Font Size: a A A

Research On Microarchitectural Side-channel Attack Defenses For Trusted Execution Environments

Posted on:2023-11-26Degree:DoctorType:Dissertation
Country:ChinaCandidate:P ZhangFull Text:PDF
GTID:1528307043464944Subject:Cyberspace security
Abstract/Summary:
As a popular data protection technology,confidential computing is based on Trusted Execution Environments(TEEs)to provide security for data in use and exchange.It has become one of the critical technologies to address the trust gap between cloud service providers and users.However,attackers can bypass the protection of TEEs through microarchitectural side-channel attacks and steal users’ confidential data.Intel SGX(Software Guard e Xtensions)is the most widely deployed hardware TEE in cloud environments.SGX excludes privileged softwares from its trusted computing base,posing new side-channel threats.On the one hand,privileged attackers can launch stronger and finer-grained side-channel attacks in SGX by scheduling hardware resources,compared with traditional side-channel attacks.On the other hand,existing SGX side-channel defenses hardly balance security and efficiency since the code within SGX is in user mode,which has limited privileges.To address the above challenges and efficiently protect users’ secrets in SGX,this thesis studies the correlation between hardware,program behavior,and sensitive data in microarchitectural side-channel attacks and proposes two side-channel defense strategies,including a directed one and a global one.The directed one actively detects side-channel vulnerabilities and patches them,while the global side-channel defense is a universal solution that does not need to identify side-channel vulnerabilities.These two strategies can be used in a complementary manner to protect data within SGX efficiently.Regarding vulnerability detection for the directed side-channel defense,this thesis proposes Laevatain,a side-channel vulnerability detector based on trace differential technique.Its core idea is to analyze the correlation between a program’s secrets and its behavior by comparing different traces to identify side-channel vulnerabilities that cause secret leakages.Existing side-channel detection schemes have limitations in analyzing non-encrypted applications,such as high overheads,high false negatives,high false positives and low coverage.Laevatain employs various compiler optimizations to improve the performance of its trace collection and introduces a context-sensitive differential algorithm to identify side-channel vulnerabilities quickly and accurately.To reduce false positives,Laevatain also proposes a distance-oriented fuzzing framework to optimize seed selection and increase detection coverage.Evaluation results show that Laevatain has significantly improved the accuracy,coverage,and performance of side-channel vulnerability detection compared with similar work.In particular,its performance is improved by three orders of magnitude compared with similar work.Regarding vulnerability repair for the directed side-channel defense,this thesis proposes SC-Patcher,a side-channel vulnerability patcher based on atomic obfuscation.Its core idea is to encapsulate the detected vulnerabilities in a program as transactions and obfuscate the correlation between the program’s secrets and behavior by inserting additional operations into the transactions.To address the problems of existing schemes,such as the difficulties in patching,requiring professionalism,manual involvement,universality,and incomplete security,SC-Patcher innovatively combines hardware transaction with obfuscation.Specifically,SC-Patcher inserts dozens of dynamic obfuscated memory accesses into vulnerable code to hide its actual memory accesses.To avoid distinguishing real accesses from the obfuscated ones by fine-grained side-channel attacks,SC-Patcher encapsulates vulnerabilities and obfuscated operations into transactions to ensure that they are executed without interruptions at runtime.Evaluation results show that SC-Patcher is secure against side-channel attacks,and its performance overhead is negligible(less than 5%).In terms of the global side-channel defense,this thesis proposes Klotski,which is a defense based on obfuscated execution.Its core idea is to obfuscate the fixed mapping relationship between a program’s behavior and memory addresses by re-randomizing all of an enclave’s code and data pages at runtime.From a high level,Klotski emulates a secure memory subsystem with an enhanced ORAM(Oblivious RAM)protocol for re-randomization and employs several compilation optimizations to reduce the performance overhead caused by software-based address translation and mini-page replacement.Evaluation results show that Klotski only brings 1.3 times overhead to its test programs on average,which is much lower than previous solutions.In summary,this thesis proposes two side-channel defenses for TEE’s side-channel attacks,including a directed one and a global one.Both provide efficient protection for users’ confidential data from different perspectives.This thesis further enriches security in current cloud computing and confidential computing,and provides new ideas for cloud security.
Keywords/Search Tags:Confidential Computing, Trusted Execution Environment, Side-Channel, Side-Channel Defense, Vulnerability Detection, Vulnerability Repair, Oblivious RAM, Fuzzing
Related items