Skip to main content

Detecting privileged side-channel attacks in shielded execution with Déjà Vu

Publication ,  Conference
Chen, S; Zhang, X; Reiter, MK; Zhang, Y
Published in: ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
April 2, 2017

Intel Software Guard Extension (SGX) protects the confi- dentiality and integrity of an unprivileged program running inside a secure enclave from a privileged attacker who has full control of the entire operating system (OS). Program ex- ecution inside this enclave is therefore referred to as shielded. Unfortunately, shielded execution does not protect programs from side-channel attacks by a privileged attacker. For in- stance, it has been shown that by changing page table entries of memory pages used by shielded execution, a malicious OS kernel could observe memory page accesses from the execu- tion and hence infer a wide range of sensitive information about it. In fact, this page-fault side channel is only an instance of a category of side-channel attacks, here called privileged side-channel attacks, in which privileged attackers frequently preempt the shielded execution to obtain fine- grained side-channel observations. In this paper, we present Déjà Vu, a software framework that enables a shielded exe- cution to detect such privileged side-channel attacks. Specif- ically, we build into shielded execution the ability to check program execution time at the granularity of paths in its control-flow graph. To provide a trustworthy source of time measurement, Déjà Vu implements a novel software ref- erence clock that is protected by Intel Transactional Syn- chronization Extensions (TSX), a hardware implementation of transactional memory. Evaluations show that Déjà Vu effectively detects side-channel attacks against shielded ex- ecution and against the reference clock itself.

Duke Scholars

Altmetric Attention Stats
Dimensions Citation Stats

Published In

ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security

DOI

ISBN

9781450349444

Publication Date

April 2, 2017

Start / End Page

7 / 18
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Chen, S., Zhang, X., Reiter, M. K., & Zhang, Y. (2017). Detecting privileged side-channel attacks in shielded execution with Déjà Vu. In ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security (pp. 7–18). https://doi.org/10.1145/3052973.3053007
Chen, S., X. Zhang, M. K. Reiter, and Y. Zhang. “Detecting privileged side-channel attacks in shielded execution with Déjà Vu.” In ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, 7–18, 2017. https://doi.org/10.1145/3052973.3053007.
Chen S, Zhang X, Reiter MK, Zhang Y. Detecting privileged side-channel attacks in shielded execution with Déjà Vu. In: ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. 2017. p. 7–18.
Chen, S., et al. “Detecting privileged side-channel attacks in shielded execution with Déjà Vu.” ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, 2017, pp. 7–18. Scopus, doi:10.1145/3052973.3053007.
Chen S, Zhang X, Reiter MK, Zhang Y. Detecting privileged side-channel attacks in shielded execution with Déjà Vu. ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. 2017. p. 7–18.

Published In

ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security

DOI

ISBN

9781450349444

Publication Date

April 2, 2017

Start / End Page

7 / 18