research-article

Preventing Page Faults from Telling Your Secrets

Authors:

Zheng Leong Chua,

Viswesh Narayanan,

Prateek SaxenaAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 317 - 328

https://doi.org/10.1145/2897845.2897885

Published: 30 May 2016 Publication History

Abstract

New hardware primitives such as Intel SGX secure a user-level process in presence of an untrusted or compromised OS. Such "enclaved execution" systems are vulnerable to several side-channels, one of which is the page fault channel. In this paper, we show that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many case-studies. To mitigate this, we propose a software-only defense that masks page fault patterns by determinising the program's memory access behavior. We show that such a technique can be built into a compiler, and implement it for a subset of C which is sufficient to handle the cryptographic routines we study. This defense when implemented generically can have significant overhead of up to 4000X, but with help of developer-assisted compiler optimizations, the overhead reduces to at most 29.22% in our case studies. Finally, we discuss scope for hardware-assisted defenses, and show one solution that can reduce overheads to 6.77% with support from hardware changes.

References

[1]

Clang: A C language family frontend for LLVM. http://clang.llvm.org/.

[2]

Libgcrypt - GNU Project - Free Software Foundation (FSF). https://www.gnu.org/software/libgcrypt/.

[3]

OpenSSL: The Open Source toolkit for SSL/TLS. https://www.openssl.org/.

[4]

Pin - A Dynamic Binary Instrumentation Tool. https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrume%ntation-tool.

[5]

The GNU Privacy Guard. https://www.gnupg.org/.

[6]

The LLVM Compiler Infrastructure. http://llvm.org/.

[7]

Software Guard Extensions Programming Reference. software.intel.com/sites/default/files/329298-001.pdf, Sept 2013.

[8]

Software Guard Extensions Programming Reference Rev. 2. software.intel.com/sites/default/files/329298-002.pdf, Oct 2014.

[9]

A. Aviram, S. Hu, B. Ford, and R. Gummadi. Determinating Timing Channels in Compute Clouds. In CCSW, 2010.

Digital Library

[10]

A. Baumann, M. Peinado, and G. Hunt. Shielding Applications from an Untrusted Cloud with Haven. In OSDI, 2014.

Digital Library

[11]

D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B. Yang. High-speed high-security signatures. J. Cryptographic Engineering, 2(2):77--89, 2012.

[12]

A. Bogdanov, D. Khovratovich, and C. Rechberger. Biclique Cryptanalysis of the Full AES. ASIACRYPT, 2011.

Digital Library

[13]

D. Bovet and M. Cesati. Understanding The Linux Kernel. Oreilly & Associates Inc, 2005.

Digital Library

[14]

D. Brumley and D. Boneh. Remote Timing Attacks are Practical. In USENIX Security, 2003.

Digital Library

[15]

E. Budianto, Y. Jia, X. Dong, P. Saxena, and Z. Liang. You Can't Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers. RAID '14.

[16]

R. Callan, A. Zajic, and M. Prvulovic. A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events. In MICRO, 2014.

Digital Library

[17]

S. Checkoway and H. Shacham. Iago attacks: Why the System Call API is a Bad Untrusted RPC Interface. In ASPLOS, 2013.

Digital Library

[18]

X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. In ASPLOS, 2008.

Digital Library

[19]

J. V. Cleemput, B. Coppens, and B. De Sutter. Compiler Mitigations for Time Attacks on Modern x86 Processors. ACM Trans. Archit. Code Optim., 2012.

Digital Library

[20]

B. Coppens, I. Verbauwhede, K. De Bosschere, and B. De Sutter. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors. In IEEE S&P, 2009.

Digital Library

[21]

A. Dinh, P. Saxena, E. chien Chang, C. Zhang, and B. C. Ooi. M2R: Enabling Stronger Privacy in MapReduce Computation. In USENIX Security, 2015.

Digital Library

[22]

X. Dong, Z. Chen, H. Siadati, S. Tople, P. Saxena, and Z. Liang. Protecting Sensitive Web Content from Client-side Vulnerabilities with CRYPTONS. CCS '13.

Digital Library

[23]

G. Doychev, D. Feld, B. Köpf, L. Mauborgne, and J. Reineke. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In USENIX Security, 2013.

Digital Library

[24]

J. Geffner. VENOM Vulnerability, May 2015.

[25]

O. Goldreich and R. Ostrovsky. Software Protection and Simulation on Oblivious RAMs. Journal of the ACM (JACM), 1996.

Digital Library

[26]

S. M. Hand. Self-paging in the Nemesis Operating System. In OSDI, pages 73--86, 1999.

Digital Library

[27]

M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo. Using Innovative Instructions to Create Trustworthy Software Solutions. In HASP, 2013.

Digital Library

[28]

O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel. InkTag: Secure Applications on an Untrusted Operating System. ASPLOS, 2013.

Digital Library

[29]

R. Hund, C. Willems, and T. Holz. Practical Timing Side Channel Attacks Against Kernel Space ASLR. In IEEE S&P, 2013.

Digital Library

[30]

G. Irazoqui, M. Inci, T. Eisenbarth, and B. Sunar. Wait a Minute! A fast, Cross-VM Attack on AES. In Research in Attacks, Intrusions and Defenses, LNCS, Springer. 2014.

[31]

S. Jana and V. Shmatikov. Memento: Learning Secrets from Process Footprints. In IEEE S&P, May 2012.

Digital Library

[32]

B. Köpf and M. Dürmuth. A Provably Secure and Efficient Countermeasure Against Timing Attacks. In CSF, 2009.

Digital Library

[33]

B. Köpf, L. Mauborgne, and M. Ochoa. Automatic Quantification of Cache Side-channels. In CAV, 2012.

Digital Library

[34]

E. Kushilevitz, S. Lu, and R. Ostrovsky. On the (in)Security of Hash-based Oblivious RAM and a New Balancing Scheme. In SODA, 2012.

Digital Library

[35]

C. Liu, M. Hicks, and E. Shi. Memory Trace Oblivious Program Execution. In CSF, 2013.

Digital Library

[36]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An Execution Infrastructure for TCB Minimization. SIGOPS Oper. Syst. Rev., 2008.

Digital Library

[37]

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. In HASP, 2013.

Digital Library

[38]

D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The Program Counter Security Model: Automatic Detection and Removal of Control-flow Side Channel Attacks. In ICISC, 2006.

Digital Library

[39]

Y. Oren, V. P. Kemerlis, S. Sethumadhavan, and A. D. Keromytis. The Spy in the Sandbox - Practical Cache Attacks in Javascript. CoRR, 2015.

[40]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds. In CCS, 2009.

Digital Library

[41]

F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: Trustworthy Data Analytics in the Cloud. In IEEE S&P, 2015.

Digital Library

[42]

E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li. Oblivious RAM with O ((logN) 3) worst-case cost. In Advances in Cryptology--ASIACRYPT 2011, pages 197--214. Springer, 2011.

Digital Library

[43]

S. Shinde, Z. L. Chua, V. Narayanan, and P. Saxena. Preventing Your Faults from Telling Your Secrets: Defenses against Pigeonhole Attacks. CoRR, abs/1506.04832, 2015.

[44]

S. Shinde, S. Tople, D. Kathayat, and P. Saxena. PodArch: Protecting Legacy Applications with a Purely Hardware TCB. Technical report.

[45]

G. Smith. On the Foundations of Quantitative Information Flow. In FOSSACS, 2009.

[46]

E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: An Extremely Simple Oblivious RAM Protocol. In CCS, 2013.

Digital Library

[47]

D. L. C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In ASPLOS, 2000.

Digital Library

[48]

S. Tople and P. Saxena. On the Trade-Offs in Oblivious Execution Techniques. Technical report.

[49]

S. Tople, S. Shinde, Z. Chen, and P. Saxena. AUTOCRYPT: Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content. CCS '13.

Digital Library

[50]

V. Varadarajan, T. Ristenpart, and M. Swift. Scheduler-based Defenses Against cross-VM Side-channels. In USENIX Security, 2014.

Digital Library

[51]

Y. Xu, W. Cui, and M. Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In IEEE S&P, 2015.

Digital Library

[52]

Y. Yarom and N. Benger. Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack. IACR Cryptology ePrint Archive, 2014.

[53]

D. Zhang, A. Askarov, and A. C. Myers. Language-based Control and Mitigation of Timing Channels. In PLDI, 2012.

Digital Library

[54]

Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM Side Channels and Their Use to Extract Private Keys. In CCS, 2012.

Digital Library

[55]

Y. Zhang, A. Juels, M. K. R. Reiter, and T. Ristenpart. Cross-Tenant Side-Channel Attacks in PaaS Clouds. In CCS, 2014.

Digital Library

[56]

Y. Zhang and M. K. Reiter. Duppel: Retrofitting Commodity Operating Systems to Mitigate Cache Side Channels in the Cloud. In CCS, 2013.

Digital Library

Cited By

Holland WOhrimenko OWirth AQuek TGao DZhou JCardenas A(2024)Single Round-trip Hierarchical ORAM via Succinct IndicesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3656290(1644-1659)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3656290
Li MYang YChen GYan MZhang YQuek TGao DZhou JCardenas A(2024)SoK: Understanding Design Choices and Pitfalls of Trusted Execution EnvironmentsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644993(1600-1616)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3644993
Constable SVan Bulck JCheng XXiao YXing CAlexandrovich IKim TPiessens FVij MSilberstein MCalandrino JTroncoso C(2023)AEX-NotifyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620464(4051-4068)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620464
Show More Cited By

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Telling your secrets without page faults: stealthy page table-based attacks on enclaved execution
SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

Protected module architectures, such as Intel SGX, enable strong trusted computing guarantees for hardware-enforced enclaves on top a potentially malicious operating system. However, such enclaved execution environments are known to be vulnerable to a ...
All Your PC Are Belong to Us: Exploiting Non-control-Transfer Instruction BTB Updates for Dynamic PC Extraction
ISCA '23: Proceedings of the 50th Annual International Symposium on Computer Architecture

Leaking a program's instruction address (PC) pattern, completely and precisely, has long been a sought-after capability for microarchitectural side-channel attackers. Case in point, such a primitive would be sufficient to construct powerful control-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

121
Total Citations
View Citations
835
Total Downloads

Downloads (Last 12 months)86
Downloads (Last 6 weeks)8

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Holland WOhrimenko OWirth AQuek TGao DZhou JCardenas A(2024)Single Round-trip Hierarchical ORAM via Succinct IndicesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3656290(1644-1659)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3656290
Li MYang YChen GYan MZhang YQuek TGao DZhou JCardenas A(2024)SoK: Understanding Design Choices and Pitfalls of Trusted Execution EnvironmentsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644993(1600-1616)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3644993
Constable SVan Bulck JCheng XXiao YXing CAlexandrovich IKim TPiessens FVij MSilberstein MCalandrino JTroncoso C(2023)AEX-NotifyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620464(4051-4068)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620464
Yan FWu RZhang LCao Y(2023)SPIDER: Speeding up Side-Channel Vulnerability Detection via Test Suite ReductionTsinghua Science and Technology10.26599/TST.2021.901007828:1(47-58)Online publication date: Feb-2023
https://doi.org/10.26599/TST.2021.9010078
Maliszewski KQuiané-Ruiz JMarkl V(2023)Cracking-Like Join for Trusted Execution EnvironmentsProceedings of the VLDB Endowment10.14778/3598581.359860216:9(2330-2343)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.14778/3598581.3598602
Li FLi XGao M(2023)Secure MLaaS with Temper: Trusted and Efficient Model Partitioning and Enclave ReuseProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627145(621-635)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627145
Koshiba AGust FPritzi JVahldiek-Oberwagner ASantos NBhatotia P(2023)Trusted Heterogeneous Disaggregated ArchitecturesProceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3609510.3609812(72-79)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1145/3609510.3609812
Park JKang B(2023)EnclaveVPN: Toward Optimized Utilization of Enclave Page Cache and Practical Performance of Data Plane for Security-Enhanced Cloud VPNProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607210(397-411)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607210
Yu JJaeger TFletcher CSolihin YHeinrich M(2023)All Your PC Are Belong to Us: Exploiting Non-control-Transfer Instruction BTB Updates for Dynamic PC ExtractionProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589100(1-14)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589100
Ghaniyoun MBarber KXiao YZhang YTeodorescu RSolihin YHeinrich M(2023)TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution EnvironmentsProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589070(1-15)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589070
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents