research-article

Open access

Security Vulnerabilities of SGX and Countermeasures: A Survey

Authors:

Haomeng XieAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 6

Article No.: 126, Pages 1 - 36

https://doi.org/10.1145/3456631

Published: 13 July 2021 Publication History

All formats PDF

Abstract

Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.

References

[1]

Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Byoungyoung Lee, and Insik Shin. 2019. OBFSCURO: A commodity obfuscation engine on Intel SGX. In 26th Annual Network and Distributed System Security Symposium, (NDSS 2019), (San Diego, CA, February 24-27, 2019).

[2]

Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU-based attestation and sealing. In 2nd International Workshop on Hardware and Architectural Support for sScurity and Privacy.

[3]

Naomi Benger, Joop Van de Pol, Nigel P. Smart, and Yuval Yarom. 2014. “Ooh aah... Just a little bit”: A small amount of side channel can go a long way. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 75–92.

Digital Library

[4]

Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, and Ahmad-Reza Sadeghi. 2019. DR. SGX: Automated and adjustable side-channel protection for SGX using data location randomization. In 35th Annual Computer Security Applications Conference. 788–800.

Digital Library

[5]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. In 11th USENIX Workshop on Offensive Technologies.

[6]

Stefan Brenner, Colin Wulf, David Goltzsche, Nico Weichbrodt, Matthias Lorenz, Christof Fetzer, Peter Pietzuch, and Rüdiger Kapitza. 2016. Securekeeper: Confidential zookeeper using Intel SGX. In 17th International Middleware Conference. 1–13.

Digital Library

[7]

Xingjuan Cai, Shaojin Geng, Di Wu, Jianghui Cai, and Jinjun Chen. 2020. A multi-cloud model based many-objective intelligent algorithm for efficient task scheduling in Internet of Things. IEEE Internet of Things Journal (2020). https://doi.org/10.1109/JIOT.2020.3040019

[8]

Sébastien Carré, Adrien Facon, Sylvain Guilley, Sofiane Takarabt, Alexander Schaub, and Youssef Souissi. 2019. Cache-timing attack detection and prevention. In International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, 13–21.

Digital Library

[9]

Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. 2019. SgxPectre: Stealing intel secrets from sgx enclaves via speculative execution. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 142–157.

[10]

Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. 2017. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In 2017 ACM on Asia Conference on Computer and Communications Security. 7–18.

Digital Library

[11]

Yaxing Chen, Qinghua Zheng, Zheng Yan, and Dan Liu. 2020. QShield: Protecting outsourced cloud data queries with multi-user access control based on SGX. IEEE Transactions on Parallel and Distributed Systems 32, 2 (2020), 485–499.

[12]

Marco Chiappetta, Erkay Savas, and Cemal Yilmaz. 2016. Real time detection of cache-based side-channel attacks using hardware performance counters. Applied Soft Computing 49 (2016), 1162–1174.

Digital Library

[13]

Rafael C. R. Condé, Carlos A. Maziero, and Newton C. Will. 2018. Using intel SGX to protect authentication credentials in an untrusted operating system. In 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE, 00158–00163.

[14]

Victor Costan and Srinivas Devadas. 2016. Intel SGX explained.IACR Cryptol. ePrint Arch. 2016, 86 (2016), 1–118.

[15]

Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2017. Secure processors Part I: Background, taxonomy for secure enclaves and Intel SGX architecture. Foundations and Trends in Electronic Design Automation 11, 1–2 (2017), 1–248.

[16]

Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. 2017. Secure processors Part II: Intel SGX security analysis and MIT sanctum architecture. Foundations and Trends in Electronic Design Automation 11, 3 (2017), 249–361.

[17]

Fergus Dall, Gabrielle De Micheli, Thomas Eisenbarth, Daniel Genkin, Nadia Heninger, Ahmad Moghimi, and Yuval Yarom. 2018. CacheQuote: Efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 2 (2018), 171–191.

[18]

Judicael B. Djoko, Jack Lange, and Adam J. Lee. 2019. NEXUS: Practical and secure access control on untrusted storage platforms using client-side SGX. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 401–413.

[19]

Shi Dong, Khushnood Abbas, and Raj Jain. 2019. A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access 7 (2019), 80813–80828.

[20]

Qi Duan and Ehab Al-Shaer. 2013. Traffic-aware dynamic firewall policy management: Techniques and applications. IEEE Communications Magazine 51, 7 (2013), 73–79.

[21]

Dmitry Evtyushkin, Ryan Riley, Nael CSE and ECE Abu-Ghazaleh, and Dmitry Ponomarev. 2018. Branchscope: A new side-channel attack on directional branch predictor. ACM SIGPLAN Notices 53, 2 (2018), 693–707.

Digital Library

[22]

Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov. 2017. Iron: Functional encryption using Intel SGX. In 2017 ACM SIGSAC Conference on Computer and Communications Security. 765–782.

Digital Library

[23]

Tommaso Frassetto, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. Jitguard: Hardening just-in-time compilers with SGX. In 2017 ACM SIGSAC Conference on Computer and Communications Security. 2405–2419.

Digital Library

[24]

Benny Fuhry, Lina Hirschoff, Samuel Koesnadi, and Florian Kerschbaum. 2020. SeGShare: Secure group file sharing in the cloud using enclaves. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 476–488.

[25]

Keke Gai and Meikang Qiu. 2017. An optimal fully homomorphic encryption scheme. In 2017 IEEE 3rd International Conference on Big Data Security on Cloud (bigdatasecurity). IEEE, 101–106.

[26]

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 207–228.

Digital Library

[27]

Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering 5, 2 (2015), 95–112.

[28]

Daniel Genkin, Adi Shamir, and Eran Tromer. 2014. RSA key extraction via low-bandwidth acoustic cryptanalysis. In Annual Cryptology Conference. Springer, 444–461.

[29]

Craig Gentry and Dan Boneh. 2009. A Fully Homomorphic Encryption Scheme. Vol. 20.

[30]

Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM (JACM) 43, 3 (1996), 431–473.

Digital Library

[31]

Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security. 1–6.

Digital Library

[32]

Trusted Computing Group et al. 2011. Trusted Computing Group. TPM main specification level 2 version 1.2, revision 116.

[33]

Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In 26th USENIX Security Symposium (USENIX Security 17). 217–233.

[34]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+ Flush: A fast and stealthy cache attack. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 279–299.

Digital Library

[35]

Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium (USENIX Security’15). 897–912.

[36]

Shay Gueron. 2016. Memory encryption for general-purpose processors. IEEE Security & Privacy 14, 6 (2016), 54–62.

Digital Library

[37]

David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games–bringing access-based cache attacks on AES to practice. In 2011 IEEE Symposium on Security and Privacy. IEEE, 490–505.

Digital Library

[38]

Berk Gülmezoğlu, Mehmet Sinan Inci, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. A faster and more realistic flush+ reload attack on AES. In International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, 111–126.

Digital Library

[39]

Jago Gyselinck, Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2018. Off-limits: Abusing legacy x86 memory segmentation to spy on enclaved execution. In International Symposium on Engineering Secure Software and Systems. Springer, 44–60.

[40]

Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. DEAL: Differentially private auction for blockchain-based microgrids energy trading. IEEE Transactions on Services Computing 13, 2 (2019), 263–275.

[41]

Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. Privacy preservation in blockchain based IoT systems: Integration issues, prospects, challenges, and future research directions. Future Generation Computer Systems 97 (2019), 512–529.

Digital Library

[42]

Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions.HASP@ ISCA 11, 10.1145 (2013), 2487726–2488370.

[43]

ARM Holdings. 2009. ARM security technology: Building a secure system using trustzone technology. Retrieved on June 10, 2021 from https://developer.arm.com/documentation/PRD29-GENC-009492/c?lang=en.

[44]

Tianlin Huo, Xiaoni Meng, Wenhao Wang, Chunliang Hao, Pei Zhao, Jian Zhai, and Mingshu Li. 2020. Bluethunder: A 2-level directional predictor based side-channel attack against SGX. IACR Transactions on Cryptographic Hardware and Embedded Systems (2020), 321–347.

[45]

Intel Corporation. 2004. Intel architecture software developers manual, volume 1: Basic architecture. IA-32 Intel Architecture Software Developer’s Manuals

[46]

Mehmet Sinan Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cache attacks enable bulk key recovery on the cloud. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 368–388.

[47]

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. A shared cache attack that works across cores and defies VM sandboxing and its application to AES. In 2015 IEEE Symposium on Security and Privacy. IEEE, 591–604.

Digital Library

[48]

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In 11th ACM on Asia Conference on Computer and Communications Security. 353–364.

Digital Library

[49]

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. 2014. Wait a minute! A fast, Cross-VM attack on AES. In International Workshop on Recent Advances in Intrusion Detection. Springer, 299–319.

[50]

Yeongjin Jang, Jaehyuk Lee, Sangho Lee, and Taesoo Kim. 2017. SGX-Bomb: Locking down the processor via Rowhammer attack. In 2nd Workshop on System Software for Trusted Execution. 1–6.

Digital Library

[51]

Jeremy Powell David Kaplan, Jeremy Powell, and Tom Woller. 2016. AMD memory encryption, white paper.

[52]

Vishal Karande, Erick Bauman, Zhiqiang Lin, and Latifur Khan. 2017. SGX-LOG: Securing system logs with SGX. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 19–30.

Digital Library

[53]

Deokjin Kim, Daehee Jang, Minjoon Park, Yunjong Jeong, Jonghwan Kim, Seokjin Choi, and Brent Byunghoon Kang. 2019. SGX-LEGO: Fine-grained SGX controlled-channel attack and its countermeasure. Computers & Security 82 (2019), 118–139.

[54]

Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre attacks: Exploiting speculative execution. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1–19.

[55]

Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Annual International Cryptology Conference. Springer, 388–397.

[56]

Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre returns! Speculation attacks using the return stack buffer. In 12th USENIX Workshop on Offensive Technologies (USENIX WOOT 18).

[57]

Roger Lai. 2013. AMD security and server innovation. UEFI PlugFest-March (2013), 18–22.

[58]

Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent Byunghoon Kang. 2017. Hacking in darkness: Return-oriented programming against secure enclaves. In 26th USENIX Security Symposium (USENIX Security 17). 523–539.

[59]

Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In 26th USENIX Security Symposium (USENIX Security 17). 557–574.

[60]

Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. 2016. Armageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium (USENIX Security’16). 549–564.

[61]

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In 2015 IEEE Symposium on Security and Privacy. IEEE, 605–622.

[62]

Gao Liu, Zheng Yan, Wei Feng, Xuyang Jing, Yaxing Chen, and Mohammed Atiquzzaman. 2021. SeDID: An SGX-enabled decentralized intrusion detection framework for network trust evaluation. Information Fusion 70 (2021), 100–114.

[63]

Yangdi Lyu and Prabhat Mishra. 2018. A survey of side-channel attacks on caches and countermeasures. Journal of Hardware and Systems Security 2, 1 (2018), 33–50.

[64]

Dinesh Raj Mahendran, Arshad Jamal, Rabab Alayham Abbas Helmi, and Mariam Aisha. 2018. Trusted computing and security for computer folders. International Journal of Medical Toxicology & Legal Medicine 21, 3 and 4 (2018), 83–86.

[65]

Hector Marco-Gisbert and Ismael Ripoll Ripoll. 2019. Address space layout randomization next generation. Applied Sciences 9, 14 (2019), 2928.

[66]

Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, and Srdjan Capkun. 2018. Delegatee: Brokered delegation using trusted execution environments. In 27th USENIX Security Symposium (USENIX Security 18). 1387–1403.

[67]

Sinisa Matetic, Karl Wüst, Moritz Schneider, Kari Kostiainen, Ghassan Karame, and Srdjan Capkun. 2019. BITE: Bitcoin lightweight client privacy using trusted execution. In 28th USENIX Security Symposium (USENIX Security 19). 783–800.

[68]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution.Hasp@ isca 10, 1 (2013).

[69]

Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. Cachezoom: How SGX amplifies the power of cache attacks. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 69–90.

[70]

Morris Thomas. 2011. Trusted Platform Module. Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_796

[71]

Bernard Ngabonziza, Daniel Martin, Anna Bailey, Haehyun Cho, and Sarah Martin. 2016. Trustzone explained: Architectural features and use cases. In 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). IEEE, 445–451.

[72]

Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. 2020. A survey of published attacks on intel SGX. arXiv preprint arXiv:2006.13598 (2020).

[73]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: The case of AES. In Cryptographers’ Track at the RSA Conference. Springer, 1–20.

[74]

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM addressing for cross-cpu attacks. In 25th USENIX Security Symposium (USENIX Security’16). 565–581.

[75]

Global Platform. 2013. Global platform made simple guide: Trusted execution environment (tee) guide. Derniere visite 12, 4 (2013).

[76]

Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. Enclavedb: A secure database using SGX. In 2018 IEEE Symposium on Security and Privacy. IEEE, 264–278.

[77]

Intel R. 2016. Software guard extensions SDK for Linux* OS, 2016. Citado na (2016).

[78]

Ravi Rajwar and Martin Dixon. 2012. Intel transactional synchronization extensions. In Intel Developer Forum San Francisco.

[79]

Xiaoyu Ruan. 2014. Platform Embedded Security Technology Revealed. Springer Nature.

[80]

Muhammad Sajjad, Ijaz Ul Haq, Jaime Lloret, Weiping Ding, and Khan Muhammad. 2019. Robust image hashing based efficient authentication for smart industrial environment. IEEE Transactions on Industrial Informatics 15, 12 (2019), 6541–6550.

[81]

Felix Schuster, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In 2015 IEEE Symposium on Security and Privacy. IEEE, 38–54.

Digital Library

[82]

Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware guard extension: Using SGX to conceal cache attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 3–24.

[83]

Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. Black Hat 15 (2015), 71.

[84]

Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim. 2017. SGX-Shield: Enabling address space layout randomization for SGX programs. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017.

[85]

SGX. 2017. Intel software guard extensions programming reference. (2017).

[86]

Hovav Shacham, E. Buchanan, R. Roemer, and S. Savage. 2008. Return-oriented programming: Exploits without code injection. Black Hat USA Briefings (August 2008) (2008).

[87]

Vedvyas Shanbhogue, Jason W. Brandt, and Jeff Wiedemeier. 2015. Protecting information processing system secrets from debug attacks. US Patent 8,955,144.

[88]

Rupam Kumar Sharma, Hemanta Kumar Kalita, and Biju Issac. 2014. Different firewall techniques: A survey. In Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT). IEEE, 1–6.

[89]

Changxiang Shen, Huanguo Zhang, Huaimin Wang, Ji Wang, Bo Zhao, Fei Yan, Fajiang Yu, Liqiang Zhang, and Mingdi Xu. 2010. Research on trusted computing and its development. Science China Information Sciences 53, 3 (2010), 405–433.

[90]

Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society.

[91]

Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2015. Preventing your faults from telling your secrets: Defenses against pigeonhole attacks. arXiv preprint arXiv:1506.04832 (2015).

[92]

Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB linux applications With SGX enclaves. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society.

[93]

Claudio Soriente, Ghassan Karame, Wenting Li, and Sergey Fedorov. 2019. Replicatee: Enabling seamless replication of sgx enclaves in the cloud. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 158–171.

[94]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In 27th USENIX Security Symposium (USENIX Security 18). 991–1008.

Digital Library

[95]

Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In 26th USENIX Security Symposium (USENIX Security 17). 1041–1056.

Digital Library

[96]

Marten Van Dijk, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan. 2010. Fully homomorphic encryption over the integers. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 24–43.

[97]

Jinwen Wang, Yueqiang Cheng, Qi Li, and Yong Jiang. 2018. Interface-based side channel attack against intel SGX. arXiv preprint arXiv:1811.05378 (2018).

[98]

Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. 2017. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2421–2434.

[99]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In 2015 IEEE Symposium on Security and Privacy. IEEE, 640–656.

Digital Library

[100]

Yuval Yarom and Katrina Falkner. 2014. FLUSH + RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security’14). 719–732.

[101]

Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2017. CacheBleed: a timing attack on OpenSSL constant-time RSA. Journal of Cryptographic Engineering 7, 2 (2017), 99–112.

[102]

Peiter Charles Zatko and Dominic Rizzo. 2017. Trusted computing. US Patent 9,569,638.

[103]

Huanguo Zhang, Wenbao Han, Xuejia Lai, Dongdai Lin, Jianfeng Ma, and Jianhua Li. 2015. Survey on cyberspace security. Science China Information Sciences 58, 11 (2015), 1–43.

[104]

Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2014. Cross-tenant side-channel attacks in PaaS clouds. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 990–1003.

Digital Library

[105]

Yahui Zhang, Min Zhao, Tingquan Li, and Huan Han. 2020. Survey of attacks and defenses against SGX. In 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC). IEEE, 1492–1496.

[106]

Wei Zheng, Ying Wu, Xiaoxue Wu, Chen Feng, Yulei Sui, Xiapu Luo, and Yajin Zhou. 2021. A survey of Intel SGX and its applications. Frontiers of Computer Science 15, 3 (2021), 1–15.

Cited By

Han CKim TLee WShin Y(2024)S-ZAC: Hardening Access Control of Service Mesh Using Intel SGX for Zero Trust in CloudElectronics10.3390/electronics1316321313:16(3213)Online publication date: 14-Aug-2024
https://doi.org/10.3390/electronics13163213
Chen XHe SSun LZheng YWu C(2024)A Survey of Consortium Blockchain and Its ApplicationsCryptography10.3390/cryptography80200128:2(12)Online publication date: 22-Mar-2024
https://doi.org/10.3390/cryptography8020012
Yuan JZhang JQiu PWei XLiu D(2024)A Survey of of Side-Channel Attacks and Mitigation for Processor InterconnectsApplied Sciences10.3390/app1415669914:15(6699)Online publication date: 31-Jul-2024
https://doi.org/10.3390/app14156699
Show More Cited By

Index Terms

Security Vulnerabilities of SGX and Countermeasures: A Survey
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Mobile platform security
      2. Trusted computing

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures
On the Challenges of Detecting Side-Channel Attacks in SGX
RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

Existing tools to detect side-channel attacks on Intel SGX are grounded on the observation that attacks affect the performance of the victim application. As such, all detection tools monitor the potential victim and raise an alarm if the witnessed ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 6

Invited Tutorial

July 2022

799 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3475936

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2021

Accepted: 01 March 2021

Revised: 01 January 2021

Received: 01 October 2020

Published in CSUR Volume 54, Issue 6

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

the National Postdoctoral Program for Innovative Talents
the Academy of Finland
the 111 Project
the Project funded by China Postdoctoral Science Foundation
the Shaanxi Innovation Team Project
the National Natural Science Foundation of China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
8,125
Total Downloads

Downloads (Last 12 months)2,125
Downloads (Last 6 weeks)201

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Han CKim TLee WShin Y(2024)S-ZAC: Hardening Access Control of Service Mesh Using Intel SGX for Zero Trust in CloudElectronics10.3390/electronics1316321313:16(3213)Online publication date: 14-Aug-2024
https://doi.org/10.3390/electronics13163213
Chen XHe SSun LZheng YWu C(2024)A Survey of Consortium Blockchain and Its ApplicationsCryptography10.3390/cryptography80200128:2(12)Online publication date: 22-Mar-2024
https://doi.org/10.3390/cryptography8020012
Yuan JZhang JQiu PWei XLiu D(2024)A Survey of of Side-Channel Attacks and Mitigation for Processor InterconnectsApplied Sciences10.3390/app1415669914:15(6699)Online publication date: 31-Jul-2024
https://doi.org/10.3390/app14156699
Lemieux VWerner J(2024)Protecting Privacy in Digital Records: The Potential of Privacy-Enhancing TechnologiesJournal on Computing and Cultural Heritage 10.1145/363347716:4(1-18)Online publication date: 8-Jan-2024
https://dl.acm.org/doi/10.1145/3633477
Yang XYang XLuo JYi XKhalil ILai SWu WZomaya A(2024)Towards Sustainable Trust: A Practical SGX Aided Anonymous Reputation SystemIEEE Transactions on Sustainable Computing10.1109/TSUSC.2023.33080819:1(88-99)Online publication date: Jan-2024
https://doi.org/10.1109/TSUSC.2023.3308081
Fei SYan ZXie HLiu G(2024)Sec-E2E: End-to-End Communication Security in LS-HetNets Based on BlockchainIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.330788411:1(761-778)Online publication date: Jan-2024
https://doi.org/10.1109/TNSE.2023.3307884
Xie HYan Z(2024)SPCEX: Secure and Privacy-preserving Cryptocurrency ExchangeIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3353541(1-14)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3353541
Cai YDing WXiao YYan ZLiu XWan Z(2024)SecFed: A Secure and Efficient Federated Learning Based on Multi-Key Homomorphic EncryptionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333697721:4(3817-3833)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3336977
Hou JLiu DHuang CZhuang WShen XSun RYing B(2024)Data Protection: Privacy-Preserving Data Collection With ValidationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332629921:4(3422-3438)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3326299
Takei YShudo K(2024)Pragmatic Analysis of Key Management for Cryptocurrency Custodians2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC59979.2024.10634356(747-765)Online publication date: 27-May-2024
https://doi.org/10.1109/ICBC59979.2024.10634356
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents