inferring fine grained control
play

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch - PowerPoint PPT Presentation

Sep 22, 2023 •17 likes •437 views

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei Shih Prasun Gera Taesoo Kim Hyesoon Kim Marcus Peinado 26 th USENIX Security Symposium August 17, 2017 Intel Software Guard Extension (SGX)

  1. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Sangho Lee Ming-Wei Shih Prasun Gera Taesoo Kim Hyesoon Kim Marcus Peinado 26 th USENIX Security Symposium August 17, 2017

  2. Intel Software Guard Extension (SGX) No cold-boot User process Trusted enclave attack Encrypt ECALL Cache Sensitive Normal operations operations Decrypt OCALL/ Return Prohibited System software (OS, hypervisor, … ) 2

  3. Intel Software Guard Extension (SGX) No cold-boot User process Trusted enclave attack Encrypt ECALL Cache Sensitive Normal operations operations Decrypt OCALL/ Return Prohibited Q: What about System software (OS, hypervisor, … ) side-channel attacks? 2

  4. Side-channel attacks against Intel SGX are getting attention Monitor page-fault or page-access sequence (Oakland15, ASIACCS16, Security17) • Noise-free, but coarse-grained (page address) Measure cache hit/miss timing (EuroSec17, DIMVA17, ATC17, WOOT17) • Fine-grained (cache line), but noisy 3

  5. Page-fault side channel (Oakland15) Page1: is_member() if (is_member(person)) { welcome(); } else { bye(); Page2: welcome() Page3: bye() } Unmap all pages and monitor page fault sequences • Page 1->Page 2: A member • Page 1->Page 3: Not a member 4

  6. Page-fault side channel (Oakland15) Page1: is_member() if (is_member(person)) { welcome(); } else { bye(); Page2: welcome() Page3: bye() } Unmap all pages and monitor page fault sequences Does not work when a sensitive control flow change • Page 1->Page 2: A member occurs within the same page (or cache line) • Page 1->Page 3: Not a member 4

  7. Branch shadowing: A fine-grained side- channel attack against Intel SGX • Can attack each branch instruction • Neither page nor cache-line granularity • Deterministically identify branch history • Either taken or not taken • Not about timing difference • Achieve high attack success rate • Recover 66% of a 1024-bit RSA private key from a single run 5

  8. Observation: SGX does not clear branch history! CPU caches how each branch instruction has been executed for later prediction, even for SGX. • Either taken or not taken , as well as its target address Does an attacker have a reliable way to extract branch history from SGX? 6

  9. Performance monitoring unit (PMU) is prohibited • PMUs to profile branch history • Last branch record (LBR) and processor trace (PT) • Prediction results (success/failure), target address, … • Anti side channel inference (ASCI) • SGX doesn’t publish hardware performance events to PMUs. • Malicious OS cannot directly use PMUs to get SGX’s branch history. 7

  10. Branch collision timing attack works for SGX but has limitations Mispredicted branch takes longer than a correctly predicted branch. • But, we cannot directly time a target branch inside SGX. if (is_member(p)){ … Rollback& Misprediction } Re-execute else { … } 8

  11. Branch collision timing attack works for SGX but has limitations Colliding branches affect each other’s prediction (MICRO16). • e.g., if a branch has been taken, CPU will predict other colliding branches will also be taken. 0xff 12345678 ADDR[31:0] taken/not-taken target address 0xffc 12345678 … … Branch instructions with colliding addresses (CPU truncates higher bits to reduce storage overhead.) 9

  12. Branch collision timing attack works for SGX but has limitations Branch execution inside SGX affects colliding branches outside of SGX ( shadow branch ). • We can time a shadow branch instead of the actual target to know whether it has been mispredicted, but … This attack has two critical limitations. • Suffer from high measurement noise • Difficult to synchronize target and shadow branches 10

  13. Limitation 1: High measurement noise Mispredicted branch takes long to do rollback while suffering from high variance . 1000 ~800 cycles (depending on rollbacked 800 instructions) 600 Cycle Prediction 400 Misprediction ~25 cycles 200 * 10,000 times. 120 NOPs at 0 the fall-through path Mean Stdev 11

  14. Limitation 2: Difficulty in synchronization We need to time a shadow branch right after a target has been executed to avoid overwriting. • e.g., Skylake’s branch target buffer: 4 ways x 1,024 sets • Worst case: Five branch executions would overwrite the target branch history. Synchronization is difficult because SGX does not allow single-stepping . 12

  15. How does branch shadowing overcome the two limitations? Apply LBR to a shadow branch to identify branch prediction results instead of timing • No ASCI because a shadow branch is outside of SGX • Deterministic: Either correctly predicted or mispredicted Realize near single-stepping by increasing timer interrupt frequency and disabling the cache • Can interrupt SGX enclaves for every ~5 cycles 13

  16. Threat model • Attacker knows the source code or binary of a target enclave. • Attacker can frequently interrupt the target enclave’s execution to execute attack code. • Attacker prevents or disrupts the target enclave from accessing a trusted time source. 14

  17. Step 1: Prepare a shadow copy of an SGX program to monitor it with LBR SGX enclave cmp … je L1 … … jmpq *rdx … ASCI LBR 15

  18. Step 1: Prepare a shadow copy of an SGX program to monitor it with LBR Shadow code (outside of SGX) SGX enclave cmp … cmp rax,rax je L1 je L1’ … … (nop) Colliding branch … mov addr,rdx instructions jmpq *rdx jmpq *rdx … … (nop) ASCI LBR 15

  19. Step 1: Prepare a shadow copy of an SGX program to monitor it with LBR Shadow code (outside of SGX) SGX enclave cmp … cmp rax,rax je L1 je L1’ … … (nop) Colliding branch … mov addr,rdx instructions jmpq *rdx jmpq *rdx … … (nop) can monitor all branch LBR executions 15

  20. Step 2: Interrupt SGX execution and monitor shadow code with LBR Shadow code SGX enclave cmp … cmp rax,rax execute je L1 je L1’ … … (nop) jmpq *rdx mov addr,rdx … jmpq *rdx … (nop) 16

  21. Step 2: Interrupt SGX execution and monitor shadow code with LBR Shadow code SGX enclave cmp … cmp rax,rax execute je L1 je L1’ … … (nop) jmpq *rdx mov addr,rdx … jmpq *rdx … (nop) 16

  22. Step 2: Interrupt SGX execution and monitor shadow code with LBR Shadow code SGX enclave cmp … cmp rax,rax execute while execute je L1 je L1’ enabling LBR … … (nop) ( predicted or jmpq *rdx mov addr,rdx mispredicted ?) … jmpq *rdx … (nop) 16

  23. Step 2: Interrupt SGX execution and monitor shadow code with LBR Shadow code SGX enclave cmp … cmp rax,rax execute while execute je L1 je L1’ resume enabling LBR … … (nop) ( predicted or jmpq *rdx mov addr,rdx mispredicted ?) … jmpq *rdx … (nop) 16

  24. Step 2: Interrupt SGX execution and monitor shadow code with LBR Shadow code SGX enclave cmp … cmp rax,rax execute while execute je L1 je L1’ resume enabling LBR … … (nop) ( predicted or jmpq *rdx mov addr,rdx mispredicted ?) … jmpq *rdx … (nop) Whether or not shadow branches were correctly predicted reveals the history of target branches. 16

  25. Shadow conditional branch and prediction result Shadow code SGX enclave cmp $0, rax cmp rax, rax collision 0x00*530:je 0x005f4 0xff*530:je 0xff*5f4 ? 0x00*532: inc rbx 0xff*532: nop Always … … taken 0x00*5f4 :dec rbx 0xff*5f4 :nop LBR does not report not-taken branches, so we make our shadow branch be always taken . 17

  26. Shadow conditional branch and prediction result • Our shadow branch should be taken, but how does CPU predict it with target branch’s history? • If the target branch has been taken ➢ LBR: The shadow branch has been correctly predicted . • If the target branch has been not taken ➢ LBR: The shadow branch has been mispredicted . 18

  27. Shadow conditional branch and prediction result • Our shadow branch should be taken, but how does CPU predict it with target branch’s history? • If the target branch has been taken Deterministically identify whether a target conditional ➢ LBR: The shadow branch has been correctly predicted . branch has been taken or not taken • If the target branch has been not taken ➢ LBR: The shadow branch has been mispredicted . 18

  28. Shadow indirect branch and prediction result Shadow code SGX enclave mov 0xff*532 ,rdx collision 0x00*530:jmpq *rdx 0xff*530:jmpq *rdx ? 0x00*532: inc rbx 0xff*532 : nop Next … … instruction 0x00*5f4 :dec rbx 0xff*5f4 :nop For an indirect branch, LBR reports a target prediction result. We use its default target: Next instruction . 19

  29. Shadow indirect branch and prediction result • Our shadow branch will be correctly predicted unless the target branch updates cached destination. • If the target branch has been executed ➢ LBR: The shadow branch has been mispredicted . • If the target branch has been not executed ➢ LBR: The shadow branch has been correctly predicted . 20

  30. Shadow indirect branch and prediction result • Our shadow branch will be correctly predicted unless the target branch updates cached destination. Deterministically identify whether a target indirect • If the target branch has been executed branch has been executed or not ➢ LBR: The shadow branch has been mispredicted . • If the target branch has been not executed ➢ LBR: The shadow branch has been correctly predicted . 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control

Fine Grained Access Control Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: p g Students can see their own grades Students can see grades of all students in courses they registered for

548 views • 34 slides
Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples:

Fine-Grained Access Control Fine Grained Access Control Fine-grained access control examples: Students can see their own grades Students can see their own grades Students can see grades of all students in courses they registered for

338 views • 17 slides
On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang,

On the Correctness Criteria of Fine-Grained Access Control in Relational Databases Qihua Wang, Ting Yu, Ninghui Li Jorge Lobo, Elisa Bertino Keith Irwin, Ji-Won Byun Outline Introduction Correctness Criteria A Fine-Grained Access

1.21k views • 51 slides
Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1

Fine-Grained Geographic Communication (Geocast) Nexus Workshop Frank Drr 23.07.2003 1 Overview Motivation Requirements for Fine-Grained Geocast Location Model for Fine-Grained Geographic Addressing Summary Related Work

752 views • 18 slides
LAMINAR: PRACTICAL FINE-GRAINED DECENTRALIZED INFORMATION FLOW CONTROL (DIFC) Indrajit Roy ,

LAMINAR: PRACTICAL FINE-GRAINED DECENTRALIZED INFORMATION FLOW CONTROL (DIFC) Indrajit Roy ,

LAMINAR: PRACTICAL FINE-GRAINED DECENTRALIZED INFORMATION FLOW CONTROL (DIFC) Indrajit Roy , Donald E. Porter, Michael D. Bond, Kathryn S. McKinley, Emmett Witchel The University of Texas at Austin Untrusted code on trusted data Your

820 views • 45 slides
Copy raising and perception: A fine-grained semantics for raising and control Ash Asudeh &

Copy raising and perception: A fine-grained semantics for raising and control Ash Asudeh &

Copy raising and perception: A fine-grained semantics for raising and control Ash Asudeh & Ida Toivonen Carleton University LAGB 2007, Kings College London 1 Copy raising 1. Louise seems like shes had a rough day. 2. The lawyer

752 views • 43 slides
Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015 Terminology Coarse-grained Concurrency synchronisation between threads via locks ; Fine-grained

973 views • 72 slides
LISA 11 Fine-grained access-control for the Puppet configuration language Bart Vanbrabant,

LISA 11 Fine-grained access-control for the Puppet configuration language Bart Vanbrabant,

LISA 11 Fine-grained access-control for the Puppet configuration language Bart Vanbrabant, Joris Peeraer and Wouter Joosen DistriNet, Dept. of Computer Science, K.U.Leuven, Belgium December 7, 2011 1 / 27 Outline Systems configuration

292 views • 27 slides
Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More

Parts of Speech More Fine-Grained Classes More Fine-Grained Classes Actually , I ran home extremely quickly yesterday The closed classes Example of POS tagging The Penn Treebank Part-of-Speech

747 views • 54 slides
Machine Learning for Fine-Grained Hardware Prefetcher Control Jason Hiebel Laura E. Brown

Machine Learning for Fine-Grained Hardware Prefetcher Control Jason Hiebel Laura E. Brown

Machine Learning for Fine-Grained Hardware Prefetcher Control Jason Hiebel Laura E. Brown Zhenlin Wang jshiebel@mtu.edu lebrown@mtu.edu zlwang@mtu.edu Department of Computer Science Michigan Technological University International

544 views • 31 slides
Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP,

Fine-grained Visual Analysis: From Classification to Retrieval Yi-Zhe Song SketchX Lab, CVSSP, University of Surrey, UK http://sketchx.ai Why fine-grained? Dog Dog Dog I am not just a dog Why fine-grained? Husky

615 views • 24 slides
Flexible, fine-grained distributed access control John Mitchell Stanford with Adam Barth, Anupam

Flexible, fine-grained distributed access control John Mitchell Stanford with Adam Barth, Anupam

Flexible, fine-grained distributed access control John Mitchell Stanford with Adam Barth, Anupam Datta, Ninghui Li (Purdue), Helen Nissenbaum (NYU), Will Winsborough, . April 2006 Were all ears What policy concepts are important in

531 views • 20 slides
Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 ,

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 ,

Fine-grained Data Access Control Systems with User Accountability in Cloud Computing Jin Li 1 , Gansen Zhao 2 , and Xiaofeng Chen 3 Chunming Rong 4 , Yong Tang 2 1 Guangzhou University, China South China Normal University 2 3 Xidian University

784 views • 21 slides
Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Learning Kernel-matrix-based Representation for Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information Technology University of Wollongong, Australia 11-Dec-2019 Introduction Fine-grained image recognition

1.56k views • 58 slides
TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei

TRILL Fine Grained Labeling Donald Eastlake 3 rd Huawei Technologies d3e3e3@gmail.com November 2011 TRILL WG 1 Fine Grained Labeling A way to

469 views • 8 slides
Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey

Addressing Inter-Class Similarity in Fine-Grained Visual Classification Abhimanyu Dubey Collaborators: Nikhil Naik, Ryan Farrell, Otkrist Gupta, Pei Guo, Ramesh Raskar Fine-Grained Visual Classification - Image classification with target

760 views • 35 slides
Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Motivation A Language-Based Approach Issues Summary Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2 Filippo Del Tedesco 2 1 City University London 2 Chalmers University of Technology, Sweden The

1.03k views • 29 slides
Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van

Deadbolt: Locking Down Android Disk Encryption Adam Skillen, David Barrera, and Paul C. van Oorschot askillen@ccsl.carleton.ca Carleton Computer Security Lab Carleton University Ottawa, Canada SPSM 2013, Berlin, Germany November 8, 2013 The

488 views • 28 slides
T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference

T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference

T3E Resiliency Enhancements Dean Elling Software Engineer SGI 41st Cray User Group Conference Minneapolis, Minnesota A Brief History PE Resiliency Initial releases of UNICOS/mk system panicked processes hung system would

732 views • 21 slides
Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt

Haven Shielding applications from an untrusted cloud Andrew Baumann Marcus Peinado Galen Hunt Microsoft Research In the old days Application Operating system 2 In the old days Application Operating system 2 In the old days

631 views • 34 slides
About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production

About Bringing Memory Forensics and Virtual Machine Introspection Title: to Production Environments Student: Benjamin Taubmann PhD stage: Third year, finisher Advisor: Prof. Dr. Hans P. Reiser Affiliation: Assistant Professorship of

313 views • 8 slides
Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer Security Day 21: Firewalls, NATs, and IDSes Firewalls and NAT boxes Stephen McCamant University of Minnesota, Computer Science & Engineering

1.35k views • 7 slides
Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

7/15/2014 Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics Agenda 2 FDSOI STNOC with FDSOI Application example Conclusions 1 7/15/2014 FD-SOI Speed & Energy Efficiency

211 views • 8 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides

More recommend