Malware Guard Extension:abusing Intel SGX to conceal cache attacks  

在线阅读下载全文

作  者:Michael Schwarz Samuel Weiser Daniel Gruss Clementine Maurice Stefan Mangard 

机构地区:[1]Graz University of Technology,Graz,Austria [2]CNRS,IRISA,Rennes,France.

出  处:《Cybersecurity》2020年第1期22-41,共20页网络空间安全科学与技术(英文)

基  金:This project has received funding from the European Research Council(ERC)under the European Union’s Horizon 2020 research and innovation programme(grant agreement No 681402);This work was partially supported by the TU Graz LEAD project“Dependable Internet of Things in Adverse Environments”.

摘  要:In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96%of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.

关 键 词:Intel SGX Side channel Side-channel attack Prime+Probe 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象