| 题名 | ENCLYZER: Automated Analysis of Transient Data Leaks on Intel SGX |
| 作者 | |
| DOI | |
| 发表日期 | 2022
|
| 会议名称 | IEEE International Symposium on Secure and Private Execution Environment Design (SEED)
|
| ISBN | 978-1-6654-8527-2
|
| 会议录名称 | |
| 页码 | 145-156
|
| 会议日期 | 26-27 Sept. 2022
|
| 会议地点 | Storrs, CT, USA
|
| 出版地 | 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
|
| 出版者 | |
| 摘要 | Trusted Execution Environment (TEE) is the cornerstone of confidential computing. Among other TEEs, Intel (R) Secure Guard Extensions (Intel (R) SGX) is the most prominent solution that is frequently used in the public cloud to provide confidential computing services. Intel (R) SGX promotes runtime confidentiality and integrity of enclaves with minimal modifications to existing CPU microarchitectures. However, Transient Execution Attacks, such as L1 Terminal Fault (L1TF), Microarchitectural Data Sampling (MDS), and Transactional Asynchronous Abort (TAA) have exposed certain vulnerabilities within Intel (R) SGX solution. Over the past few years, Intel has developed various countermeasures against most of these vulnerabilities via microcode updates and hardware fixes. However, arguably, there are no existing tools nor studies that can measurably verify the effectiveness of these countermeasures. In this paper, we introduce an automated analysis tool, called ENCLYZER, to evaluate Transient Execution Vulnerabilities on Intel (R) SGX. We leverage ENCLYZER to comprehensively analyze a set of processors, with multiple versions of their microcode, to verify the correctness of these countermeasures. Our empirical analysis suggests that most countermeasures are effective in preventing attacks that are initiated from the same CPU hyperthread, but less effective for cross-thread attacks. Therefore, the application of the latest microcode patches and disabling hyperthreading is warranted to enhance the security of Intel (R) SGX-enabled systems. Security Configurations like hyperthreading disabled/enabled are attestable on Intel (R) SGX platform to provide user with increased confidence in making decision on system trustworthiness. Note that the Security Configurations cannot be modified without a system reboot. |
| 关键词 | |
| 学校署名 | 第一
|
| 语种 | 英语
|
| 相关链接 | [IEEE记录] |
| 收录类别 | |
| WOS研究方向 | Computer Science
; Engineering
|
| WOS类目 | Computer Science, Hardware & Architecture
; Computer Science, Information Systems
; Computer Science, Theory & Methods
; Engineering, Electrical & Electronic
|
| WOS记录号 | WOS:000889465400013
|
| 来源库 | IEEE
|
| 全文链接 | https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9935016 |
| 引用统计 |
被引频次[WOS]:2
|
| 成果类型 | 会议论文 |
| 条目标识符 | http://sustech.caswiz.com/handle/2SGJ60CL/412120 |
| 专题 | 南方科技大学 |
| 作者单位 | 1.Southern University of Science and Technology 2.Intel Labs 3.The Ohio State University |
| 第一作者单位 | 南方科技大学 |
| 第一作者的第一单位 | 南方科技大学 |
| 推荐引用方式 GB/T 7714 |
Jiuqin Zhou,Yuan Xiao,Radu Teodorescu,et al. ENCLYZER: Automated Analysis of Transient Data Leaks on Intel SGX[C]. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA:IEEE COMPUTER SOC,2022:145-156.
|
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论