research-article

Open access

Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu

Authors:

Xiaokuan Zhang,

Michael K. Reiter,

Yinqian ZhangAuthors Info & Claims

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Pages 7 - 18

https://doi.org/10.1145/3052973.3053007

Published: 02 April 2017 Publication History

Abstract

Intel Software Guard Extension (SGX) protects the confidentiality and integrity of an unprivileged program running inside a secure enclave from a privileged attacker who has full control of the entire operating system (OS). Program execution inside this enclave is therefore referred to as shielded. Unfortunately, shielded execution does not protect programs from side-channel attacks by a privileged attacker. For instance, it has been shown that by changing page table entries of memory pages used by shielded execution, a malicious OS kernel could observe memory page accesses from the execution and hence infer a wide range of sensitive information about it. In fact, this page-fault side channel is only an instance of a category of side-channel attacks, here called privileged side-channel attacks, in which privileged attackers frequently preempt the shielded execution to obtain fine-grained side-channel observations. In this paper, we present Deja Vu, a software framework that enables a shielded execution to detect such privileged side-channel attacks. Specifically, we build into shielded execution the ability to check program execution time at the granularity of paths in its control-flow graph. To provide a trustworthy source of time measurement, Deja Vu implements a novel software reference clock that is protected by Intel Transactional Synchronization Extensions (TSX), a hardware implementation of transactional memory. Evaluations show that Deja Vu effectively detects side-channel attacks against shielded execution and against the reference clock itself.

References

[1]

Intel 64 and IA-32 architectures software developer's manual, combined volumes:1,2A,2B,2C,3A,3B and 3C. http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html. version 052, retrieved on Dec 25, 2014.

[2]

Intel 64 and IA-32 architectures software developer's manual volumes 3d: System programming guide, part 4. http://www.intel.eu/content/www/eu/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-3d-part-4-manual.html. Order Number: 332831-059US, June 2016.

[3]

Intel Software Guard Extensions programming reference. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. October 2014.

[4]

nbench-byte benchmarks. http://www.math.cmu.edu/~florin/bench-32--64/nbench/.

[5]

O. Aciiçmez. Yet another microarchitectural attack: exploiting I-Cache. In 2007 ACM Workshop on Computer Security Architecture, 2007.

Digital Library

[6]

O. Aciiçmez, B. B. Brumley, and P. Grabher. New results on instruction cache attacks. In 12th International Conference on Cryptographic Hardware and Embedded Systems, 2010.

Digital Library

[7]

A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with Haven. ACM Transactions on Computer Systems, 33(3), Aug. 2015.

Digital Library

[8]

S. Checkoway and H. Shacham. Iago attacks: Why the system call API is a bad untrusted RPC interface. In 18th International Conference on Architectural Support for Programming Languages and Operating Systems, 2013.

Digital Library

[9]

H. Chen, F. Zhang, C. Chen, Z. Yang, R. Chen, B. Zang, and W. Mao. Tamper-resistant execution in an untrusted operating system using a virtual machine monitor. Technical report, Fudan University, Aug. 2007.

[10]

X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Bohen, J. Dwoskin, and D. R. K. Ports. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systmes. In 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 2--13.

Digital Library

[11]

Y. Cheng, X. Ding, and R. H. Deng. AppShield: Protecting applications against untrusted operating system. Technical report, Singapore Management University, October 2013.

[12]

J. V. Cleemput, B. Coppens, and B. De~Sutter. Compiler mitigations for time attacks on modern x86 processors. ACM Trans. Archit. Code Optim., 8(4), Jan. 2012.

Digital Library

[13]

S. Crane, A. Homescu, S. Brunthaler, P. Larsen, and M. Franz. Thwarting cache side-channel attacks through dynamic software diversity. In 2015 Network and Distributed System Security (NDSS) Symposium, 2015.

[14]

J. Criswell, N. Dautenhahn, and V. Adve. Virtual ghost: Protecting applications from hostile operating systems. In 19th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 2014.

Digital Library

[15]

L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim., 8(4), Jan. 2012.

Digital Library

[16]

G. Doychev, D. Feld, B. Kopf, L. Mauborgne, and J. Reineke. Cacheaudit: A tool for the static analysis of cache side channels. In 22nd USENIX Security Symposium, 2013.

Digital Library

[17]

P. Godefroid, N. Klarlund, and K. Sen. Dart: Directed automated random testing. SIGPLAN Not., 40(6):213--223, June 2005.

Digital Library

[18]

D. Gruss, R. Spreitzer, and S. Mangard. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium, 2015.

Digital Library

[19]

L. Guan, J. Lin, B. Luo, J. Jing, and J. Wang. Protecting private keys against memory disclosure attacks using hardware transactional memory. In 36th IEEE Symposium on Security and Privacy, 2015.

Digital Library

[20]

D. Gullasch, E. Bangerter, and S. Krenn. Cache games -- bringing access-based cache attacks on AES to practice. In 32nd IEEE Symposium on Security and Privacy, 2011.

Digital Library

[21]

M. Herlihy and J. E. B. Moss. Transactional memory: Architectural support for lock-free data structures. SIGARCH Comput. Archit. News, 21(2):289--300, May 1993.

Digital Library

[22]

O. S. Hofmann, S. Kim, A. M. Dunn, M. Z. Lee, and E. Witchel. InkTag: Secure applications on an untrusted operating system. In 18th International Conference on Architectural Support for Programming Languages and Operating Systems, 2013.

Digital Library

[23]

R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space ASLR. In 34th IEEE Symposium on Security and Privacy, 2013.

Digital Library

[24]

M. S. Inci, B. Gulmezoglu, G. Irazoqui, T. Eisenbarth, and B. Sunar. Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud. Cryptology ePrint Archive, Report 2015/898, 2015. http://eprint.iacr.org/.

[25]

G. Irazoqui, T. Eisenbarth, and B. Sunar. SA: A shared cache attack that works across cores and defies VM sandboxing--and its application to AES. In 36th IEEE Symposium on Security and Privacy, 2015.

Digital Library

[26]

G. Keramidas, A. Antonopoulos, D. N. Serpanos, and S. Kaxiras. Non deterministic caches: A simple and effective defense against side channel attacks. Design Automation for Embedded Systems, 12(3), 2008.

Digital Library

[27]

T. Kim, M. Peinado, and G. Mainar-Ruiz. STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In 21st USENIX Security Symposium, 2012.

Digital Library

[28]

C. Lattner and V. Adve. LLVM: A compilation framework for lifelong program analysis and transformation. In International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization. IEEE Computer Society, 2004.

Digital Library

[29]

P. Li, D. Gao, and M. K. Reiter. Mitigating access-driven timing channels in clouds using StopWatch. In 43rd IEEE/IFIP International Conference on Dependable Systems and Networks, 2013.

Digital Library

[30]

Y. Li, J. McCune, J. Newsome, A. Perrig, B. Baker, and W. Drewry. Minibox: A two-way sandbox for x86 native code. In 2014 USENIX Annual Technical Conference, 2014.

Digital Library

[31]

D. Lie, C. A. Thekkath, and M. Horowitz. Implementing an untrusted operating system on trusted hardware. In 19th ACM Symposium on Operating Systems Principles. ACM, 2003.

Digital Library

[32]

F. Liu and R. B. Lee. Random fill cache architecture. In 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE, 2014.

Digital Library

[33]

F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache side-channel attacks are practical. In 36th IEEE Symposium on Security and Privacy, 2015.

Digital Library

[34]

Y. Liu, Y. Xia, H. Guan, B. Zang, and H. Chen. Concurrent and consistent virtual machine introspection with hardware transactional memory. In 20th International Symposium on High Performance Computer Architecture, 2014.

[35]

H. Mantel and A. Starostin. Transforming Out Timing Leaks, More or Less. Springer International Publishing, 2015.

Digital Library

[36]

R. Martin, J. Demme, and S. Sethumadhavan. Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In 39th Annual International Symposium on Computer Architecture, 2012.

Digital Library

[37]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In 3rd ACM European Conference on Computer Systems, 2008.

Digital Library

[38]

D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In 8th International Conference on Information Security and Cryptology. Springer-Verlag, 2006.

Digital Library

[39]

M. Neve and J.-P. Seifert. Advances on access-driven cache attacks on AES. In 13th International Conference on Selected Areas in Cryptography, 2007.

Digital Library

[40]

Y. Oren, V. P. Kemerlis, S. Sethumadhavan, and A. D. Keromytis. The spy in the sandbox: Practical cache attacks in javascript and their implications. In 22nd ACM Conference on Computer and Communications Security. ACM, 2015.

Digital Library

[41]

C. Percival. Cache missing for fun and profit. In 2005 BSDCan, 2005.

[42]

D. R. K. Ports and T. Garfinkel. Towards application security on untrusted operating systems. In 3rd Workshop on Hot Topics in Security, 2008.

Digital Library

[43]

A. Rane, C. Lin, and M. Tiwari. Raccoon: Closing digital side-channels through obfuscated execution. In 24th USENIX Security Symposium, 2015.

Digital Library

[44]

M.-W. Shih, S. Lee, T. Kim, and M. Peinado. T-SGX: Eradicating controlled-channel attacks against enclave programs. In ISOC Network and Distributed System Security Symposium, 2017.

[45]

S. Shinde, Z. L. Chua, V. Narayanan, and P. Saxena. Preventing page faults from telling your secrets. In 11th ACM Asia Conference on Computer and Communications Security, 2016.

Digital Library

[46]

R. Ta-Min, L. Litty, and D. Lie. Splitting interfaces: Making trust between applications and operating systems configurable. In 7th USENIX Symposium on Operating Systems Design and Implementation, 2006.

Digital Library

[47]

E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on AES, and countermeasures. J. Cryptol., 23(2):37--71, Jan. 2010.

[48]

V. Varadarajan, T. Ristenpart, and M. Swift. Scheduler-based defenses against cross-VM side-channels. In 23th USENIX Security Symposium, 2014.

Digital Library

[49]

B. C. Vattikonda, S. Das, and H. Shacham. Eliminating fine grained timers in Xen. In 3rd ACM Workshop on Cloud Computing Security, 2011.

Digital Library

[50]

Z. Wang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. In 34th annual international symposium on Computer architecture, 2007.

Digital Library

[51]

Z. Wang and R. B. Lee. A novel cache architecture with enhanced performance and security. In 41st IEEE/ACM International Symposium on Microarchitecture, 2008.

Digital Library

[52]

J. C. Wray. An analysis of covert timing channels. In IEEE Symposium on Security and Privacy, 1991.

[53]

Y. Xu, W. Cui, and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In 36th IEEE Symposium on Security and Privacy. IEEE, 2015.

Digital Library

[54]

J. Yang and K. G. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE). ACM, 2008.

Digital Library

[55]

Y. Yarom and K. E. Falkner. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium, 2014.

Digital Library

[56]

F. Zhang, J. Chen, H. Chen, and B. Zang. Cloudvisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In 23rd ACM Symposium on Operating Systems Principles. ACM, 2011.

Digital Library

[57]

T. Zhang, Y. Zhang, and R. Lee. Cloudradar: A real-time side-channel attack detection system in clouds. In 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2016.

[58]

Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM side channels and their use to extract private keys. In ACM Conference on Computer and Communications Security, 2012.

Digital Library

[59]

Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-tenant side-channel attacks in PaaS clouds. In ACM Conference on Computer and Communications Security, 2014.

Digital Library

[60]

Y. Zhang and M. K. Reiter. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In 20th ACM Conference on Computer and Communications Security, 2013.

Digital Library

[61]

Z. Zhou, M. K. Reiter, and Y. Zhang. A software approach to defeating side channels in last-level caches. In 23rd ACM Conference on Computer and Communications Security, 2016.

Digital Library

Cited By

Carpentier RSandu Popa IAnciaux N(2025)Enabling secure data-driven applications: an approach to personal data management using trusted execution environmentsDistributed and Parallel Databases10.1007/s10619-024-07449-143:1Online publication date: 1-Dec-2025
https://dl.acm.org/doi/10.1007/s10619-024-07449-1
Ait Messaoud ABen Mokhtar SSimonet-Boulogne A(2025)Tee-based key-value stores: a surveyThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-024-00877-634:1Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1007/s00778-024-00877-6
Sah PHicks MDoupé AMilburn A(2024)RIPencapsulationProceedings of the 18th USENIX Conference on Offensive Technologies10.5555/3696933.3696943(117-132)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696933.3696943
Show More Cited By

Index Terms

Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu
1. Security and privacy
  1. Systems security
    1. Information flow control

Recommendations

Informer: Protecting Intel SGX from Cross-Core Side Channel Threats
Information and Communications Security
Abstract
As one of the major threats facing Intel SGX, side-channel attacks have been widely researched and disclosed as actual vulnerabilities in recent years, which can severely harm the integrity and confidentiality of programs protected by SGX. Most ...
Shielding software from privileged side-channel attacks
SEC'18: Proceedings of the 27th USENIX Conference on Security Symposium

Commodity operating system (OS) kernels, such as Windows, Mac OS X, Linux, and FreeBSD, are susceptible to numerous security vulnerabilities. Their monolithic design gives successful attackers complete access to all application data and system ...
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Modern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

April 2017

952 pages

ISBN:9781450349444

DOI:10.1145/3052973

General Chairs:
Ramesh Karri
New York University, New York, USA
,
Ozgur Sinanoglu
New York University Abu Dhabi, UAE
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universität Darmstadt, Germany
,
Xun Yi
RMIT University, Australia

Copyright © 2017 Owner/Author.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ASIA CCS '17

Sponsor:

SIGSAC

ASIA CCS '17: ACM Asia Conference on Computer and Communications Security

April 2 - 6, 2017

Abu Dhabi, United Arab Emirates

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

112
Total Citations
View Citations
2,316
Total Downloads

Downloads (Last 12 months)264
Downloads (Last 6 weeks)30

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Carpentier RSandu Popa IAnciaux N(2025)Enabling secure data-driven applications: an approach to personal data management using trusted execution environmentsDistributed and Parallel Databases10.1007/s10619-024-07449-143:1Online publication date: 1-Dec-2025
https://dl.acm.org/doi/10.1007/s10619-024-07449-1
Ait Messaoud ABen Mokhtar SSimonet-Boulogne A(2025)Tee-based key-value stores: a surveyThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-024-00877-634:1Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1007/s00778-024-00877-6
Sah PHicks MDoupé AMilburn A(2024)RIPencapsulationProceedings of the 18th USENIX Conference on Offensive Technologies10.5555/3696933.3696943(117-132)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696933.3696943
Yang XYang XLuo JYi XKhalil ILai SWu WZomaya A(2024)Towards Sustainable Trust: A Practical SGX Aided Anonymous Reputation SystemIEEE Transactions on Sustainable Computing10.1109/TSUSC.2023.33080819:1(88-99)Online publication date: Jan-2024
https://doi.org/10.1109/TSUSC.2023.3308081
Chang ZXie DWang SLi FShen Y(2024)Towards Practical Oblivious Join ProcessingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.331003836:4(1829-1842)Online publication date: Apr-2024
https://doi.org/10.1109/TKDE.2023.3310038
Wichelmann JRabich APätschke AEisenbarth T(2024)Obelix: Mitigating Side-Channels Through Dynamic Obfuscation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00261(4182-4199)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00261
Van Schaik SSeto AYurek TBatori AAlBassam BGenkin DMiller ARonen EYarom YGarman C(2024)SoK: SGX.Fail: How Stuff Gets eXposed2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00260(4143-4162)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00260
Ngai NDemertzis IChamani JPapadopoulos D(2024)Distributed & Scalable Oblivious Sorting and Shuffling2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00153(4277-4295)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00153
Yaoyong WGongxuan Z(2024)An Embedded System I/O Isolation Technology for Raspberry Pi2024 4th International Conference on Intelligent Technology and Embedded Systems (ICITES)10.1109/ICITES62688.2024.10777465(15-20)Online publication date: 20-Sep-2024
https://doi.org/10.1109/ICITES62688.2024.10777465
Xu TDing AFei Y(2024)TrustZoneTunnel: A Cross-World Pattern History Table-Based Microarchitectural Side-Channel Attack2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545376(01-11)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545376
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten