Malware Guard Extension:abusing Intel SGX to conceal cache attacks
作者机构:Graz University of TechnologyGrazAustria CNRSIRISARennesFrance.
出 版 物:《Cybersecurity》 (网络空间安全科学与技术(英文))
年 卷 期:2020年第3卷第1期
页 面:22-41页
核心收录:
学科分类:0839[工学-网络空间安全] 08[工学]
基 金:This project has received funding from the European Research Council(ERC)under the European Union’s Horizon 2020 research and innovation programme(grant agreement No 681402) This work was partially supported by the TU Graz LEAD project“Dependable Internet of Things in Adverse Environments”
主 题:Intel SGX Side channel Side-channel attack Prime+Probe
摘 要:In modern computer systems,user processes are isolated from each other by the operating system and the ***,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical ***,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and *** SGX provides a mechanism that addresses this *** aims at protecting user-level software from attacks from other processes,the operating system,and even physical *** this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located *** attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal ***,we demonstrate our attack both in a native environment and across multiple Docker *** perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication *** attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared *** a semi-synchronous attack,we extract 96%of an RSA private key from a single *** extract the full RSA private key in an automated attack from 11 traces within 5 min.
维普期刊数据库