2020
DOI: 10.1109/msec.2019.2963021
|View full text |Cite
|
Sign up to set email alerts
|

SgxPectre: Stealing Intel Secrets From SGX Enclaves via Speculative Execution

Abstract: This paper presents SgxPectre Attacks that exploit the recently disclosed CPU bugs to subvert the confidentiality and integrity of SGX enclaves. Particularly, we show that when branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow of the enclave program can be temporarily altered to execute instructions that lead to observable cache-state changes. An adversary observing such changes can learn secrets inside the enclave memory or its internal registers, thus c… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
161
0

Year Published

2020
2020
2022
2022

Publication Types

Select...
5
3

Relationship

2
6

Authors

Journals

citations
Cited by 116 publications
(162 citation statements)
references
References 49 publications
1
161
0
Order By: Relevance
“…Spectre v2 [17] targets BTB storing the branch targets of indirect branch instructions. SGXPectre [6] makes use of this variant to steal secret from SGX enclaves. • Return Stack Buffer (RSB).…”
Section: Related Workmentioning
confidence: 99%
“…Spectre v2 [17] targets BTB storing the branch targets of indirect branch instructions. SGXPectre [6] makes use of this variant to steal secret from SGX enclaves. • Return Stack Buffer (RSB).…”
Section: Related Workmentioning
confidence: 99%
“…We acknowledge that several recent studies have uncovered side-channel attacks to compromise the confidentiality of Intel SGX [13,19,23,28,29,31]. Also, multiple mitigation techniques have been proposed to address attack-specific issues [18,[24][25][26].…”
Section: The Enclave E Is Loaded Inside a Properly Implemented And Mamentioning
confidence: 99%
“…Performance degradation of ∼40% is reported for a database application generating 200K requests per second to the untrusted OS. Moreover, various microarchitecture state leakage channels in SGX have led to security vulnerabilities [16], [17].…”
Section: A Secure Processor Architecturesmentioning
confidence: 99%
“…The performance of an SGX-like enclave setup suffers by ∼33% since it incurs overheads associated with pipeline flushing and cryptography operations on every secure enclave entry and exit. Moreover, due to temporal execution of the secure enclave with insecure processes, an attacker process can either directly monitor accesses made by the enclave [1], [4], [16], or befuddle the system in making speculative accesses [5], [6], [17] to leak secure enclave's data.…”
Section: Introductionmentioning
confidence: 99%