Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang - - PowerPoint PPT Presentation

▶

Jun 11, 2023 14 likes •156 views

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science & Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

SLIDE 1

Side-Channel Attacks and Defenses for SGX and SEV

Yinqian Zhang Associate Professor

Computer Science & Engineering The Ohio State University

Open Source Enclave Workshop 2019

SLIDE 2

Userland TEEs on Commodity Processors

Software Guard Extension (2015)

Application OS Enclave Enclave CPU

Secure Encrypted Virtualization (2016-2017)

VMM VM CPU VM

SLIDE 3

Side-Channel Threats on Intel SGX

Application OS Enclave CPU Mem I/O Privileged Adversary

CPU management
CPU Scheduling
Interrupt delivery and

handling

Memory management
Paging
Segmentation
I/O management
Network
Storage
Display

SLIDE 4

Side-Channel Threats on AMD SEV

Privileged Adversary

CPU management
CPU Scheduling
Interrupt delivery and

handling

Memory management
Paging
Segmentation
I/O management
Network
Storage
Display

VMM VM VM

CPU Mem I/O

SLIDE 5

Example: Deterministic Page Fault Side Channels

Application

Page 1 ec_mul Page 2 add_points Page 3 dup_point

Page Fault Handler

Page Trace P1 P2 P1 P3 P2 P1

…

Kernel

Physical Page Address 0 DA G U W C R 51 9 12 Page Table Entry 11 X D 52 62 63

Global DIR Offset Table Middle DIR Upper DIR

Page Global Directory Page Upper Directory Page Middle Directory Page Table

cr3

+ + +

SLIDE 6

Example: Fine-Grained CPU Preemption

OS (CPU Scheduler) CPU Page/Cache/BPU

1 instruction

Application Enclave

SLIDE 7

More Issues with AMD SEV

Lack of memory integrity
Chosen plaintext attacks
Fault injection attacks
Page table manipulation
Unencrypted VMCB
Inference by reading

ROP attacks by altering

Page fault side channel
Page offset mask
Unprotected I/O
IOMMU & ASID
Encryption/decryption
racles

VMM VM VM

CPU Mem I/O

SWIOTLB SWIOTLB Li, Zhang, Lin, Solihin, “Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization”, Usenix Security 2019

SLIDE 8

Side-Channel Attack Surface

fetcher

Translation Units ITLB DTLB STLB paging caches page tables

decoder issuer scheduler

port n port 0 port 1 port 2 Execution Units

……

port 3 BPU BTB RSB store buffer load buffer Cache & Memory

L1-I

L2 LLC DRAM LFB

L1-D

SLIDE 9

Solutions to SGX/SEV side- channel attacks

SLIDE 10

Solutions to SGX Side Channels?

Hypervisor VM VM

Cross-VM/Process Attacks SGX Attacks

Enclave Enclave OS

SLIDE 11

Three Ideas of Mitigating SGX Side Channels

Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves”, ACM CCS 2017 Chen, Chen, Xiao, Zhang, Lin, Lai, “SGXPECTRE: Stealing Intel Secrets from SGX Enclaves via Speculative Execution”, IEEE EuroS&P 2019 Wang, Zhang, Lin, “Time and Order: Towards Automatically Identifying Side-Channel Vulnerabilities in Enclave Binaries”, RAID 2019

Vulnerability Detection

Analyzing enclave

code to eliminate

Secret-dependent

memory access

Spectre gadgets

SLIDE 12

Three Ideas of Mitigating SGX Side Channels

Attack Prevention

Preventing side-

channel attacks by enforcing oblivious execution

Ahmad, Joe, Xiao, Zhang, Shin, Lee, “OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX”, NDSS 2019

Vulnerability Detection

Analyzing enclave

code to eliminate

Secret-dependent

memory access

Spectre gadgets

SLIDE 13

Three Ideas of Mitigating SGX Side Channels

Attack Detection

Detecting side-

channel attacks at runtime via program instrumentation

Chen, Zhang, Reiter, Zhang, “Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU”, ACM AsiaCCS 2017 Chen, Wang, Chen, Chen, Zhang, Wang, Lai, Lin, Racing in Hyperspace: Closing Hyper- Threading Side Channels on SGX with Contrived Data Races, IEEE S&P 2018

Attack Prevention

Preventing side-

channel attacks by enforcing oblivious execution

Vulnerability Detection

Analyzing enclave

code to eliminate

Secret-dependent

memory access

Spectre gadgets

SLIDE 14

Side-Channel Attacks and Defenses for SGX and SEV

Yinqian Zhang Associate Professor

Computer Science & Engineering The Ohio State University

Side-Channel Attacks and Defenses for SGX and SEV

Yinqian Zhang Associate Professor

Userland TEEs on Commodity Processors

Application OS Enclave Enclave CPU

VMM VM CPU VM

Side-Channel Threats on Intel SGX

Application OS Enclave CPU Mem I/O Privileged Adversary

Side-Channel Threats on AMD SEV

Privileged Adversary

VMM VM VM

CPU Mem I/O

Example: Deterministic Page Fault Side Channels

Kernel

Example: Fine-Grained CPU Preemption

OS (CPU Scheduler) CPU Page/Cache/BPU

Application Enclave

More Issues with AMD SEV

VMM VM VM

CPU Mem I/O

Side-Channel Attack Surface

fetcher

decoder issuer scheduler

……

Solutions to SGX/SEV side- channel attacks

Solutions to SGX Side Channels?

Hypervisor VM VM

Cross-VM/Process Attacks SGX Attacks

Enclave Enclave OS

Three Ideas of Mitigating SGX Side Channels

Vulnerability Detection

Three Ideas of Mitigating SGX Side Channels

Attack Prevention

Vulnerability Detection

Three Ideas of Mitigating SGX Side Channels

Attack Detection

Attack Prevention

Vulnerability Detection

Side-Channel Attacks and Defenses for SGX and SEV

Thank You!

yinqian@cse.ohio-state.edu