SGX-LEGO: Fine-grained SGX controlled-channel attack and its countermeasure

Cited 11 time in webofscience Cited 8 time in scopus
  • Hit : 992
  • Download : 0
The introduction of Intel Software Guard eXtension (SGX) prompted security researchers to verify its effectiveness. One of the frequently discussed attacks against SGX is the side-channel attack by gathering page-fault information (controlled-channel attack). Owing to SGX's hardware features, the faulting address of the enclave memory is page-masked. Because of this, both the controlled-channel attack and the defenses of SGX are built under the assumption that an attacker observes the memory access attempts of the enclave code with page-granularity. However, Van Bluck et al. recently demonstrated a controlled-channel attack technique which negates the prior assumption of page-granularity. In this paper, we introduce a new class of attack that stems from the reduced controlled-channel granularity, i.e., the Version IDentification attack (VID). The goal of VID attack is identifying the detailed code information inside SGX enclave by analyzing the fine-grained SGX controlled-channel. To protect enclave memory from such attack, we design and implement SGX-LEGO, an automated system that adopts execution polymorphism to the SGX enclave code. Previous defense approaches against controlled-channel attacks can be broadly categorized into two types: (i) disclosing the fault information and (ii) rendering the fault information useless. SGX-LEGO uses the latter approach by permuting the memory access sequence at the instruction level. In SGX-LEGO design, we leverage the concept of code-reuse-programming to overcome the implementation challenges regarding SGX page management. In the evaluation, we show how VID attacks the cryptographic functions, and demonstrate the efficacy of SGX-LEGO in security perspective and performance. (C) 2018 Elsevier Ltd. All rights reserved.
Issue Date
Article Type

COMPUTERS & SECURITY, v.82, pp.118 - 139

Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 11 items in WoS Click to see citing articles in records_button


  • mendeley


rss_1.0 rss_2.0 atom_1.0