Skip to Main Content
 

Global Search Box

 
 
 
 

Files

File List


dissertation.pdf (1.73 MB)

ETD Abstract Container

Abstract Header

Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures

Chen, Guoxing
http://rave.ohiolink.edu/etdc/view?acc_num=osu1554949268465917

Abstract Details

2019, Doctor of Philosophy, Ohio State University, Computer Science and Engineering.
Intel Software Guard eXtensions (SGX) provides software applications shielded execution environments to run private code and operate sensitive data, where both the code and data are isolated from the rest of the software systems. Despite of its security promises, today’s SGX design has been demonstrated to be vulnerable to various side-channel attacks, and countermeasures have been proposed to mitigate these attacks. However, current understanding of the attack vectors and the corresponding countermeasures is insufficient. This dissertation explores new attacks when the adversary could exploit hardware features, such as Hyper-Threading and speculative execution, and aims to design comprehensive defense mechanisms that could address existing threats. Specifically, we first demonstrate how to abuse Hyper-Threading to launch attacks that could bypass existing AEX-based mitigations. Then, we introduce SgxPectre Attacks, the SGX-variants of the recently disclosed Spectre attacks, that exploit speculative execution vulnerabilities to subvert the confidentiality of SGX enclaves. On the defense side, we first design and implement HyperRace, an LLVM-based tool for instrumenting SGX enclave programs to eradicate all side-channel threats due to Hyper-Threading. Then, to address the limitations of existing mitigations, we extend the idea of HyperRace and propose the concept of verifiable execution contracts, which request the privileged software to provide a benign execution environment for enclave within which launching attacks becomes infeasible.
Ten H. Lai (Advisor)
Yinqian Zhang (Advisor)
Radu Teodorescu (Committee Member)
Zhiqiang Lin (Committee Member)
162 p.
Computer Engineering; Computer Science
Intel SGX; computer engineering; hyper-threading; speculative execution

Recommended Citations

Citations

  • Chen, G. (2019). Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures [Doctoral dissertation, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1554949268465917

    APA Style (7th edition)

  • Chen, Guoxing. Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures. 2019. Ohio State University, Doctoral dissertation. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=osu1554949268465917.

    MLA Style (8th edition)

  • Chen, Guoxing. "Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures." Doctoral dissertation, Ohio State University, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=osu1554949268465917

    Chicago Manual of Style (17th edition)

osu1554949268465917
592
© 2019, all rights reserved.
This open access ETD is published by The Ohio State University and OhioLINK.