Abstract
In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. However, the hypervisor does not protect tenants against the cloud provider and thus, the supplied operating system and hardware. Intel SGX provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers.In this paper, we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves. Our attack is the first malware running on real SGX hardware, abusing SGX protection features to conceal itself. Furthermore, we demonstrate our attack both in a native environment and across multiple Docker containers. We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive. The attack works, although in SGX enclaves, there are no timers, no large pages, no physical addresses, and no shared memory. In a semi-synchronous attack, we extract 96 % of an RSA private key from a single trace. We extract the full RSA private key in an automated attack from 11 traces within 5 min.
Highlights
Modern operating systems isolate user processes from each other to protect secrets in different processes
Side-channel attacks on Software Guard Extensions (SGX) There have been speculations that SGX could be vulnerable to cache side-channel attacks (Costan and Devadas 2016)
There have been speculations that SGX could be vulnerable to cache side-channel attacks and might allow the implementation of super malware
Summary
Modern operating systems isolate user processes from each other to protect secrets in different processes Such secrets include passwords stored in password managers or private keys to access company networks. SGX is an isolation mechanism, aiming at protecting code and data from modification or disclosure even if all privileged software is malicious (Costan and Devadas 2016) This protection uses special execution environments, so-called enclaves, which work on memory areas that are isolated from the operating system by the hardware. Intel recommends storing cryptographic keys inside enclaves and claims that side-channel attacks “are thwarted since the memory is protected by hardware encryption” (Intel Corporation 2016b). We demonstrate a cache attack from within a malicious enclave that is extracting secret keys from co-located enclaves.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
