Defeating Speculative-Execution Attacks on SGX with HyperRace

• Published in: 2019 IEEE Conference on Dependable and Secure Computing (DSC) pp. 1 - 8
• Main Authors: Chen, Guoxing, Li, Mengyuan, Zhang, Fengwei, Zhang, Yinqian
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.11.2019
• Subjects: Buffer storage; Hardware; Instruction sets; Intel SGX; remote attestation; Seals; Security; speculative-execution attacks
• DOI: 10.1109/DSC47296.2019.8937682

Speculative-execution attacks, such as SgxSpectre, Foreshadow, and MDS attacks, leverage recently disclosed CPU hardware vulnerabilities and micro-architectural side channels to breach the confidentiality and integrity of Intel Software Guard eXtensions (SGX). Unlike traditional micro-architectural side-channel attacks, speculative-execution attacks extract any data in the enclave memory, which makes them very challenging to defeat purely from the software. However, to date, Intel has not completely mitigated the threats of speculative-execution attacks from the hardware. Hence, future attack variants may emerge. This paper proposes a software-based solution to speculative-execution attacks, even with the strong assumption that confidentiality of enclave memory is compromised. Our solution extends an existing work called HyperRace, which is a compiler-assisted tool for detecting Hyper-Threading based side-channel attacks against SGX enclaves, to thwart speculative-execution attacks from within SGX enclaves. It requires supports from the untrusted operating system, e.g., for temporarily disabling interrupts, but verifies the OS's behaviors. Additional microcode upgrades are required from Intel to secure the attestation flow.