This repository collects presentation material and source code for hands-on exercises part of a 3h tutorial taught at the 8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE18), held 2018 December 15, Kanpur, India.
The inclusion of the Software Guard eXtensions (SGX) in recent Intel processors has been broadly acclaimed for bringing strong hardware-enforced trusted computing guarantees to mass consumer devices, and for protecting end user data in an untrusted cloud environment. While SGX assumes a very strong attacker model and indeed even safeguards enclave secrets against a compromised operating system, recent research has demonstrated that considerable private data (e.g., full text and images, complete cryptographic keys) may still be reconstructed by monitoring subtle side-effects of the enclaved execution.
We argue that a systematic understanding of such side-channel leakage sources is essential for writing intrinsically secure enclave applications, and will be instrumental to the success of this new trusted execution technology. This tutorial and write-up therefore aims to bring a better understanding of current state-of-the-art side-channel attacks and defenses on Intel SGX platforms. Participants will learn how to extract data from elementary example applications, thereby recognizing how to avoid common pitfalls and information leakage sources in enclave development.
Jo Van Bulck, Frank Piessens "Tutorial: Uncovering and mitigating side-channel leakage in Intel SGX enclaves", 8th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE'18). December 2018.
This tutorial is aimed at a target audience of C programmers with an interest in security. The tutorial takes about three hours, with an equal split between lectures and practical exercises.
Note (SGX support). Since we do not assume that all participants have access to an SGX-capable Intel processor, plus linux-sgx toolchain, we made sure that all exercises have both an unprotected and enclaved version. For the SPACE2018 tutorial setting, we will provide SSH access to an SGX machine over the local network in order to test the enclaved version.
However, to keep pressure on the remote SSH SGX machine low, we strongly advise to first develop the unprotected attack scenario on your local x86 machine, before testing the enclaved version on the remote SGX machine via SSH. Once the unprotected version is working, it should be relatively straightforward to port the attack to an SGX setting.
Note (solutions). This git repository includes a
solutions
branch with working attack code for all of the exercises. If you want to solve
the exercise challenges on your own, you should of course only verify your
solutions after having implemented the attack yourself using the skeleton code
provided in the default master
branch.
Program | SGX enclave version | Description |
---|---|---|
001-pwd | 001-sgx-pwd | Basic timing side-channel attack. |
002-inc-secret | 002-sgx-inc-secret | Basic page fault side-channel attack. |
003-flush-and-reload | 003-sgx-flush-and-reload | Flush+Reload cache attack on unprotected memory. |
004-str | 004-sgx-str | More subtle page fault side-channel attack. |
005-rsa | 005-sgx-rsa | Page fault sequence side-channel attack. |
You are welcome to re-use all of the material in this repository for your own teaching (given appropriate credit). All exercise code is free software, licensed under GPLv3. Presentation material (slides) are released on a CC-BY basis.