Avoiding leakage and synchronization attacks through enclave-side preemption control

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Standard

Avoiding leakage and synchronization attacks through enclave-side preemption control. / Völp, Marcus; Lackorzynski, Adam; Decouchant, Jérémie; Rahli, Vincent; Rocha, Francisco; Veríssimo, Paulo Jorge Esteves.

Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016. Association for Computing Machinery (ACM), 2016. p. 6:1-6:6 6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Völp, M, Lackorzynski, A, Decouchant, J, Rahli, V, Rocha, F & Veríssimo, PJE 2016, Avoiding leakage and synchronization attacks through enclave-side preemption control. in Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016., 6, Association for Computing Machinery (ACM), pp. 6:1-6:6. https://doi.org/10.1145/3007788.3007794

APA

Völp, M., Lackorzynski, A., Decouchant, J., Rahli, V., Rocha, F., & Veríssimo, P. J. E. (2016). Avoiding leakage and synchronization attacks through enclave-side preemption control. In Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016 (pp. 6:1-6:6). [6] Association for Computing Machinery (ACM). https://doi.org/10.1145/3007788.3007794

Vancouver

Völp M, Lackorzynski A, Decouchant J, Rahli V, Rocha F, Veríssimo PJE. Avoiding leakage and synchronization attacks through enclave-side preemption control. In Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016. Association for Computing Machinery (ACM). 2016. p. 6:1-6:6. 6 https://doi.org/10.1145/3007788.3007794

Author

Völp, Marcus ; Lackorzynski, Adam ; Decouchant, Jérémie ; Rahli, Vincent ; Rocha, Francisco ; Veríssimo, Paulo Jorge Esteves. / Avoiding leakage and synchronization attacks through enclave-side preemption control. Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016. Association for Computing Machinery (ACM), 2016. pp. 6:1-6:6

Bibtex

@inproceedings{ddd16dc2648944e9b5aaf2cca1391d4c,
title = "Avoiding leakage and synchronization attacks through enclave-side preemption control",
abstract = "Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by exploiting concurrency bugs. In this work, we re-investigate delayed preemption (DP) in the context of Intel SGX. DP is a mechanism originally proposed for L4-family microkernels as disable-interrupt replacement. Recapitulating earlier results on language-based information-flow security, we illustrate the construction of leakage-free code for enclaves. However, as long as adversaries have fine-grained control over preemption timing, these solutions are impractical from a performance/complexity perspective. To overcome this, we resort to delayed preemption, and sketch a software implementation for hypervisors providing enclaves as well as a hardware extension for systems like SGX. Finally, we illustrate how static analyses for SGX may be extended to check confidentiality of preemption-delaying programs.",
author = "Marcus V{\"o}lp and Adam Lackorzynski and J{\'e}r{\'e}mie Decouchant and Vincent Rahli and Francisco Rocha and Ver{\'i}ssimo, {Paulo Jorge Esteves}",
year = "2016",
month = dec,
day = "12",
doi = "10.1145/3007788.3007794",
language = "English",
isbn = "978-1-4503-4670-2",
pages = "6:1--6:6",
booktitle = "Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

RIS

TY - GEN

T1 - Avoiding leakage and synchronization attacks through enclave-side preemption control

AU - Völp, Marcus

AU - Lackorzynski, Adam

AU - Decouchant, Jérémie

AU - Rahli, Vincent

AU - Rocha, Francisco

AU - Veríssimo, Paulo Jorge Esteves

PY - 2016/12/12

Y1 - 2016/12/12

N2 - Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by exploiting concurrency bugs. In this work, we re-investigate delayed preemption (DP) in the context of Intel SGX. DP is a mechanism originally proposed for L4-family microkernels as disable-interrupt replacement. Recapitulating earlier results on language-based information-flow security, we illustrate the construction of leakage-free code for enclaves. However, as long as adversaries have fine-grained control over preemption timing, these solutions are impractical from a performance/complexity perspective. To overcome this, we resort to delayed preemption, and sketch a software implementation for hypervisors providing enclaves as well as a hardware extension for systems like SGX. Finally, we illustrate how static analyses for SGX may be extended to check confidentiality of preemption-delaying programs.

AB - Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by exploiting concurrency bugs. In this work, we re-investigate delayed preemption (DP) in the context of Intel SGX. DP is a mechanism originally proposed for L4-family microkernels as disable-interrupt replacement. Recapitulating earlier results on language-based information-flow security, we illustrate the construction of leakage-free code for enclaves. However, as long as adversaries have fine-grained control over preemption timing, these solutions are impractical from a performance/complexity perspective. To overcome this, we resort to delayed preemption, and sketch a software implementation for hypervisors providing enclaves as well as a hardware extension for systems like SGX. Finally, we illustrate how static analyses for SGX may be extended to check confidentiality of preemption-delaying programs.

U2 - 10.1145/3007788.3007794

DO - 10.1145/3007788.3007794

M3 - Conference contribution

SN - 978-1-4503-4670-2

SP - 6:1-6:6

BT - Proceedings of the 1st Workshop on System Software for Trusted Execution, SysTEX@Middleware 2016, Trento, Italy, December 12, 2016

PB - Association for Computing Machinery (ACM)

ER -