research-article

Free access

An off-chip attack on hardware enclaves via the memory bus

AUTHORs:

Raluca Ada PopaAuthors Info & Claims

SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium

Article No.: 28, Pages 487 - 504

Published: 12 August 2020 Publication History

PDF eReader Publisher Site

Abstract

This paper shows how an attacker can break the confidentiality of a hardware enclave with MEMBUSTER, an off-chip attack based on snooping the memory bus. An attacker with physical access can observe an unencrypted address bus and extract fine-grained memory access patterns of the victim. MEMBUSTER is qualitatively different from prior on-chip attacks to enclaves and is more difficult to thwart.

We highlight several challenges for MEMBUSTER. First, DRAM requests are only visible on the memory bus at last-level cache misses. Second, the attack needs to incur minimal interference or overhead to the victim to prevent the detection of the attack. Lastly, the attacker needs to reverse-engineer the translation between virtual, physical, and DRAM addresses to perform a robust attack. We introduce three techniques, critical page whitelisting, cache squeezing, and oracle-based fuzzy matching algorithm to increase cache misses for memory accesses that are useful for the attack, with no detectable interference to the victim, and to convert memory accesses to sensitive data. We demonstrate MEMBUSTER on an Intel SGX CPU to leak confidential data from two applications: Hunspell and Memcached. We show that a single uninterrupted run of the victim can leak most of the sensitive data with high accuracy.

References

[1]

Intel Software Guard Extensions. https://software.intel.com/sgx. Last accessed: December 2, 2019.

[2]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. In HASP, 2013.

[3]

David Lie, Chandramohan A Thekkath, and Mark Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. ACM SIGOPS Operating Systems Review, 37(5):178-192, 2003.

Digital Library

[4]

Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanović. Keystone: A framework for architecting tees. arXiv preprint arXiv:1907.10119, 2019.

[5]

Victor Costan, Ilia A Lebedev, and Srinivas Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security, 2016.

[6]

J Alex Halderman, Seth D Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A Calandrino, Ariel J Feldman, Jacob Appelbaum, and Edward W Felten. Lest we remember: cold-boot attacks on encryption keys. Communications of the ACM, 2009.

Digital Library

[7]

Christian Priebe, Kapil Vaswani, and Manuel Costa. EnclaveDB - A Secure Database using SGX. In IEEE S&P, 2018.

[8]

Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. VC3: Trustworthy Data Analytics in the Cloud. In IEEE S&P, 2015.

[9]

Tien Tuan Anh Dinh, Prateek Saxena, Ee-Chien Chang, Beng Chin Ooi, and Chunwang Zhang. M2R: Enabling Stronger Privacy in MapReduce Computation. In USENIX Security, 2015.

[10]

Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. SecureKeeper: Confidential ZooKeeper Using Intel SGX. In Middleware, 2016.

[11]

Joshua Lind, Oded Naor, Ittay Eyal, Florian Kelbert, Emin Gün Sirer, and Peter Pietzuch. Teechain: A Secure Payment Network with Asynchronous Blockchain Access. In SOSP, 2019.

[12]

Mitar Milutinovic, Warren He, Howard Wu, and Maxinder Kanwal. Proof of Luck: An Efficient Blockchain Consensus Protocol. In SysTEX, 2016.

Digital Library

[13]

Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. Town crier: An authenticated data feed for smart contracts. In CCS, 2016.

[14]

R. Cheng, F. Zhang, J. Kos, W. He, N. Hynes, N. Johnson, A. Juels, A. Miller, and D. Song. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts. In EuroS&P, 2019.

[15]

Iddo Bentov, Yan Ji, Fan Zhang, Yunqi Li, Xueyuan Zhao, Lorenz Breidenbach, Philip Daian, and Ari Juels. Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware. In CCS, 2017.

[16]

Olga Ohrimenko, Felix Schuster, Cedric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. Oblivious multi-party machine learning on trusted processors. In USENIX Security, 2016.

[17]

Shruti Tople, Karan Grover, Shweta Shinde, Ranjita Bhagwan, and Ramachandran Ramjee. Privado: Practical and Secure DNN Inference. ArXiv, 2018.

[18]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-order Execution. In USENIX Security, 2018.

[19]

Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In CCS, 2017.

[20]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. Software Grand Exposure: SGX Cache Attacks Are Practical. In WOOT, 2017.

Digital Library

[21]

Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In DIMVA, 2017.

[22]

Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. CacheZoom: How SGX Amplifies the Power of Cache Attacks. In CHES, pages 69-90. Springer, 2017.

[23]

Jo Van Bulck, NicoWeichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. Telling Your Secrets Without Page Faults: Stealthy Page Table-based Attacks on Enclaved Execution. In USENIX Security, 2017.

[24]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In S&P, 2015.

Digital Library

[25]

Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, and Dawn Song. PHANTOM: Practical Oblivious Computation in a Secure Processor. In CCS, 2013.

[26]

Victor Costan and Srinivas Devadas. Intel SGX Explained. Cryptology ePrint Archive, Report 2016/086, 2016. http://eprint.iacr.org/2016/086.

[27]

Andrew Huang. Keeping Secrets in Hardware: The Microsoft XboxTM Case Study. In CHES, 2003.

[28]

Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Andre Martin, Christof Fetzer, and Mark Silberstein. Varys: Protecting sgx enclaves from practical side-channel attacks. In USENIX ATC, 2018.

[29]

Guoxing Chen, Wenhao Wang, Tianyu Chen, Sanchuan Chen, Yinqian Zhang, XiaoFeng Wang, Ten-Hwang Lai, and Dongdai Lin. Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. In S&P, 2018.

[30]

Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In USENIX Security, 2017.

Digital Library

[31]

Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In NDSS, 2017.

[32]

Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. Detecting Privileged Side-Channel Attacks in Shielded Execution with DéJà Vu. In AsiaCCS, 2017.

Digital Library

[33]

Xiao Shaun Wang, Kartik Nayak, Chang Liu, T.-H. Hubert Chan, Elaine Shi, Emil Stefanov, and Yan Huang. Oblivious Data Structures. In CCS, 2014.

[34]

Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. Path ORAM: An Extremely Simple Oblivious RAM Protocol. In CCS, 2013.

[35]

Pratyush Mishra, Rishabh Poddar, Jerry Chen, Alessandro Chiesa, and Raluca Ada Popa. Oblix: An efficient oblivious search index. In S&P, 2018.

[36]

Shaizeen Aga and Satish Narayanasamy. InvisiMem: Smart Memory Defenses for Memory Bus Side Channel. In ISCA, 2017.

[37]

Amro Awad, Yipeng Wang, Deborah Shands, and Yan Solihin. ObfusMem: A Low-Overhead Access Obfuscation for Trusted Memories. In ISCA, 2017.

[38]

QEMU: the FAST! processor emulator. https://www.qemu.org/. Last accessed: December 2, 2019.

[39]

Intel Software Guard Extensions Programming Reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. Last accessed: December 2, 2019.

[40]

Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, and Bryan Parno. Komodo: Using verification to disentangle secure-enclave hardware from software. In SOSP, 2017.

[41]

ARM Security IP CryptoIsland Family. https://www.arm.com/products/silicon-ip-security/cryptoisland. Last accessed: December 2, 2019.

[42]

AMD Secure Encrypted Virtualization. https://developer.amd.com/amd-secure-memory-encryption-sme-amd-secure-encrypted-virtualization-sev/. Last accessed: December 2, 2019.

[43]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache Attacks and Countermeasures: The Case of AES. In CT-RSA, 2006.

Digital Library

[44]

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. Last-Level Cache Side-Channel Attacks Are Practical. In S&P, 2015.

Digital Library

[45]

Yuval Yarom and Katrina Falkner. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-channel Attack. In USENIX Security, 2014.

Digital Library

[46]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA, 2016.

Digital Library

[47]

Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. ZombieLoad: Cross-Privilege-Boundary Data Sampling. In CCS, 2019.

[48]

Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring Finegrained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security, 2017.

[49]

Yeongjin Jang, Jaehyuk Lee, Sangho Lee, and Taesoo Kim. SGX-Bomb: Locking Down the Processor via Rowhammer Attack. In SysTEX, 2017.

Digital Library

[50]

Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In CCS, 2016.

[51]

Marcus Brandenburger, Christian Cachin, Matthias Lorenz, and Rüdiger Kapitza. Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory. In DSN, 2017.

[52]

Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. ROTE: Rollback Protection for Trusted Execution. In USENIX Security, 2017.

[53]

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. DRAMA: Exploiting Dram Addressing for Cross-CPU Attacks. In USENIX Security, 2016.

Digital Library

[54]

Chia-che Tsai, Donald E. Porter, and Mona Vij. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In ATC, 2017.

[55]

JKI Inc. JLA320A. https://www.jkic.co.kr/ddr4-protocol-analyzer. Last accessed: December 2, 2019.

[56]

Kibra 480 Analyzer. http://cdn.teledynelecroy.com/files/pdf/lecroy_kibra480_datasheet.pdf. Last accessed: December 2, 2019.

[57]

Nexus Technology MA4100. https://www.nexustechnology.com/products/memoryanalyzers/ma4100-series-memory-analyzer/. Last accessed: December 2, 2019.

[58]

Hunspell. http://hunspell.github.io/. Last accessed: December 2, 2019.

[59]

Brad Fitzpatrick. Distributed caching with memcached. Linux journal, 2004(124):5, 2004.

Digital Library

[60]

Rajesh Nishtala, Hans Fugal, Steven Grimm, Marc Kwiatkowski, Herman Lee, Harry C. Li, Ryan McElroy, Mike Paleczny, Daniel Peek, Paul Saab, David Stafford, Tony Tung, and Venkateshwaran Venkataramani. Scaling Memcache at Facebook. In NSDI, 2013.

Digital Library

[61]

James Langston. Enhancing the Scalability of Memcached. https://software.intel.com/en-us/articles/enhancing-the-scalability-of-memcached. Last accessed: December 2, 2019.

[62]

Yupeng Zhang, Jonathan Katz, and Charalampos Papamanthou. All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption. In USENIX Security, 2016.

[63]

Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3A: System Programming Guide, Part 1. https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-vol-3a-part-1-manual.pdf. Last accessed: December 2, 2019.

[64]

Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher Fletcher, Roy Campbell, and Josep Torrellas. Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World. In S&P, 2019.

[65]

Khang T Nguyen. Introduction to Cache Allocation Technology in the Intel® Xeon® Processor E5 v4 Family. https://software.intel.com/en-us/articles/introduction-to-cache-allocation-technology, Febuary 2016.

[66]

Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In OSDI, 2016.

[67]

Software Guard Extenstion (SGX) SDK for Linux. https://github.com/intel/linux-sgx. Last accessed: December 2, 2019.

[68]

RISC-V ISA Simulator. https://riscv.org/software-tools/risc-v-isa-simulator/. Last accessed: December 2, 2019.

[69]

Spell Checker Oriented Word Lists. http://wordlist.aspell.net/. Last accessed: December 2, 2019.

[70]

Enron Email Dataset. https://www.cs.cmu.edu/~./enron/. Last accessed: December 2, 2019.

[71]

NLTK data 3.4.5 documentation. https://www.nltk.org/data.html. Last accessed: December 2, 2019.

[72]

GNU Privacy Guard. http://www.gnupg.org. Last accessed: December 2, 2019.

[73]

Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. ZeroTrace : Oblivious Memory Primitives from Intel SGX. In NDSS, 2017.

[74]

J Thomas Pawlowski. Hybrid Memory Cube (HMC). In 2011 IEEE Hot Chips 23 Symposium (HCS), 2011.

[75]

Oliver Kömmerling and Markus G Kuhn. Design Principles for Tamper-Resistant Smartcard Processors. In Smartcard, 1999.

Cited By

Yan YMishra PHuang WMehta ABalmau OLie DDing AAral AHilt V(2024)Stream Processing with Adaptive Edge-Enhanced Confidential ComputingProceedings of the 7th International Workshop on Edge Systems, Analytics and Networking10.1145/3642968.3654819(37-42)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642968.3654819
Ahmad AOu BLiu CZhang XFonseca PAamodt TSwift MJerger N(2023)Veil: A Protected Services Framework for Confidential Virtual MachinesProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624763(378-393)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624763
Ro YJin SHuh JKim JMartínez JDuato JJohn L(2021)Ghost routing to enable oblivious computation on memory-centric networksProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00077(930-943)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00077
Show More Cited By

Index Terms

An off-chip attack on hardware enclaves via the memory bus
1. Social and professional topics

Index terms have been assigned to the content through auto-classification.

Recommendations

SnakeGX: A Sneaky Attack Against SGX Enclaves
Applied Cryptography and Network Security
Abstract
Intel Software Guard eXtension (SGX) is a technology to create enclaves (i.e., trusted memory regions) hardware isolated from a compromised operating system. Recently, researchers showed that unprivileged adversaries can mount code-reuse attacks ...
Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
CYSARM'20: Proceedings of the 2nd Workshop on Cyber-Security Arms Race

Systems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core ...
Scalable directory architecture for distributed shared memory chip multiprocessors

Traditional Directory-based cache coherence protocol is far from optimal for large-scale cache coherent shared memory multiprocessors due to the increasing latency to access directories stored in DRAM memory. Instead of keeping directories in main ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium

August 2020

2809 pages

ISBN:978-1-939133-17-5

Program Chairss:
Srdjan Capkun
ETH Zurich
,
Franziska Roesner
University of Washington

Copyright © 2020.

Sponsors

Facebook
Microsoft
IBM
ByteDance
Google Inc.

Publisher

USENIX Association

United States

Publication History

Published: 12 August 2020

Qualifiers

Research-article

Acceptance Rates

Overall Acceptance Rate 40 of 100 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
93
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)5

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yan YMishra PHuang WMehta ABalmau OLie DDing AAral AHilt V(2024)Stream Processing with Adaptive Edge-Enhanced Confidential ComputingProceedings of the 7th International Workshop on Edge Systems, Analytics and Networking10.1145/3642968.3654819(37-42)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642968.3654819
Ahmad AOu BLiu CZhang XFonseca PAamodt TSwift MJerger N(2023)Veil: A Protected Services Framework for Confidential Virtual MachinesProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624763(378-393)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624763
Ro YJin SHuh JKim JMartínez JDuato JJohn L(2021)Ghost routing to enable oblivious computation on memory-centric networksProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00077(930-943)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00077
Oh HAhmad APark SLee BPaek YLigatti JOu XKatz JVigna G(2020)TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGAProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417265(1903-1918)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417265

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents