Reference : Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
Scientific congresses, symposiums and conference proceedings : Unpublished conference
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/28964
Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
English
Volp, Marcus mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Lackorzynski, Adam mailto [Kernkonzept GmbH und Technische Universität Dresden]
Decouchant, Jérémie mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Rahli, Vincent mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Rocha, Francisco mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Verissimo, Paulo mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
12-Dec-2016
6
Yes
International
1st Workshop on System Software for Trusted Execution (SysTEX '16)
From 12 December 2016 to 16 December 2016
Trento
Italy
[en] Information-flow ; SGX-enclaves ; microkernels ; preemption
[en] Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by exploiting concurrency bugs. In this work, we re-investigate delayed preemption (DP) in the context of Intel SGX. DP is a mechanism originally proposed for L4-family microkernels as disable-interrupt replacement. Recapitulating earlier results on language-based information-flow security, we illustrate the construction of leakage-free code for enclaves. However, as long as adversaries have fine-grained control over preemption timing, these solutions are impractical from a performance/complexity perspective. To overcome this, we resort to delayed preemption, and sketch a software implementation for hypervisors providing enclaves as well as a hardware extension for systems like SGX. Finally, we illustrate how static analyses for SGX may be extended to check confidentiality of preemption-delaying programs.
SnT – Interdisciplinary Centre for Security, Reliability and Trust
Fonds National de la Recherche - FnR ; SnT – Interdisciplinary Centre for Security, Reliability and Trust
http://hdl.handle.net/10993/28964
10.1145/3007788.3007794
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org.
FnR ; FNR8149128 > Paulo Esteves Verissimo > IISD > Strategic RTnD Program on Information Infrastructure Security and Dependability > 01/01/2015 > 31/12/2019 > 2015

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
sgx_dp.pdfAuthor preprint245.86 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.