This website requires JavaScript.

Efficiently Hardening SGX Enclaves against Memory Access Pattern Attacks via Dynamic Program Partitioning

Yuzhe TangKai LiYibo WangJiaqi Chen
Dec 2022
摘要
Intel SGX is known to be vulnerable to a class of practical attacksexploiting memory access pattern side-channels, notably page-fault attacks andcache timing attacks. A promising hardening scheme is to wrap applications inhardware transactions, enabled by Intel TSX, that return control to thesoftware upon unexpected cache misses and interruptions so that the existingside-channel attacks exploiting these micro-architectural events can bedetected and mitigated. However, existing hardening schemes scale only tosmall-data computation, with a typical working set smaller than one or fewtimes (e.g., $8$ times) of a CPU data cache. This work tackles the data scalability and performance efficiency of securityhardening schemes of Intel SGX enclaves against memory-access pattern sidechannels. The key insight is that the size of TSX transactions in the targetcomputation is critical, both performance- and security-wise. Unlike theexisting designs, this work dynamically partitions target computations toenlarge transactions while avoiding aborts, leading to lower performanceoverhead and improved side-channel security. We materialize the dynamicpartitioning scheme and build a C++ library to monitor and model cacheutilization at runtime. We further build a data analytical system using thelibrary and implement various external oblivious algorithms. Performanceevaluation shows that our work can effectively increase transaction size andreduce the execution time by up to two orders of magnitude compared with thestate-of-the-art solutions.
展开全部
图表提取

暂无人提供速读十问回答

论文十问由沈向洋博士提出,鼓励大家带着这十个问题去阅读论文,用有用的信息构建认知模型。写出自己的十问回答,还有机会在当前页面展示哦。

Q1论文试图解决什么问题?
Q2这是否是一个新的问题?
Q3这篇文章要验证一个什么科学假设?
0
被引用
笔记
问答