Security Vulnerabilities of SGX and Countermeasures: A Survey

Authors:
Shufan Fei

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China
View Profile

,
Zheng Yan

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China and Department of Communications and Networking, Aalto University, Finland

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China and Department of Communications and Networking, Aalto University, Finland
View Profile

,
Wenxiu Ding

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China
View Profile

,
Haomeng Xie

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China

The State Key Lab of ISN, School of Cyber Engineering, Xidian University, China
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 54 Issue 6Article No.: 126pp 1–36https://doi.org/10.1145/3456631

Published:13 July 2021Publication History

ACM Computing Surveys

Abstract

Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.

References

Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Byoungyoung Lee, and Insik Shin. 2019. OBFSCURO: A commodity obfuscation engine on Intel SGX. In 26th Annual Network and Distributed System Security Symposium, (NDSS 2019), (San Diego, CA, February 24-27, 2019).Google ScholarCross Ref
Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU-based attestation and sealing. In 2nd International Workshop on Hardware and Architectural Support for sScurity and Privacy.Google Scholar
Naomi Benger, Joop Van de Pol, Nigel P. Smart, and Yuval Yarom. 2014. “Ooh aah... Just a little bit”: A small amount of side channel can go a long way. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 75–92.Google ScholarDigital Library
Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, and Ahmad-Reza Sadeghi. 2019. DR. SGX: Automated and adjustable side-channel protection for SGX using data location randomization. In 35th Annual Computer Security Applications Conference. 788–800.Google ScholarDigital Library
Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. In 11th USENIX Workshop on Offensive Technologies.Google Scholar
Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. 2016. Securekeeper: Confidential zookeeper using Intel SGX. In 17th International Middleware Conference. 1–13.Google ScholarDigital Library
Xingjuan Cai, Shaojin Geng, Di Wu, Jianghui Cai, and Jinjun Chen. 2020. A multi-cloud model based many-objective intelligent algorithm for efficient task scheduling in Internet of Things. IEEE Internet of Things Journal (2020). https://doi.org/10.1109/JIOT.2020.3040019Google Scholar
Sébastien Carré, Adrien Facon, Sylvain Guilley, Sofiane Takarabt, Alexander Schaub, and Youssef Souissi. 2019. Cache-timing attack detection and prevention. In International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, 13–21.Google ScholarDigital Library
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. 2019. SgxPectre: Stealing intel secrets from sgx enclaves via speculative execution. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 142–157.Google Scholar
Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. 2017. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In 2017 ACM on Asia Conference on Computer and Communications Security. 7–18.Google ScholarDigital Library
Yaxing Chen, Qinghua Zheng, Zheng Yan, and Dan Liu. 2020. QShield: Protecting outsourced cloud data queries with multi-user access control based on SGX. IEEE Transactions on Parallel and Distributed Systems 32, 2 (2020), 485–499.Google ScholarCross Ref
Marco Chiappetta, Erkay Savas, and Cemal Yilmaz. 2016. Real time detection of cache-based side-channel attacks using hardware performance counters. Applied Soft Computing 49 (2016), 1162–1174.Google ScholarDigital Library
Rafael C. R. Condé, Carlos A. Maziero, and Newton C. Will. 2018. Using intel SGX to protect authentication credentials in an untrusted operating system. In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE, 00158–00163.Google Scholar
Victor Costan and Srinivas Devadas. 2016. Intel SGX explained.IACR Cryptol. ePrint Arch. 2016, 86 (2016), 1–118.Google Scholar
Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2017. Secure processors Part I: Background, taxonomy for secure enclaves and Intel SGX architecture. Foundations and Trends in Electronic Design Automation 11, 1–2 (2017), 1–248.Google ScholarCross Ref
Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. 2017. Secure processors Part II: Intel SGX security analysis and MIT sanctum architecture. Foundations and Trends in Electronic Design Automation 11, 3 (2017), 249–361.Google ScholarCross Ref
Fergus Dall, Gabrielle De Micheli, Thomas Eisenbarth, Daniel Genkin, Nadia Heninger, Ahmad Moghimi, and Yuval Yarom. 2018. CacheQuote: Efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 2 (2018), 171–191.Google ScholarCross Ref
Judicael B. Djoko, Jack Lange, and Adam J. Lee. 2019. NEXUS: Practical and secure access control on untrusted storage platforms using client-side SGX. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 401–413.Google Scholar
Shi Dong, Khushnood Abbas, and Raj Jain. 2019. A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access 7 (2019), 80813–80828.Google ScholarCross Ref
Qi Duan and Ehab Al-Shaer. 2013. Traffic-aware dynamic firewall policy management: Techniques and applications. IEEE Communications Magazine 51, 7 (2013), 73–79.Google ScholarCross Ref
Dmitry Evtyushkin, Ryan Riley, Nael CSE and ECE Abu-Ghazaleh, and Dmitry Ponomarev. 2018. Branchscope: A new side-channel attack on directional branch predictor. ACM SIGPLAN Notices 53, 2 (2018), 693–707.Google ScholarDigital Library
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. 2017. Iron: Functional encryption using Intel SGX. In 2017 ACM SIGSAC Conference on Computer and Communications Security. 765–782.Google ScholarDigital Library
Tommaso Frassetto, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. Jitguard: Hardening just-in-time compilers with SGX. In 2017 ACM SIGSAC Conference on Computer and Communications Security. 2405–2419.Google ScholarDigital Library
Benny Fuhry, Lina Hirschoff, Samuel Koesnadi, and Florian Kerschbaum. 2020. SeGShare: Secure group file sharing in the cloud using enclaves. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 476–488.Google ScholarCross Ref
Keke Gai and Meikang Qiu. 2017. An optimal fully homomorphic encryption scheme. In 2017 IEEE 3rd International Conference on Big Data Security on Cloud (bigdatasecurity). IEEE, 101–106.Google ScholarCross Ref
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 207–228.Google ScholarDigital Library
Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering 5, 2 (2015), 95–112.Google ScholarCross Ref
Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Annual Cryptology Conference. Springer, 444–461.Google ScholarCross Ref
Craig Gentry and Dan Boneh. 2009. A Fully Homomorphic Encryption Scheme. Vol. 20.Google Scholar
Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM (JACM) 43, 3 (1996), 431–473.Google ScholarDigital Library
Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security. 1–6.Google ScholarDigital Library
Trusted Computing Group et al. 2011. Trusted Computing Group. TPM main specification level 2 version 1.2, revision 116.Google Scholar
Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In 26th USENIX Security Symposium (USENIX Security 17). 217–233.Google Scholar
Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+ Flush: A fast and stealthy cache attack. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 279–299.Google ScholarDigital Library
Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium (USENIX Security’15). 897–912.Google Scholar
Shay Gueron. 2016. Memory encryption for general-purpose processors. IEEE Security & Privacy 14, 6 (2016), 54–62.Google ScholarDigital Library
David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games–bringing access-based cache attacks on AES to practice. In 2011 IEEE Symposium on Security and Privacy. IEEE, 490–505.Google ScholarDigital Library
Berk Gülmezoğlu, Mehmet Sinan Inci, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. A faster and more realistic flush+ reload attack on AES. In International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, 111–126.Google ScholarDigital Library
Jago Gyselinck, Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2018. Off-limits: Abusing legacy x86 memory segmentation to spy on enclaved execution. In International Symposium on Engineering Secure Software and Systems. Springer, 44–60.Google ScholarCross Ref
Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. DEAL: Differentially private auction for blockchain-based microgrids energy trading. IEEE Transactions on Services Computing 13, 2 (2019), 263–275.Google Scholar
Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. Privacy preservation in blockchain based IoT systems: Integration issues, prospects, challenges, and future research directions. Future Generation Computer Systems 97 (2019), 512–529.Google ScholarDigital Library
Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions.HASP@ ISCA 11, 10.1145 (2013), 2487726–2488370.Google Scholar
ARM Holdings. 2009. ARM security technology: Building a secure system using trustzone technology. Retrieved on June 10, 2021 from https://developer.arm.com/documentation/PRD29-GENC-009492/c?lang=en.Google Scholar
Tianlin Huo, Xiaoni Meng, Wenhao Wang, Chunliang Hao, Pei Zhao, Jian Zhai, and Mingshu Li. 2020. Bluethunder: A 2-level directional predictor based side-channel attack against SGX. IACR Transactions on Cryptographic Hardware and Embedded Systems (2020), 321–347.Google Scholar
Intel Corporation. 2004. Intel architecture software developers manual, volume 1: Basic architecture. IA-32 Intel Architecture Software Developer’s ManualsGoogle Scholar
Mehmet Sinan Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cache attacks enable bulk key recovery on the cloud. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 368–388.Google ScholarCross Ref
Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. A shared cache attack that works across cores and defies VM sandboxing and its application to AES. In 2015 IEEE Symposium on Security and Privacy. IEEE, 591–604.Google ScholarDigital Library
Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In 11th ACM on Asia Conference on Computer and Communications Security. 353–364.Google ScholarDigital Library
Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. 2014. Wait a minute! A fast, Cross-VM attack on AES. In International Workshop on Recent Advances in Intrusion Detection. Springer, 299–319.Google ScholarCross Ref
Yeongjin Jang, Jaehyuk Lee, Sangho Lee, and Taesoo Kim. 2017. SGX-Bomb: Locking down the processor via Rowhammer attack. In 2nd Workshop on System Software for Trusted Execution. 1–6.Google ScholarDigital Library
Jeremy Powell David Kaplan, Jeremy Powell, and Tom Woller. 2016. AMD memory encryption, white paper.Google Scholar
Vishal Karande, Erick Bauman, Zhiqiang Lin, and Latifur Khan. 2017. SGX-LOG: Securing system logs with SGX. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 19–30.Google ScholarDigital Library
Deokjin Kim, Daehee Jang, Minjoon Park, Yunjong Jeong, Jonghwan Kim, Seokjin Choi, and Brent Byunghoon Kang. 2019. SGX-LEGO: Fine-grained SGX controlled-channel attack and its countermeasure. Computers & Security 82 (2019), 118–139.Google ScholarCross Ref
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre attacks: Exploiting speculative execution. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1–19. DOI:10.1109/SP.2019.00002Google ScholarCross Ref
Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Annual International Cryptology Conference. Springer, 388–397.Google ScholarCross Ref
Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre returns! Speculation attacks using the return stack buffer. In 12th USENIX Workshop on Offensive Technologies (USENIX WOOT 18).Google Scholar
Roger Lai. 2013. AMD security and server innovation. UEFI PlugFest-March (2013), 18–22.Google Scholar
Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent Byunghoon Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. In 26th USENIX Security Symposium (USENIX Security 17). 523–539.Google Scholar
Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In 26th USENIX Security Symposium (USENIX Security 17). 557–574.Google Scholar
Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. 2016. Armageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium (USENIX Security’16). 549–564.Google Scholar
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In 2015 IEEE Symposium on Security and Privacy. IEEE, 605–622.Google Scholar
Gao Liu, Zheng Yan, Wei Feng, Xuyang Jing, Yaxing Chen, and Mohammed Atiquzzaman. 2021. SeDID: An SGX-enabled decentralized intrusion detection framework for network trust evaluation. Information Fusion 70 (2021), 100–114.Google ScholarCross Ref
Yangdi Lyu and Prabhat Mishra. 2018. A survey of side-channel attacks on caches and countermeasures. Journal of Hardware and Systems Security 2, 1 (2018), 33–50.Google ScholarCross Ref
Dinesh Raj Mahendran, Arshad Jamal, Rabab Alayham Abbas Helmi, and Mariam Aisha. 2018. Trusted computing and security for computer folders. International Journal of Medical Toxicology & Legal Medicine 21, 3 and 4 (2018), 83–86.Google ScholarCross Ref
Hector Marco-Gisbert and Ismael Ripoll Ripoll. 2019. Address space layout randomization next generation. Applied Sciences 9, 14 (2019), 2928.Google ScholarCross Ref
Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, and Srdjan Capkun. 2018. Delegatee: Brokered delegation using trusted execution environments. In 27th USENIX Security Symposium (USENIX Security 18). 1387–1403.Google Scholar
Sinisa Matetic, Karl Wüst, Moritz Schneider, Kari Kostiainen, Ghassan Karame, and Srdjan Capkun. 2019. BITE: Bitcoin lightweight client privacy using trusted execution. In 28th USENIX Security Symposium (USENIX Security 19). 783–800.Google Scholar
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution.Hasp@ isca 10, 1 (2013).Google Scholar
Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. Cachezoom: How SGX amplifies the power of cache attacks. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 69–90.Google ScholarCross Ref
Morris Thomas. 2011. Trusted Platform Module. Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_796Google Scholar
Bernard Ngabonziza, Daniel Martin, Anna Bailey, Haehyun Cho, and Sarah Martin. 2016. Trustzone explained: Architectural features and use cases. In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). IEEE, 445–451.Google ScholarCross Ref
Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. 2020. A survey of published attacks on intel SGX. arXiv preprint arXiv:2006.13598 (2020).Google Scholar
Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: The case of AES. In Cryptographers’ Track at the RSA Conference. Springer, 1–20.Google Scholar
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM addressing for cross-cpu attacks. In 25th USENIX Security Symposium (USENIX Security’16). 565–581.Google Scholar
Global Platform. 2013. Global platform made simple guide: Trusted execution environment (tee) guide. Derniere visite 12, 4 (2013).Google Scholar
Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. Enclavedb: A secure database using SGX. In 2018 IEEE Symposium on Security and Privacy. IEEE, 264–278.Google ScholarCross Ref
Intel R. 2016. Software guard extensions SDK for Linux* OS, 2016. Citado na (2016).Google Scholar
Ravi Rajwar and Martin Dixon. 2012. Intel transactional synchronization extensions. In Intel Developer Forum San Francisco.Google Scholar
Xiaoyu Ruan. 2014. Platform Embedded Security Technology Revealed. Springer Nature.Google Scholar
Muhammad Sajjad, Ijaz Ul Haq, Jaime Lloret, Weiping Ding, and Khan Muhammad. 2019. Robust image hashing based efficient authentication for smart industrial environment. IEEE Transactions on Industrial Informatics 15, 12 (2019), 6541–6550.Google ScholarCross Ref
Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In 2015 IEEE Symposium on Security and Privacy. IEEE, 38–54.Google ScholarDigital Library
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware guard extension: Using SGX to conceal cache attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 3–24.Google ScholarCross Ref
Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. Black Hat 15 (2015), 71.Google Scholar
Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling address space layout randomization for SGX programs. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017.Google ScholarCross Ref
SGX. 2017. Intel software guard extensions programming reference. (2017).Google Scholar
Hovav Shacham, E. Buchanan, R. Roemer, and S. Savage. 2008. Return-oriented programming: Exploits without code injection. Black Hat USA Briefings (August 2008) (2008).Google Scholar
Vedvyas Shanbhogue, Jason W. Brandt, and Jeff Wiedemeier. 2015. Protecting information processing system secrets from debug attacks. US Patent 8,955,144.Google Scholar
Rupam Kumar Sharma, Hemanta Kumar Kalita, and Biju Issac. 2014. Different firewall techniques: A survey. In Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT). IEEE, 1–6.Google ScholarCross Ref
Changxiang Shen, Huanguo Zhang, Huaimin Wang, Ji Wang, Bo Zhao, Fei Yan, Fajiang Yu, Liqiang Zhang, and Mingdi Xu. 2010. Research on trusted computing and its development. Science China Information Sciences 53, 3 (2010), 405–433.Google ScholarCross Ref
Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society.Google ScholarCross Ref
Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2015. Preventing your faults from telling your secrets: Defenses against pigeonhole attacks. arXiv preprint arXiv:1506.04832 (2015).Google Scholar
Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB linux applications With SGX enclaves. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society.Google ScholarCross Ref
Claudio Soriente, Ghassan Karame, Wenting Li, and Sergey Fedorov. 2019. Replicatee: Enabling seamless replication of sgx enclaves in the cloud. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 158–171.Google ScholarCross Ref
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In 27th USENIX Security Symposium (USENIX Security 18). 991–1008.Google ScholarDigital Library
Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In 26th USENIX Security Symposium (USENIX Security 17). 1041–1056.Google ScholarDigital Library
Marten Van Dijk, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan. 2010. Fully homomorphic encryption over the integers. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 24–43.Google Scholar
Jinwen Wang, Yueqiang Cheng, Qi Li, and Yong Jiang. 2018. Interface-based side channel attack against intel SGX. arXiv preprint arXiv:1811.05378 (2018).Google Scholar
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. 2017. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2421–2434.Google Scholar
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In 2015 IEEE Symposium on Security and Privacy. IEEE, 640–656.Google ScholarDigital Library
Yuval Yarom and Katrina Falkner. 2014. FLUSH + RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security’14). 719–732.Google Scholar
Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2017. CacheBleed: a timing attack on OpenSSL constant-time RSA. Journal of Cryptographic Engineering 7, 2 (2017), 99–112.Google ScholarCross Ref
Peiter Charles Zatko and Dominic Rizzo. 2017. Trusted computing. US Patent 9,569,638.Google Scholar
Huanguo Zhang, Wenbao Han, Xuejia Lai, Dongdai Lin, Jianfeng Ma, and Jianhua Li. 2015. Survey on cyberspace security. Science China Information Sciences 58, 11 (2015), 1–43.Google Scholar
Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2014. Cross-tenant side-channel attacks in PaaS clouds. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 990–1003.Google ScholarDigital Library
Yahui Zhang, Min Zhao, Tingquan Li, and Huan Han. 2020. Survey of attacks and defenses against SGX. In 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC). IEEE, 1492–1496.Google ScholarCross Ref
Wei Zheng, Ying Wu, Xiaoxue Wu, Chen Feng, Yulei Sui, Xiapu Luo, and Yajin Zhou. 2021. A survey of Intel SGX and its applications. Frontiers of Computer Science 15, 3 (2021), 1–15.Google ScholarCross Ref

Index Terms

Security Vulnerabilities of SGX and Countermeasures: A Survey
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Mobile platform security
      2. Trusted computing

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Read More
Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures
Read More
On the Challenges of Detecting Side-Channel Attacks in SGX
RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

Existing tools to detect side-channel attacks on Intel SGX are grounded on the observation that attacks affect the performance of the victim application. As such, all detection tools monitor the potential victim and raise an alarm if the witnessed ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 54, Issue 6
Invited Tutorial
July 2022
799 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3475936
Editor:
Albert Zomaya
University of Sydney, Australia
Issue’s Table of Contents
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 July 2021
- Accepted: 1 March 2021
- Revised: 1 January 2021
- Received: 1 October 2020
Published in csur Volume 54, Issue 6

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Trusted execution environment
security
side-channel attacks
trustworthiness
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 27
  Total Citations
  View Citations
- 7,621
  Total Downloads
- Downloads (Last 12 months)2,148
- Downloads (Last 6 weeks)292
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Security Vulnerabilities of SGX and Countermeasures: A Survey

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Cache Attacks on Intel SGX

Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures

On the Challenges of Detecting Side-Channel Attacks in SGX