Malware Guard Extension: abusing Intel SGX to conceal cache attacks

Michael Schwarz*, Samuel Weiser, Daniel Gruß, Clementine Lucie Noemie Maurice, Stefan Mangard

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. However, the hypervisor does not protect tenants against the cloud provider and thus, the supplied operating system and hardware. Intel SGX provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. In this paper, we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves. Our attack is the first malware running on real SGX hardware, abusing SGX protection features to conceal itself. Furthermore, we demonstrate our attack both in a native environment and across multiple Docker containers. We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive. The attack works, although in SGX enclaves, there are no timers, no large pages, no physical addresses, and no shared memory. In a semi-synchronous attack, we extract 96 % of an RSA private key from a single trace. We extract the full RSA private key in an automated attack from 11 traces within 5 min.
Original languageEnglish
Article number2
Number of pages20
Issue number1
Publication statusPublished - 1 Dec 2020


  • Intel SGX
  • Prime+Probe
  • Side channel
  • Side-channel attack

ASJC Scopus subject areas

  • Software
  • Artificial Intelligence
  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Malware Guard Extension: abusing Intel SGX to conceal cache attacks'. Together they form a unique fingerprint.

Cite this