riley,et al.  Flexible Hardware-Managed Isolated Execution: Architecture, Software Support and Applications , 2016, IEEE Transactions on Dependable and Secure Computing.

[26]  Mark Silberstein,et al.  Eleos: ExitLess OS Services for SGX Enclaves , 2017, EuroSys.

[27]  Giorgio Valle,et al.  PRIMEX: rapid identification of oligonucleotide matches in whole genomes , 2003, Bioinform..

[28]  Todd M. Austin,et al.  Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[29]  Tarik Moataz,et al.  Resizable Tree-Based Oblivious RAM , 2015, Financial Cryptography.

[30]  Satish Narayanasamy,et al.  InvisiMem: Smart memory defenses for memory bus side channel , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[31]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[32]  John L. Hennessy,et al.  WSCLOCK—a simple and effective algorithm for virtual memory management , 1981, SOSP.

[33]  Y. Sa Medical Image Registration Algorithm Based on Compressive Sensing and Scale-Invariant Feature Transform , 2015, 2015 8th International Conference on Intelligent Computation Technology and Automation (ICICTA).

[34]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[35]  David Samyde,et al.  Side channel cryptanalysis , 2002 .

[36]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[37]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[38]  Bracha Shapira,et al.  Recommender Systems Handbook , 2015, Springer US.

[39]  Shay Gueron,et al.  Memory Encryption for General-Purpose Processors , 2016, IEEE Security & Privacy.

[40]  Pradeep Dubey,et al.  GraphMat: High performance graph analytics made productive , 2015, Proc. VLDB Endow..

[41]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[42]  Jesús Carlos Pedraza Ortega,et al.  Automatic segmentation of mammograms using a Scale-Invariant Feature Transform and K-means clustering algorithm , 2014, 2014 11th International Conference on Electrical Engineering, Computing Science and Automatic Control (CCE).

[43]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[44]  Jing Wang,et al.  Improved maximally stable extremal regions based method for the segmentation of ultrasonic liver images , 2015, Multimedia Tools and Applications.

[45]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.