Enclave Security and Address-based Side Channels

Samuel Weiser

Publikation: StudienabschlussarbeitDissertation


Enclaves are a recent security technology for processors capable of safeguarding sensitive programs from malware and untrusted system operators alike. To understand the precise security properties of enclaves, we need more research. In this thesis, we study enclaves from two viewpoints. First, we take an outside perspective on the underlying hardware and effectively expand state-of-the-art enclave technology towards a broader range of application scenarios. Second, we inspect enclave's inner behavior with respect to side channels, showing novel attacks, and improving the automated search for unknown vulnerabilities.

For the first part of this thesis, we ask ourselves three questions: (i) How can enclaves securely interact with their (physical) environment? (ii) How can enclaves be realized on tiny resource-constrained devices? (iii) How can we prevent enclaves from running wild? For (i) we give theoretical results and show how a trusted hypervisor can provide secure enclave interaction in a generic way. Connecting enclaves with hypervisors yields subtle but fatal attack vectors, which we address by using a Trusted Platform Module. For (ii) we design and prototype enclaves on the open RISC-V architecture. Our system dubbed TIMBER-V makes use of a specially tagged memory to provide tighter integration and higher flexibility than comparable schemes. For (iii) we encapsulate enclaves themselves within a sandbox called SGXJail to contain potential misbehavior.

In the second part, we study side-channel attacks on enclaves with a focus on cryptographic software, again with three contributions. As shown by others, enclaves face stronger page-based side-channel attacks than previous systems. (i) We demonstrate that these attacks also directly affect the generation of cryptographic key material. To that end, we successfully attack RSA key generation in OpenSSL and provide patches to close the vulnerability. (ii) To automate side-channel analysis, we develop Differential Address Trace Analysis (DATA). DATA covers not only classical cache attacks but also fine granular single-instruction or single-byte leakage, which was believed impractical to exploit until very recently. DATA helped discover previously unknown leakage in OpenSSL. (iii) For a systematic study, we adapt DATA to detect leakage of secret nonces in DSA-like cryptosystems. Our analysis reveals known and several unknown vulnerabilities in all essential DSA computation steps of OpenSSL and others, many of which allow full key recovery. Our reports helped fix many of the issues.
QualifikationDoktor der Technik
Betreuer/-in / Berater/-in
  • Mangard, Stefan, Betreuer
Datum der Bewilligung26 Juni 2020
PublikationsstatusVeröffentlicht - Juni 2020


Untersuchen Sie die Forschungsthemen von „Enclave Security and Address-based Side Channels“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren