检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Michael Schwarz Samuel Weiser Daniel Gruss Clementine Maurice Stefan Mangard
机构地区:[1]Graz University of Technology,Graz,Austria [2]CNRS,IRISA,Rennes,France
出 处:《Cybersecurity》2018年第1期1010-1029,共20页网络空间安全科学与技术(英文)
基 金:received funding from the European Research Council(ERC)under the European Union’s Horizon 2020 research and innovation programme(grant agreement No 681402);partially supported by the TU Graz LEAD project“Dependable Internet of Things in Adverse Environments”.
摘 要:In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96% of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.
关 键 词:Intel SGX Side channel Side-channel attack Prime+Probe
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145