Microarchitectural Isolation Guarantees Through Execution Based Signatures

Abstract

Trusted Execution Environments (TEEs) aim to provide integrity and confidentiality guarantees to certain computations irrespective of the state of the rest of the system. That is, they protect Trusted Applications (TAs) even if the Operating System or the hypervisor are compromised. The TEE runs in parallel with the OS and leverages a set of hardware and software components to create such an isolated environment. However, this isolation can be broken by exploiting microarchitectural side-channels. The state of the shared components of multi-core processors depends on the actual processes being executed, and as a result, some information is leaked from one process to any other running in the same processor. This leakage completely breaks the confidentiality guarantees that TEEs promise. The only way to completely avoid the leakage is to avoid the share of resources, but this is nearly impossible to achieve without a huge degradation in the performance of the processor. Assuming that it is possible that the leakage exists, and the attacker only can get information from the observable microarchitectural state, we propose to monitor the hardware resources to detect the microarchitectural state changes caused by the attacks. To this end, we have implemented a hardware module that compares at runtime pre-stored microarchitectural execution signatures of each enclave, with the actual execution trace, and triggers an alarm when it detects significant variation.