side-channel attacks and defenses for sgx and sev · three ideas of mitigating sgx side channels 18...
TRANSCRIPT
![Page 1: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/1.jpg)
Side-Channel Attacks and Defenses for SGX and SEV
Yinqian ZhangAssociate Professor
Computer Science & EngineeringThe Ohio State University
Open Source Enclave Workshop 2019
![Page 2: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/2.jpg)
Userland TEEs on Commodity Processors
2
Software Guard Extension (2015)
Application
OS
Enclave Enclave
CPU
Secure Encrypted Virtualization (2016-2017)
VMM
VM
CPU
VM
![Page 3: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/3.jpg)
Side-Channel Threats on Intel SGX
3
Application
OS
Enclave
CPU Mem I/O
Privileged Adversary• CPU management
• CPU Scheduling• Interrupt delivery and
handling• Memory management
• Paging• Segmentation
• I/O management• Network• Storage• Display
![Page 4: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/4.jpg)
Side-Channel Threats on AMD SEV
4
Privileged Adversary• CPU management
• CPU Scheduling• Interrupt delivery and
handling• Memory management
• Paging• Segmentation
• I/O management• Network• Storage• Display
VMM
VM VM
CPU Mem I/O
![Page 5: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/5.jpg)
Example: Deterministic Page Fault Side Channels
5
Application
Page 1
ec_mul
Page 2
add_points
Page 3
dup_point
Page Fault
Handler
Page Trace P1P2P1P3P2P1…
Kernel
Physical Page Address 0 DAG UWC R
051 912Page Table Entry
11XD
526263
Global DIR OffsetTableMiddle DIRUpper DIR
+
Page GlobalDirectory
Page UpperDirectory
Page MiddleDirectory
Page Table
cr3 ++
+
P
![Page 6: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/6.jpg)
Example: Fine-Grained CPU Preemption
6
OS (CPU Scheduler)
CPU Page/Cache/BPU
1 instruction
Application
Enclave
![Page 7: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/7.jpg)
More Issues with AMD SEV
7
• Lack of memory integrity• Chosen plaintext attacks• Fault injection attacks• Page table manipulation
• Unencrypted VMCB• Inference by reading
register values at VMExit• ROP attacks by altering
register values• Page fault side channel
• Page offset mask• Unprotected I/O
• IOMMU & ASID• Encryption/decryption
oracles
VMM
VM VM
CPU Mem I/O
SWIOTLB SWIOTLB
Li, Zhang, Lin, Solihin, “Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization”, Usenix Security 2019
![Page 8: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/8.jpg)
Side-Channel Attack Surface
8
fetcher
Translation Units
ITLB DTLB
STLB
paging caches
page tables
decoder
issuer
scheduler
port nport 0 port 1 port 2
Execution Units
……port 3
BPU
BTB
RSB store buffer
load buffer
Cache & Memory
L1-I
L2
LLC
DRAM
LFBL1-D
![Page 9: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/9.jpg)
Solutions to SGX/SEV side-channel attacks
![Page 10: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/10.jpg)
Solutions to SGX Side Channels?
17
Hypervisor
VMVM
Cross-VM/Process Attacks
SGX Attacks
EnclaveEnclave
OS
![Page 11: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/11.jpg)
Three Ideas of Mitigating SGX Side Channels
18
Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves”, ACM CCS 2017
Chen, Chen, Xiao, Zhang, Lin, Lai, “SGXPECTRE: Stealing Intel Secrets from SGX Enclaves via Speculative Execution”, IEEE EuroS&P 2019
Wang, Zhang, Lin, “Time and Order: Towards Automatically Identifying Side-Channel Vulnerabilities in Enclave Binaries”, RAID 2019
Vulnerability Detection
• Analyzing enclave code to eliminate• Secret-dependent
memory access• Spectre gadgets
![Page 12: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/12.jpg)
Three Ideas of Mitigating SGX Side Channels
19
Attack Prevention
• Preventing side-channel attacks by enforcing oblivious execution
Ahmad, Joe, Xiao, Zhang, Shin, Lee, “OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX”, NDSS 2019
Vulnerability Detection
• Analyzing enclave code to eliminate• Secret-dependent
memory access• Spectre gadgets
![Page 13: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/13.jpg)
Three Ideas of Mitigating SGX Side Channels
20
Attack Detection
• Detecting side-channel attacks at runtime via program instrumentation
Chen, Zhang, Reiter, Zhang, “Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU”, ACM AsiaCCS 2017
Chen, Wang, Chen, Chen, Zhang, Wang, Lai, Lin, Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races, IEEE S&P 2018
Attack Prevention
• Preventing side-channel attacks by enforcing oblivious execution
Vulnerability Detection
• Analyzing enclave code to eliminate• Secret-dependent
memory access• Spectre gadgets
![Page 14: Side-Channel Attacks and Defenses for SGX and SEV · Three Ideas of Mitigating SGX Side Channels 18 Xiao, Li, Zhang, “Stacco: Differentially Analyzing Side-Channel Traces for Detecting](https://reader035.vdocuments.us/reader035/viewer/2022071010/5fc821e89fa30043ac1bf1dd/html5/thumbnails/14.jpg)
Side-Channel Attacks and Defenses for SGX and SEV
Yinqian ZhangAssociate Professor
Computer Science & EngineeringThe Ohio State University
Thank [email protected]