Projekte pro Jahr
Abstract
Load Value Injection (LVI) uses Meltdown-type data flows in Spectre-like confused-deputy attacks. LVI has been demonstrated in practical attacks on Intel SGX enclaves, and consequently, mitigations were deployed that incur tremendous overheads of factor 2 to 19. However, as we discover, on fixed hardware LVI-NULL leakage is still present. Hence, to mitigate LVI-NULL on SGX enclaves on LVI-fixed CPUs, the expensive mitigations would still be necessary.
In this paper, we propose a lightweight mitigation focused on LVI-NULL in SGX, LVI-NULLify. We systematically analyze and categorize LVI-NULL variants. Our analysis reveals that previously proposed mitigations targeting LVI-NULL are not effective. Our novel mitigation addresses this problem by repurposing segmentation, a fast legacy hardware mechanism that x86 already uses for every memory operation. LVI-NULLify consists of a modified SGX-SDK and a compiler extension which put the enclave in control of LVI-NULL-exploitable memory locations. We evaluate LVI-NULLify on the LVI-fixed Comet Lake CPU and observe a performance overhead below 10% for the worst case, which is substantially lower than previous defenses with a prohibitive overhead of 1220% in the worst case. We conclude that LVI-NULLify is a practical solution to protect SGX enclaves against LVI-NULL today.
In this paper, we propose a lightweight mitigation focused on LVI-NULL in SGX, LVI-NULLify. We systematically analyze and categorize LVI-NULL variants. Our analysis reveals that previously proposed mitigations targeting LVI-NULL are not effective. Our novel mitigation addresses this problem by repurposing segmentation, a fast legacy hardware mechanism that x86 already uses for every memory operation. LVI-NULLify consists of a modified SGX-SDK and a compiler extension which put the enclave in control of LVI-NULL-exploitable memory locations. We evaluate LVI-NULLify on the LVI-fixed Comet Lake CPU and observe a performance overhead below 10% for the worst case, which is substantially lower than previous defenses with a prohibitive overhead of 1220% in the worst case. We conclude that LVI-NULLify is a practical solution to protect SGX enclaves against LVI-NULL today.
Originalsprache | englisch |
---|---|
Titel | 31th USENIX Security Symposium (USENIX Security 22) |
Seitenumfang | 17 |
Publikationsstatus | Veröffentlicht - 10 Aug. 2022 |
Veranstaltung | 31st USENIX Security Symposium: USENIX Security 2022 - Boston, USA / Vereinigte Staaten Dauer: 10 Aug. 2022 → 12 Aug. 2022 Konferenznummer: 31 |
Konferenz
Konferenz | 31st USENIX Security Symposium |
---|---|
Kurztitel | USENIX '22 |
Land/Gebiet | USA / Vereinigte Staaten |
Ort | Boston |
Zeitraum | 10/08/22 → 12/08/22 |
Fingerprint
Untersuchen Sie die Forschungsthemen von „Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 2 Abgeschlossen
-
Leakage-Free - Hardware-Software Informationsflussanalyse für Leckagefreie Code-Generierung
Gruss, D. (Teilnehmer (Co-Investigator))
1/10/18 → 30/09/20
Projekt: Forschungsprojekt
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
Mangard, S. (Teilnehmer (Co-Investigator))
1/09/16 → 31/12/21
Projekt: Forschungsprojekt