Controlled Cache Attacks on Intel SGX
Degree: Bachelor, Master
Contact Person: Thomas Eisenbarth
Field of Research
Intel Software Guard Extension (SGX) is a Trusted Execution Environment (TEE) available on modern processors to protect runtime data and computation against any logical vulnerability; however, defense against side-channel attacks is not part of the threat model.
Various microarchitectural resources such as core-private caches or branch target buffer (BTB) can leak critical information from the SGX enclave runtime. The leaked information exposes critical data such as cryptographic keys and user data.
Project Scope
Resources such as the shared last level cache (LLC) and return stack buffer (RSB) have not been studied in a system level adversarial context. Side channel attacks on previously unexplored shared CPU resources raise new questions regarding the security of Intel SGX. Each microarchitectural resource is designed for a certain goal, and the quality of information it leaks varies. This project focusses on microarchitectural side channels in the context of a system level adversary. Potential directions include:
- Quantify and compare yet unexplored sources of leakage and show their exploitability
- Untap the full potential of monitoring LLC with its big size and resulting spatial resolution
Exploiting OS resources to properly adopt these features into an attack will provide more runtime information than previous attacks, allowing to target cryptographic operations with a single observation or targeting larger data such as analytic and data processing applications.
Why me?
Working on this project can provide the opportunity to publish at a Tier 1 or 2 conference in Computer Security and Cryptography. You will use and improve skills in:
- Cryptography and Side-channel analysis
- Modern Computer Microarchitecture
- Operating System internals and Linux Kernel Development
- Data Processing and Statistical Analysis.
Contact:
Thomas Eisenbarth
Institute for IT Security
thomas.eisenbarth(at)uni-luebeck.de