SGXlinger: A New Side-Channel Attack Vector Based on Interrupt Latency Against Enclave Execution

Software Guard Extension (SGX) is a new security feature that has been released in recent Intel commodity processors. It is designed to provide a user program with a strongly shielded environment against other components in the system, including the OS, firmware and hardware peripherals. With SGX, developers can securely deploy critical applications on untrusted remote platforms without the concern of information leakage. However, researchers have found several attacks against SGX, suggesting blind reliance on SGX is inadvisable, and promoting the need for a comprehensive study on the security property of SGX. In this paper, we discover a new attack vector SGXlinger to disclose information inside the protected program. Our attack monitors the interrupt latency of the SGX-protected program, and it is the first time that the interrupt latency is leveraged as a side-channel. We develop a framework to repeatedly measure the interrupt latency of an enclave program, and the evaluation shows we can learn coarse-grained information inside the shielded environment. In an experimental setting, we measure that the information leakage rate of the proposed side-channel can reach up to 35 Kbps.

[1]  SPEC CPU 2006 Benchmark Descriptions , 2006 .

[2]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[3]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[4]  Marcus Peinado,et al.  High-Resolution Side Channels for Untrusted Operating Systems , 2017, USENIX Annual Technical Conference.

[5]  Rüdiger Kapitza,et al.  Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution , 2017, USENIX Security Symposium.

[6]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[7]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[8]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[9]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[10]  Insik Shin,et al.  SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs , 2017, NDSS.

[11]  Michael K. Reiter,et al.  Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu , 2017, AsiaCCS.

[12]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[13]  Daniel Gruss,et al.  Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory , 2017, USENIX Security Symposium.

[14]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[15]  Thomas Eisenbarth,et al.  MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations in SGX , 2018, CT-RSA.

[16]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[17]  Nael B. Abu-Ghazaleh,et al.  BranchScope: A New Side-Channel Attack on Directional Branch Predictor , 2018, ASPLOS.

[18]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).